Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.03.2017, 09:35   #1
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Liebes Team,

am Dienstag hat sich mein Laptop durch Öffnen des zip-Anhangs einer Phishing-Mail mit Adware und vermutlich Trojanern infiziert. Symptome kann ich nicht beschreiben, da ich den PC recht zügig vom Internet getrennt habe. Über einen sauberen PC habe ich Passwörter geändert und Bereinigungstools zusammengestellt.


Folgendes habe ich bereits unternommen:

Scan mit Malewarbytes im abgesicherten Modus: 13 Bedrohungen mit Bezeichnung „Adware Chin.Ad“ in Quarantäne verschoben

Scan mit AdwCleaner im abgesicherten Modus: 45 Bedrohungen erfolgreich gelöscht

JRT Scan im abgesicherten Modus: 86 Files gelöscht

Erneuter Scan mit AdwCleaner ohne Fund

Scan mit TDSSKiller im abgesicherten Modus ohne Fund


Gestern ließ ich bereits ESET laufen, musste aber abbrechen aufgrund der Zeit. 28 Bedrohungen hatte er bereits erkannt. Heute morgen wollte ich den Scan vollständig machen, musste aber feststellen, dass der PC die Dateiefestplatte nicht mehr erkannte; ein Neustart behob das Problem.


Aktueller FRST-Log:


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von SYSTEM auf MININT-B55K94S (25-03-2017 09:09:26)
Gestartet von G:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11
Start-Modus: Recovery
Standard: ControlSet001
ACHTUNG!:=====> Wenn das System startfähig ist sollte FRST im normalen oder abgesicherten Modus ausgeführt werden, um ein vollständiges Ergebnis zu erhalten.

Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Alle) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [167704 2011-06-20] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [392472 2011-06-20] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [416024 2011-06-20] (Intel Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-15] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-02] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-19] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\System32\Userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-07-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [ForceActiveDesktopOn] 0
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
SecurityProviders: credssp.dll
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  Keine Datei
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  Keine Datei
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk ->  (Keine Datei)
BootExecute: autocheck autochk * sdnclean64.exe
AlternateShell: cmd.exe

==================== Dienste (Alle) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-02] (Adobe Systems Incorporated)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [82640 2016-12-19] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [271960 2017-03-15] (Adobe Systems Incorporated)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation)
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32768 2015-10-01] (Microsoft Corporation)
S3 Appinfo; C:\Windows\System32\appinfo.dll [70656 2015-06-15] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation)
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680960 2015-02-02] (Microsoft Corporation)
S2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680960 2015-02-02] (Microsoft Corporation)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
S2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation)
S2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation)
S3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation)
S4 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
S4 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [67224 2014-03-20] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [90776 2014-03-20] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation)
S3 CryptSvc; C:\Windows\system32\cryptsvc.dll [188416 2015-04-27] (Microsoft Corporation)
S3 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [143872 2015-04-27] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-10] (Dropbox, Inc.)
S2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
S2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
S2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation)
S3 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-07-13] (Microsoft Corporation)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation)
S3 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
S2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360 2011-06-30] (Dritek System Inc.)
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S3 EFS; C:\Windows\System32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated)
S2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation)
S2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation)
S2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation)
S4 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation)
S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [655624 2011-11-02] (Acresso Software Inc.)
S2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2015-11-10] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation)
S2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google)
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13592 2011-04-29] (Intel Corporation)
S4 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [859280 2014-06-30] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-11-08] (Microsoft Corporation)
S2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation)
S4 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
S4 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation)
S3 KeyIso; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S4 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation)
S2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation)
S2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
S3 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
S2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168 2011-02-01] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-19] (Malwarebytes)
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation)
S3 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [172488 2017-03-20] (Mozilla Foundation)
S2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation)
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
S4 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2015-06-15] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2015-06-15] (Microsoft Corporation)
S4 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
S3 Netlogon; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
S3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation)
S2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-05] (Microsoft Corporation)
S2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 nvsvc; C:\Windows\system32\nvvsvc.exe [884512 2013-06-21] (NVIDIA Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1826592 2013-05-16] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S4 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
S2 PcaSvc; C:\Windows\System32\pcasvc.dll [188416 2015-02-02] (Microsoft Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation)
S2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation)
S4 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
S4 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation)
S2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
S2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation)
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
S4 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
S2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
S2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation)
S2 SamSs; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S4 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
S2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2015-08-05] (Microsoft Corporation)
S4 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation)
S2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
S2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation)
S4 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
S4 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
S3 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
S3 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S4 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
S2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10] (Microsoft Corporation)
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation)
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1464096 2017-01-18] (Valve Corporation)
S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
S2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15] (Microsoft Corporation)
S4 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation)
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
S3 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [149504 2010-11-29] (Intel(R) Corporation)
S4 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
S2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280 2011-02-01] (Intel Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation)
S2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\system32\lsass.exe [31232 2015-10-19] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation)
S4 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [260096 2015-07-01] (Microsoft Corporation)
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [206848 2015-07-01] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
S4 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
S4 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
S2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2020352 2014-10-02] (Microsoft Corporation)
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1177088 2014-10-02] (Microsoft Corporation)
S2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
S3 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-28] (Microsoft Corp.)
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation)
S4 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
S4 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation)
S2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03] (Microsoft Corporation)
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)
S2 wuauserv; C:\Windows\system32\wuaueng.dll [2609152 2015-11-20] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation)
S4 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-14] (Avira Operations GmbH & Co. KG)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-14] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-12] (Avira Operations GmbH & Co. KG)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-23] ()
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-25] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-25] (Malwarebytes)
S0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-18] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-24 23:44 - 2017-03-24 23:57 - 00000000 ____D C:\users\TEMP
2017-03-24 12:51 - 2017-03-24 12:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 12:43 - 2017-03-24 12:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 12:39 - 2017-03-24 12:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 12:31 - 2017-03-24 12:31 - 00013808 _____ C:\Users\Mandragora\Desktop\JRT.txt
2017-03-24 12:26 - 2017-03-24 12:22 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-24 11:17 - 2017-03-25 00:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 11:17 - 2017-03-24 11:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 11:17 - 2017-03-24 11:17 - 00001343 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-24 11:17 - 2013-09-20 01:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2017-03-24 11:13 - 2017-03-24 11:13 - 00005627 _____ C:\Users\Mandragora\Desktop\AdwCleaner[C0].txt
2017-03-24 10:37 - 2017-03-24 08:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-24 10:37 - 2017-03-24 08:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mandragora\Desktop\spybot-2.4.40.exe
2017-03-24 10:37 - 2017-03-24 08:37 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-21 14:58 - 2017-03-25 09:09 - 00000000 ____D C:\FRST
2017-03-21 07:11 - 2017-03-21 07:11 - 00109259 _____ C:\Users\Mandragora\Desktop\TDSSKiller Report.alt.txt
2017-03-21 06:55 - 2017-03-21 07:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 06:54 - 2017-03-21 06:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 05:14 - 2017-03-25 00:01 - 00186304 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-03-21 05:14 - 2017-03-25 00:01 - 00082208 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-03-21 05:14 - 2017-03-25 00:01 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-03-21 05:14 - 2017-03-25 00:00 - 00251840 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-03-21 05:14 - 2017-03-21 05:44 - 00111544 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-03-21 05:13 - 2017-03-21 05:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 05:13 - 2017-03-21 05:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 05:13 - 2017-02-23 21:23 - 00077408 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-03-20 06:11 - 2017-03-20 06:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 06:07 - 2017-03-20 06:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 03:15 - 2017-03-14 09:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-10 15:17 - 2017-03-10 15:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2017-03-10 15:17 - 2017-03-10 15:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2017-03-10 15:17 - 2017-03-10 15:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2017-03-10 15:17 - 2017-03-10 15:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-25 00:02 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-25 00:01 - 2009-07-13 20:45 - 00024400 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-25 00:01 - 2009-07-13 20:45 - 00024400 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 00:00 - 2016-06-04 06:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-24 23:59 - 2015-08-15 23:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-24 23:59 - 2012-01-06 10:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-24 23:58 - 2016-02-06 08:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-24 23:58 - 2013-06-13 00:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-24 23:58 - 2013-06-02 12:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-24 23:56 - 2011-11-02 18:28 - 00699682 _____ C:\Windows\System32\perfh007.dat
2017-03-24 23:56 - 2011-11-02 18:28 - 00149790 _____ C:\Windows\System32\perfc007.dat
2017-03-24 23:56 - 2009-07-13 21:13 - 01620684 _____ C:\Windows\System32\PerfStringBackup.INI
2017-03-24 23:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-03-24 23:54 - 2015-02-09 04:06 - 00000000 ____D C:\AdwCleaner
2017-03-24 23:49 - 2015-07-18 07:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-24 23:42 - 2016-02-06 08:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-24 14:36 - 2014-08-04 03:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 12:59 - 2016-02-06 08:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-24 12:58 - 2016-02-06 08:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 12:39 - 2015-02-09 02:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 11:09 - 2016-11-18 01:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 11:09 - 2012-04-22 12:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 10:43 - 2012-01-07 17:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 08:17 - 2013-05-29 05:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 07:08 - 2014-08-05 01:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-21 06:49 - 2016-11-19 00:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-21 05:13 - 2012-01-06 09:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 05:12 - 2016-10-26 02:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-21 05:05 - 2016-11-18 11:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 05:05 - 2012-05-08 02:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 06:08 - 2012-02-19 14:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 06:07 - 2012-02-19 14:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 06:07 - 2012-01-06 08:29 - 00000000 ____D C:\users\Mandragora
2017-03-16 10:01 - 2016-02-29 13:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 04:14 - 2016-11-25 13:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 02:02 - 2013-03-19 01:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 02:02 - 2013-03-19 01:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 02:02 - 2013-03-19 01:31 - 00000000 ____D C:\Windows\System32\Macromed
2017-03-15 02:02 - 2011-08-11 23:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 02:02 - 2011-08-11 23:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 03:49 - 2014-08-18 09:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 11:55 - 2016-01-15 12:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 13:13 - 2016-02-06 08:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 12:44 - 2013-04-09 06:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-06 14:07 - 2014-03-04 06:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm
2017-02-25 10:12 - 2012-01-07 07:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll


Einige Dateien in TEMP:
====================
2013-01-28 14:20 - 2013-01-28 14:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 09:04 - 2012-01-06 09:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 13:47 - 2005-10-18 13:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-06 14:41 - 2005-10-10 13:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 03:40 - 2014-08-05 01:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 09:15 - 2015-11-12 09:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-04-30 14:06 - 2015-11-12 09:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-04-30 14:06 - 2015-11-12 09:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 09:03 - 2012-01-06 09:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 10:53 - 2012-10-10 10:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 01:24 - 2014-07-16 01:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 01:24 - 2014-07-16 01:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 01:39 - 2012-04-08 01:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 02:32 - 2007-06-03 12:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 02:37 - 2005-10-18 13:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 03:01 - 2001-10-11 03:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-28 17:30 - 2001-09-28 17:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 13:44 - 2004-08-18 00:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 01:34 - 2013-03-19 01:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 10:04 - 2012-01-06 10:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 02:32 - 2007-06-03 12:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 02:41 - 2005-09-18 05:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 08:59 - 2003-10-06 10:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 08:59 - 2003-10-06 10:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 10:14 - 2012-03-26 10:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 03:43 - 2013-04-02 03:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 06:53 - 2012-03-09 06:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 00:33 - 2015-01-25 12:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 03:43 - 2014-08-04 03:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 01:24 - 2014-07-16 01:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 01:24 - 2014-07-16 01:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 08:59 - 2003-10-06 10:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 09:00 - 2014-08-12 11:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 11:39 - 2015-05-03 11:40 - 36124056 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 09:52 - 2015-11-04 09:53 - 39228760 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 00:16 - 2017-02-28 00:18 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 02:19 - 2016-03-25 02:21 - 40830448 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 01:11 - 2016-08-09 01:11 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 08:47 - 2016-06-30 08:48 - 41478784 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 10:53 - 2012-10-10 10:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 13:08 - 2009-03-28 13:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 13:44 - 2004-08-18 00:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 13:44 - 2004-08-18 00:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 09:04 - 2012-01-06 09:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe

==================== Known DLLs (Nicht auf der Ausnahmeliste) =========================


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\System32\winlogon.exe => MD5 ist legitim
C:\Windows\System32\wininit.exe => MD5 ist legitim
C:\Windows\SysWOW64\wininit.exe => MD5 ist legitim
C:\Windows\explorer.exe => MD5 ist legitim
C:\Windows\SysWOW64\explorer.exe => MD5 ist legitim
C:\Windows\System32\svchost.exe => MD5 ist legitim
C:\Windows\SysWOW64\svchost.exe => MD5 ist legitim
C:\Windows\System32\services.exe => MD5 ist legitim
C:\Windows\System32\User32.dll => MD5 ist legitim
C:\Windows\SysWOW64\User32.dll => MD5 ist legitim
C:\Windows\System32\userinit.exe => MD5 ist legitim
C:\Windows\SysWOW64\userinit.exe => MD5 ist legitim
C:\Windows\System32\rpcss.dll => MD5 ist legitim
C:\Windows\System32\dnsapi.dll => MD5 ist legitim
C:\Windows\SysWOW64\dnsapi.dll => MD5 ist legitim
C:\Windows\System32\Drivers\volsnap.sys => MD5 ist legitim

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============


==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkt Datum: 2017-03-10 03:52
Wiederherstellungspunkt Datum: 2017-03-17 03:21
Wiederherstellungspunkt Datum: 2017-03-22 11:45
Wiederherstellungspunkt Datum: 2017-03-24 13:06

==================== Speicherinformationen =========================== 

Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 3201.63 MB
Summe virtueller Speicher: 3946.06 MB
Verfügbarer virtueller Speicher: 3197.14 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:116.07 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:18 GB) (Free:3.33 GB) NTFS
Drive g: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.45 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)

LastRegBack: 2017-03-17 03:24

==================== Ende von FRST.txt ============================
         
--- --- ---



Addition:

Code:
ATTFilter
 Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (21-03-2017 15:28:07)
Gestartet von E:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Safe Mode (minimal)
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version:  - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version:  - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version:  - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\Flux) (Version:  - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version:  - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version:  - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version:  - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version:  - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe  <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe 
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe  <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {878E6941-0A1E-41E1-8876-4D566C9ECF23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-11-23] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-03-21 14:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-910591887-2798395287-988946140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03212017152000318\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{8D24CF49-CF38-468F-9D4F-16CA23E8B810}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

02-03-2017 11:53:33 Windows Update
10-03-2017 12:51:12 Windows Update
17-03-2017 12:20:57 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/21/2017 03:20:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/21/2017 02:43:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/21/2017 02:33:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/21/2017 02:06:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/20/2017 09:53:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 52.0.0.6270, Zeitstempel: 0x58b88eeb
Name des fehlerhaften Moduls: mozglue.dll, Version: 52.0.0.6270, Zeitstempel: 0x58b88a72
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000f775
ID des fehlerhaften Prozesses: 0xf0c
Startzeit der fehlerhaften Anwendung: 0x01d2a0d9af4f8acf
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Berichtskennung: 54623b41-0daf-11e7-ad90-dc0ea103d22b

Error: (03/20/2017 06:26:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x3128
Startzeit der fehlerhaften Anwendung: 0x01d2a19d726ee7fa
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 67569e02-0d92-11e7-ad90-dc0ea103d22b

Error: (03/20/2017 06:13:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x20f0
Startzeit der fehlerhaften Anwendung: 0x01d2a19d08822e8d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 7c9ab445-0d90-11e7-ad90-dc0ea103d22b

Error: (03/20/2017 06:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x2afc
Startzeit der fehlerhaften Anwendung: 0x01d2a19cdf21fe25
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 3bbd4af0-0d90-11e7-ad90-dc0ea103d22b

Error: (03/20/2017 06:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00190ecb
ID des fehlerhaften Prozesses: 0x25bc
Startzeit der fehlerhaften Anwendung: 0x01d2a19c4582a3bc
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: 1517d7f3-0d90-11e7-ad90-dc0ea103d22b

Error: (03/19/2017 06:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Name des fehlerhaften Moduls: DKII.exe, Version: 0.0.0.0, Zeitstempel: 0x31313931
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00194a9a
ID des fehlerhaften Prozesses: 0x31f0
Startzeit der fehlerhaften Anwendung: 0x01d2a0d3d0179734
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Bullfrog\Dungeon Keeper II\DKII.exe
Berichtskennung: acc7d623-0ccb-11e7-ad90-dc0ea103d22b


Systemfehler:
=============
Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (03/21/2017 03:19:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (03/21/2017 03:19:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/21/2017 03:19:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: Bei DCOM ist der Fehler "1084" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/21/2017 03:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.

Error: (03/21/2017 03:19:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 2918.44 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 6944.75 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:117.55 GB) NTFS
Drive e: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.85 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         

Ich bin dankbar für jede Hilfe und hoffe, dass sich etwas machen lässt.

Liebe Grüße,
Hexx

Geändert von Hexx_ (25.03.2017 um 10:23 Uhr)

Alt 25.03.2017, 14:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Warum wurde FRST nicht im normalen Modus gemacht?


Zitat:
Scan mit Malewarbytes im abgesicherten Modus: 13 Bedrohungen mit Bezeichnung „Adware Chin.Ad“ in Quarantäne verschoben
Scan mit AdwCleaner im abgesicherten Modus: 45 Bedrohungen erfolgreich gelöscht
JRT Scan im abgesicherten Modus: 86 Files gelöscht
Erneuter Scan mit AdwCleaner ohne Fund
Scan mit TDSSKiller im abgesicherten Modus ohne Fund
Nacherzählungen wollen wir eigentlich nicht lesen, sondern die Logs.
__________________

__________________

Alt 25.03.2017, 15:40   #3
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Hallo cosinus und vielen Dank schonmal für deine schnelle Antwort

Ich habe die Tools im abgesicherten Modus ausgeführt, weil ich dachte, es sei so sicherer.


Hier die Logs:


TDSSKiller

Code:
ATTFilter
15:55:26.0813 0x074c  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
15:55:38.0017 0x074c  ============================================================
15:55:38.0017 0x074c  Current date / time: 2017/03/21 15:55:38.0017
15:55:38.0017 0x074c  SystemInfo:
15:55:38.0017 0x074c  
15:55:38.0017 0x074c  OS Version: 6.1.7601 ServicePack: 1.0
15:55:38.0017 0x074c  Product type: Workstation
15:55:38.0018 0x074c  ComputerName: ACERASPIRE
15:55:38.0019 0x074c  UserName: Mandragora
15:55:38.0019 0x074c  Windows directory: C:\Windows
15:55:38.0019 0x074c  System windows directory: C:\Windows
15:55:38.0019 0x074c  Running under WOW64
15:55:38.0019 0x074c  Processor architecture: Intel x64
15:55:38.0019 0x074c  Number of processors: 4
15:55:38.0019 0x074c  Page size: 0x1000
15:55:38.0019 0x074c  Boot type: Normal boot
15:55:38.0019 0x074c  CodeIntegrityOptions = 0x00000001
15:55:38.0019 0x074c  ============================================================
15:55:39.0963 0x074c  KLMD registered as C:\Windows\system32\drivers\30382229.sys
15:55:39.0963 0x074c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.19045, osProperties = 0x1
15:55:41.0413 0x074c  System UUID: {EB296025-599C-D117-E978-4BAA8C6F6251}
15:55:43.0116 0x074c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:43.0126 0x074c  ============================================================
15:55:43.0126 0x074c  \Device\Harddisk0\DR0:
15:55:43.0126 0x074c  MBR partitions:
15:55:43.0126 0x074c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
15:55:43.0126 0x074c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
15:55:43.0126 0x074c  ============================================================
15:55:43.0172 0x074c  C: <-> \Device\Harddisk0\DR0\Partition2
15:55:43.0172 0x074c  ============================================================
15:55:43.0173 0x074c  Initialize success
15:55:43.0173 0x074c  ============================================================
15:56:17.0724 0x0cf4  ============================================================
15:56:17.0724 0x0cf4  Scan started
15:56:17.0724 0x0cf4  Mode: Manual; SigCheck; TDLFS; 
15:56:17.0724 0x0cf4  ============================================================
15:56:17.0724 0x0cf4  KSN ping started
15:56:21.0744 0x0cf4  KSN ping finished: true
15:56:24.0402 0x0cf4  ================ Scan system memory ========================
15:56:24.0402 0x0cf4  System memory - ok
15:56:24.0404 0x0cf4  ================ Scan services =============================
15:56:24.0709 0x0cf4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:56:25.0241 0x0cf4  1394ohci - ok
15:56:26.0126 0x0cf4  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
15:56:26.0242 0x0cf4  acedrv11 - ok
15:56:26.0341 0x0cf4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:56:26.0405 0x0cf4  ACPI - ok
15:56:26.0461 0x0cf4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:56:26.0737 0x0cf4  AcpiPmi - ok
15:56:26.0952 0x0cf4  [ 4BA3BFF03B1A10E49B590BE3C4D79C10, 54D0159ACD6FB93EE08CBB2C7BA13DC3ECD131EE26E07E53040FB3976CC4FBAE ] AdobeActiveFileMonitor12.0 C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
15:56:27.0019 0x0cf4  AdobeActiveFileMonitor12.0 - ok
15:56:27.0323 0x0cf4  [ 52997B1282BDAFC4275874B8990F9BE3, CFC4CD1EA75ADFC94E0B5623DDBBE38FC72162217DBEDB07EF5243CE5EEBEA4E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:27.0379 0x0cf4  AdobeARMservice - ok
15:56:27.0746 0x0cf4  [ 7EB7A3B01751889C6459C51A74CC87FA, 088EF5CA10D439905822A3DFFEFD2D3416198F10EAAF8C235771CDB3DF86E82C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:27.0827 0x0cf4  AdobeFlashPlayerUpdateSvc - ok
15:56:27.0910 0x0cf4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:56:28.0006 0x0cf4  adp94xx - ok
15:56:28.0070 0x0cf4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:56:28.0146 0x0cf4  adpahci - ok
15:56:28.0217 0x0cf4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:56:28.0293 0x0cf4  adpu320 - ok
15:56:28.0341 0x0cf4  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:56:28.0493 0x0cf4  AeLookupSvc - ok
15:56:28.0639 0x0cf4  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
15:56:28.0794 0x0cf4  AFD - ok
15:56:28.0879 0x0cf4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:56:29.0071 0x0cf4  agp440 - ok
15:56:29.0149 0x0cf4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:56:29.0382 0x0cf4  ALG - ok
15:56:29.0477 0x0cf4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:56:29.0571 0x0cf4  aliide - ok
15:56:29.0628 0x0cf4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:56:29.0712 0x0cf4  amdide - ok
15:56:29.0800 0x0cf4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:56:29.0926 0x0cf4  AmdK8 - ok
15:56:29.0977 0x0cf4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:56:30.0093 0x0cf4  AmdPPM - ok
15:56:30.0157 0x0cf4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:56:30.0212 0x0cf4  amdsata - ok
15:56:30.0294 0x0cf4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:56:30.0350 0x0cf4  amdsbs - ok
15:56:30.0393 0x0cf4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:56:30.0454 0x0cf4  amdxata - ok
15:56:30.0925 0x0cf4  [ 98D7647EF729503A60EF870DA5C21D0D, 7E36E8E3D9D0BD940DC225E1DB7EFD90F76F7BE8DCAD9782255556C31D6FD476 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:56:31.0108 0x0cf4  AntiVirMailService - ok
15:56:31.0273 0x0cf4  [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:56:31.0377 0x0cf4  AntiVirSchedulerService - ok
15:56:31.0529 0x0cf4  [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:56:31.0619 0x0cf4  AntiVirService - ok
15:56:31.0882 0x0cf4  [ F2B26CD2305E917B1EA1BF49E0C59E31, 8CCE64C68B80D56C7604DB6ABD187F66C624462328F4886C607F0A46D8E9DE92 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:56:32.0094 0x0cf4  AntiVirWebService - ok
15:56:32.0166 0x0cf4  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
15:56:32.0266 0x0cf4  AppID - ok
15:56:32.0290 0x0cf4  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:56:32.0406 0x0cf4  AppIDSvc - ok
15:56:32.0483 0x0cf4  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
15:56:32.0586 0x0cf4  Appinfo - ok
15:56:32.0629 0x0cf4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:56:32.0703 0x0cf4  arc - ok
15:56:32.0734 0x0cf4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:56:32.0789 0x0cf4  arcsas - ok
15:56:32.0973 0x0cf4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:56:33.0311 0x0cf4  aspnet_state - ok
15:56:33.0369 0x0cf4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:33.0732 0x0cf4  AsyncMac - ok
15:56:33.0784 0x0cf4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:56:33.0853 0x0cf4  atapi - ok
15:56:34.0188 0x0cf4  [ 956BC6EB96AA09478BD897AF8DF55A62, 07221CE77A08BF44AEEC5B65BD9991920853DD69592FFEAF86A63B70DB988796 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:56:34.0628 0x0cf4  athr - ok
15:56:34.0723 0x0cf4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:56:35.0052 0x0cf4  AudioEndpointBuilder - ok
15:56:35.0125 0x0cf4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:56:35.0262 0x0cf4  AudioSrv - ok
15:56:35.0351 0x0cf4  [ 8369A6E2611D2BA79871B655A650DE59, 101C8C660F0720CAF501EE108209C792933F6907B1A15321ADDE7C247BDA8211 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:56:35.0482 0x0cf4  avgntflt - ok
15:56:35.0595 0x0cf4  [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
15:56:35.0705 0x0cf4  avgtp - ok
15:56:35.0795 0x0cf4  [ 5FEFD9961A750C395D3A6AD1985B05B2, 31C3B9EDE4C49ED433BE19CD6A1B74F54947FC1DCA3886A83A281F6E8CA02FF0 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:56:35.0882 0x0cf4  avipbb - ok
15:56:36.0025 0x0cf4  [ 2AEE4D1D7E668F1CCF97EDE93509B0EE, B082B3BBB27D3C8B26A754508C3B98BA803FEA707898FF18A120D6A2679098DF ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
15:56:36.0149 0x0cf4  Avira.ServiceHost - ok
15:56:36.0247 0x0cf4  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:56:36.0309 0x0cf4  avkmgr - ok
15:56:36.0369 0x0cf4  [ 138A53D17B040F5A3A307D44A89D0905, AD212E430F2DE43F037BECF6A46FCD53270A5EE11427030C7D5CBC3EAAAAA029 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
15:56:36.0460 0x0cf4  avnetflt - ok
15:56:36.0517 0x0cf4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:56:36.0737 0x0cf4  AxInstSV - ok
15:56:36.0802 0x0cf4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:56:36.0927 0x0cf4  b06bdrv - ok
15:56:36.0991 0x0cf4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:37.0093 0x0cf4  b57nd60a - ok
15:56:37.0130 0x0cf4  [ A424CB46A145E5AABF15621550976DF2, B6CA183FD5ED72237D2DC1F599FD04A066C06A717A2CF63AF08D3AA0A227D7BA ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
15:56:37.0175 0x0cf4  b57xdbd - ok
15:56:37.0198 0x0cf4  [ BE4E6FD5A898812B85D5817AD9754A9F, 46A7C80283BE53F43A0D73DA3338461024DD002A7CF43660F9C7D640E0C72876 ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
15:56:37.0249 0x0cf4  b57xdmp - ok
15:56:37.0290 0x0cf4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:56:37.0378 0x0cf4  BDESVC - ok
15:56:37.0426 0x0cf4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:56:37.0533 0x0cf4  Beep - ok
15:56:37.0604 0x0cf4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:56:37.0725 0x0cf4  BFE - ok
15:56:37.0795 0x0cf4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:56:38.0100 0x0cf4  BITS - ok
15:56:38.0158 0x0cf4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:56:38.0221 0x0cf4  blbdrive - ok
15:56:38.0254 0x0cf4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:56:38.0324 0x0cf4  bowser - ok
15:56:38.0365 0x0cf4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:56:38.0423 0x0cf4  BrFiltLo - ok
15:56:38.0427 0x0cf4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:56:38.0478 0x0cf4  BrFiltUp - ok
15:56:38.0555 0x0cf4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:56:38.0632 0x0cf4  Browser - ok
15:56:38.0726 0x0cf4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:56:38.0822 0x0cf4  Brserid - ok
15:56:38.0859 0x0cf4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:38.0929 0x0cf4  BrSerWdm - ok
15:56:38.0952 0x0cf4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:39.0009 0x0cf4  BrUsbMdm - ok
15:56:39.0088 0x0cf4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:39.0137 0x0cf4  BrUsbSer - ok
15:56:39.0209 0x0cf4  [ 0970D8B7151E9113BF8D44CE2E954DF7, D467DFFA1668F3BE29620154A13867568C25211ED823BE6A220D2DEE7E3A1278 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
15:56:39.0245 0x0cf4  bScsiMSa - ok
15:56:39.0294 0x0cf4  [ 0C1EEE5AF32402D306874B110DE237EC, B0FE0F3B6A1E2C003E6F4B6330601C43126881262B328D7DD93AC2C0B714DC86 ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
15:56:39.0320 0x0cf4  bScsiSDa - ok
15:56:39.0357 0x0cf4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:56:39.0425 0x0cf4  BTHMODEM - ok
15:56:39.0469 0x0cf4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:56:39.0555 0x0cf4  bthserv - ok
15:56:39.0652 0x0cf4  c2cautoupdatesvc - ok
15:56:39.0656 0x0cf4  c2cpnrsvc - ok
15:56:39.0710 0x0cf4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:56:39.0849 0x0cf4  cdfs - ok
15:56:39.0992 0x0cf4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:56:40.0112 0x0cf4  cdrom - ok
15:56:40.0185 0x0cf4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:56:40.0339 0x0cf4  CertPropSvc - ok
15:56:40.0405 0x0cf4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:56:40.0530 0x0cf4  circlass - ok
15:56:40.0643 0x0cf4  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
15:56:40.0719 0x0cf4  CLFS - ok
15:56:40.0846 0x0cf4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:40.0900 0x0cf4  clr_optimization_v2.0.50727_32 - ok
15:56:40.0973 0x0cf4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:41.0023 0x0cf4  clr_optimization_v2.0.50727_64 - ok
15:56:41.0119 0x0cf4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:41.0356 0x0cf4  clr_optimization_v4.0.30319_32 - ok
15:56:41.0415 0x0cf4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:41.0689 0x0cf4  clr_optimization_v4.0.30319_64 - ok
15:56:41.0802 0x0cf4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:56:41.0925 0x0cf4  CmBatt - ok
15:56:41.0983 0x0cf4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:56:42.0062 0x0cf4  cmdide - ok
15:56:42.0132 0x0cf4  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:56:42.0217 0x0cf4  CNG - ok
15:56:42.0353 0x0cf4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:56:42.0409 0x0cf4  Compbatt - ok
15:56:42.0471 0x0cf4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:56:42.0581 0x0cf4  CompositeBus - ok
15:56:42.0654 0x0cf4  COMSysApp - ok
15:56:42.0703 0x0cf4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:56:42.0781 0x0cf4  crcdisk - ok
15:56:42.0885 0x0cf4  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:56:42.0979 0x0cf4  CryptSvc - ok
15:56:43.0183 0x0cf4  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
15:56:43.0274 0x0cf4  dbupdate - ok
15:56:43.0361 0x0cf4  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
15:56:43.0463 0x0cf4  dbupdatem - ok
15:56:43.0557 0x0cf4  dbx - ok
15:56:43.0606 0x0cf4  [ 5B7A202DECF962A6C9A2E759551BF05E, 6BA11F7728C0A13EA4B6EF478584AE0117BA5909346FF6FE20308674F34701D7 ] DbxSvc          C:\Windows\system32\DbxSvc.exe
15:56:43.0707 0x0cf4  DbxSvc - ok
15:56:43.0863 0x0cf4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:56:44.0086 0x0cf4  DcomLaunch - ok
15:56:44.0144 0x0cf4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:56:44.0351 0x0cf4  defragsvc - ok
15:56:44.0395 0x0cf4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:56:44.0596 0x0cf4  DfsC - ok
15:56:44.0684 0x0cf4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:56:44.0840 0x0cf4  Dhcp - ok
15:56:44.0896 0x0cf4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:56:45.0084 0x0cf4  discache - ok
15:56:45.0208 0x0cf4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:56:45.0314 0x0cf4  Disk - ok
15:56:45.0364 0x0cf4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:56:45.0496 0x0cf4  Dnscache - ok
15:56:45.0533 0x0cf4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:56:45.0659 0x0cf4  dot3svc - ok
15:56:45.0696 0x0cf4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:56:45.0814 0x0cf4  DPS - ok
15:56:45.0898 0x0cf4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:56:46.0003 0x0cf4  drmkaud - ok
15:56:46.0394 0x0cf4  [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
15:56:46.0494 0x0cf4  DsiWMIService - ok
15:56:46.0682 0x0cf4  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:56:46.0851 0x0cf4  DXGKrnl - ok
15:56:46.0894 0x0cf4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:56:47.0061 0x0cf4  EapHost - ok
15:56:47.0462 0x0cf4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:56:48.0042 0x0cf4  ebdrv - ok
15:56:48.0111 0x0cf4  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
15:56:48.0269 0x0cf4  EFS - ok
15:56:48.0409 0x0cf4  [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
15:56:48.0558 0x0cf4  EgisTec Ticket Service - ok
15:56:48.0758 0x0cf4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:56:48.0977 0x0cf4  ehRecvr - ok
15:56:49.0038 0x0cf4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:56:49.0127 0x0cf4  ehSched - ok
15:56:49.0260 0x0cf4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:56:49.0375 0x0cf4  elxstor - ok
15:56:49.0616 0x0cf4  [ 48425C93B6F36529707206E4FA680CF3, 328BD59DEDFAD359EF79CCFBC2AD3E9C95657EC616AE0611F5EFEB34B810692A ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
15:56:49.0738 0x0cf4  ePowerSvc - ok
15:56:49.0765 0x0cf4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:56:49.0851 0x0cf4  ErrDev - ok
15:56:49.0963 0x0cf4  [ ACB81E9F20882D2D2BEC7FF626E090AE, AC0329CFFD4429303B9484A3BB3E9CAE4FC937B66A62A9194C39CCD5012328F1 ] ESProtectionDriver C:\Windows\system32\drivers\mbae64.sys
15:56:50.0022 0x0cf4  ESProtectionDriver - ok
15:56:50.0074 0x0cf4  [ DBAA0C650C9549DC5C599D1E81DEDAAD, C8DF68CDACEF27C91CFD1FE8032A8DAF830D9E77C573C25DE5D41FC3DB824ABA ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
15:56:50.0154 0x0cf4  ETD - ok
15:56:50.0256 0x0cf4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:56:50.0400 0x0cf4  EventSystem - ok
15:56:50.0441 0x0cf4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:56:50.0574 0x0cf4  exfat - ok
15:56:50.0619 0x0cf4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:56:50.0733 0x0cf4  fastfat - ok
15:56:50.0818 0x0cf4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:56:50.0938 0x0cf4  Fax - ok
15:56:51.0031 0x0cf4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:56:51.0094 0x0cf4  fdc - ok
15:56:51.0158 0x0cf4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:56:51.0273 0x0cf4  fdPHost - ok
15:56:51.0324 0x0cf4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:56:51.0530 0x0cf4  FDResPub - ok
15:56:51.0558 0x0cf4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:56:51.0612 0x0cf4  FileInfo - ok
15:56:51.0647 0x0cf4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:56:51.0807 0x0cf4  Filetrace - ok
15:56:51.0964 0x0cf4  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:56:52.0152 0x0cf4  FLEXnet Licensing Service - ok
15:56:52.0203 0x0cf4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:56:52.0329 0x0cf4  flpydisk - ok
15:56:52.0388 0x0cf4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:56:52.0478 0x0cf4  FltMgr - ok
15:56:52.0664 0x0cf4  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
15:56:52.0893 0x0cf4  FontCache - ok
15:56:52.0992 0x0cf4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:56:53.0057 0x0cf4  FontCache3.0.0.0 - ok
15:56:53.0106 0x0cf4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:56:53.0171 0x0cf4  FsDepends - ok
15:56:53.0209 0x0cf4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:56:53.0269 0x0cf4  Fs_Rec - ok
15:56:53.0363 0x0cf4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:56:53.0449 0x0cf4  fvevol - ok
15:56:53.0489 0x0cf4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:56:53.0567 0x0cf4  gagp30kx - ok
15:56:53.0663 0x0cf4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:56:53.0841 0x0cf4  gpsvc - ok
15:56:53.0910 0x0cf4  [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
15:56:53.0963 0x0cf4  GREGService - ok
15:56:54.0085 0x0cf4  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:56:54.0204 0x0cf4  gusvc - ok
15:56:54.0250 0x0cf4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:56:54.0415 0x0cf4  hcw85cir - ok
15:56:54.0510 0x0cf4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:56:54.0622 0x0cf4  HdAudAddService - ok
15:56:54.0664 0x0cf4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:56:54.0766 0x0cf4  HDAudBus - ok
15:56:54.0801 0x0cf4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:56:54.0896 0x0cf4  HidBatt - ok
15:56:54.0923 0x0cf4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:56:55.0027 0x0cf4  HidBth - ok
15:56:55.0075 0x0cf4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:56:55.0164 0x0cf4  HidIr - ok
15:56:55.0192 0x0cf4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:56:55.0362 0x0cf4  hidserv - ok
15:56:55.0482 0x0cf4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:56:55.0634 0x0cf4  HidUsb - ok
15:56:55.0703 0x0cf4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:56:56.0024 0x0cf4  hkmsvc - ok
15:56:56.0182 0x0cf4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:56:56.0545 0x0cf4  HomeGroupListener - ok
15:56:56.0649 0x0cf4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:56:56.0785 0x0cf4  HomeGroupProvider - ok
15:56:56.0881 0x0cf4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:56:56.0963 0x0cf4  HpSAMD - ok
15:56:57.0136 0x0cf4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:56:57.0419 0x0cf4  HTTP - ok
15:56:57.0494 0x0cf4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:56:57.0542 0x0cf4  hwpolicy - ok
15:56:57.0613 0x0cf4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:56:57.0729 0x0cf4  i8042prt - ok
15:56:57.0865 0x0cf4  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
15:56:57.0997 0x0cf4  iaStor - ok
15:56:58.0200 0x0cf4  [ E79A8E33BD136D14BAE1FA20EB2EF124, 54AD784570282FEF21021BE76C57EE878EC6FF6423CE2FFC3A4372AF6C3112D4 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:56:58.0274 0x0cf4  IAStorDataMgrSvc - ok
15:56:58.0461 0x0cf4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:56:58.0562 0x0cf4  iaStorV - ok
15:56:58.0749 0x0cf4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:56:59.0074 0x0cf4  idsvc - ok
15:56:59.0127 0x0cf4  IEEtwCollectorService - ok
15:57:02.0083 0x0cf4  [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:57:04.0100 0x0cf4  igfx - ok
15:57:04.0189 0x0cf4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:57:04.0310 0x0cf4  iirsp - ok
15:57:04.0446 0x0cf4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:57:04.0631 0x0cf4  IKEEXT - ok
15:57:05.0119 0x0cf4  [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:57:05.0833 0x0cf4  IntcAzAudAddService - ok
15:57:06.0256 0x0cf4  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:57:06.0542 0x0cf4  IntcDAud - ok
15:57:06.0599 0x0cf4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:57:06.0670 0x0cf4  intelide - ok
15:57:06.0780 0x0cf4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:57:06.0888 0x0cf4  intelppm - ok
15:57:06.0991 0x0cf4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:57:07.0232 0x0cf4  IPBusEnum - ok
15:57:07.0386 0x0cf4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:07.0564 0x0cf4  IpFilterDriver - ok
15:57:07.0667 0x0cf4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:57:07.0871 0x0cf4  iphlpsvc - ok
15:57:07.0903 0x0cf4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:57:07.0967 0x0cf4  IPMIDRV - ok
15:57:08.0029 0x0cf4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:57:08.0189 0x0cf4  IPNAT - ok
15:57:08.0253 0x0cf4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:57:08.0355 0x0cf4  IRENUM - ok
15:57:08.0452 0x0cf4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:57:08.0516 0x0cf4  isapnp - ok
15:57:08.0605 0x0cf4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:57:08.0678 0x0cf4  iScsiPrt - ok
15:57:08.0806 0x0cf4  [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:57:08.0906 0x0cf4  k57nd60a - ok
15:57:08.0957 0x0cf4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:08.0997 0x0cf4  kbdclass - ok
15:57:09.0067 0x0cf4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:57:09.0142 0x0cf4  kbdhid - ok
15:57:09.0168 0x0cf4  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
15:57:09.0210 0x0cf4  KeyIso - ok
15:57:09.0288 0x0cf4  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:57:09.0331 0x0cf4  KSecDD - ok
15:57:09.0363 0x0cf4  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:57:09.0411 0x0cf4  KSecPkg - ok
15:57:09.0502 0x0cf4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:57:09.0647 0x0cf4  ksthunk - ok
15:57:09.0705 0x0cf4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:57:09.0908 0x0cf4  KtmRm - ok
15:57:10.0098 0x0cf4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:57:10.0284 0x0cf4  LanmanServer - ok
15:57:10.0551 0x0cf4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:57:10.0758 0x0cf4  LanmanWorkstation - ok
15:57:10.0899 0x0cf4  [ B705C7097F9A0EC941D02DCE7C7D426C, 1A137BEA25BF7BA1EF190212CD6E556B53293D6388E9F7E790BF53F641F3CF89 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:57:10.0958 0x0cf4  Live Updater Service - ok
15:57:11.0053 0x0cf4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:57:11.0212 0x0cf4  lltdio - ok
15:57:11.0267 0x0cf4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:57:11.0439 0x0cf4  lltdsvc - ok
15:57:11.0492 0x0cf4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:57:11.0598 0x0cf4  lmhosts - ok
15:57:11.0771 0x0cf4  [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:57:11.0826 0x0cf4  LMS - ok
15:57:11.0881 0x0cf4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:57:11.0941 0x0cf4  LSI_FC - ok
15:57:11.0985 0x0cf4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:57:12.0093 0x0cf4  LSI_SAS - ok
15:57:12.0146 0x0cf4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:57:12.0209 0x0cf4  LSI_SAS2 - ok
15:57:12.0262 0x0cf4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:57:12.0420 0x0cf4  LSI_SCSI - ok
15:57:12.0462 0x0cf4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:57:12.0654 0x0cf4  luafv - ok
15:57:12.0814 0x0cf4  [ 835E1D6B5835EF70FC3BDF93ED42243A, 0025D232ED0FF9A572F8004094CFE21F62070DB832398345425554334E036DA6 ] MBAMChameleon   C:\Windows\system32\drivers\MBAMChameleon.sys
15:57:12.0887 0x0cf4  MBAMChameleon - ok
15:57:13.0004 0x0cf4  [ E8E0D53AA910D8BC60A403E77DBA9B8C, D86EE7F845DB20230A036C26383A6F4314F80489A1D15C2A969A0C3C63706B7D ] MBAMFarflt      C:\Windows\system32\drivers\farflt.sys
15:57:13.0098 0x0cf4  MBAMFarflt - ok
15:57:13.0183 0x0cf4  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\Windows\system32\drivers\mbam.sys
15:57:13.0266 0x0cf4  MBAMProtection - ok
15:57:14.0422 0x0cf4  [ 804E3246E3E73D4A936F2F4BCDC53A2D, BF1F9B4AC292238FA6EE541E325B220F311977F9D87D5BC7F90AD058FBF0B35A ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
15:57:14.0927 0x0cf4  MBAMService - ok
15:57:15.0047 0x0cf4  [ F8E8B0977741F114407494174522B71A, 6A3FE40D4649D89ABED007FFF13C38F021284265EC692C6190FF0EF8BDECF99C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:57:15.0165 0x0cf4  MBAMSwissArmy - ok
15:57:15.0279 0x0cf4  [ E6D1E2E9C1D3F4D3DF3180385D047DB4, 71C11C8B23B1616B7A18A73D21B91183FF644F6DB71D6D6E7286718FF6B82F0F ] MBAMWebProtection C:\Windows\system32\drivers\mwac.sys
15:57:15.0342 0x0cf4  MBAMWebProtection - ok
15:57:15.0387 0x0cf4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:57:15.0458 0x0cf4  Mcx2Svc - ok
15:57:15.0480 0x0cf4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:57:15.0541 0x0cf4  megasas - ok
15:57:15.0582 0x0cf4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:57:15.0653 0x0cf4  MegaSR - ok
15:57:15.0704 0x0cf4  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:57:15.0766 0x0cf4  MEIx64 - ok
15:57:15.0836 0x0cf4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:57:15.0945 0x0cf4  MMCSS - ok
15:57:15.0993 0x0cf4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:57:16.0119 0x0cf4  Modem - ok
15:57:16.0147 0x0cf4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:57:16.0243 0x0cf4  monitor - ok
15:57:16.0321 0x0cf4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:57:16.0389 0x0cf4  mouclass - ok
15:57:16.0473 0x0cf4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:57:16.0568 0x0cf4  mouhid - ok
15:57:16.0638 0x0cf4  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:57:16.0688 0x0cf4  mountmgr - ok
15:57:16.0828 0x0cf4  [ 40134FB7F20C2591A3C7FC9541980E3A, B42D542D9008078DDDCFF8ED0A88E2EAB46C01E270F04C9569D630670D734879 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:57:16.0986 0x0cf4  MozillaMaintenance - ok
15:57:17.0066 0x0cf4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:57:17.0166 0x0cf4  mpio - ok
15:57:17.0274 0x0cf4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:57:17.0429 0x0cf4  mpsdrv - ok
15:57:17.0648 0x0cf4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:57:17.0919 0x0cf4  MpsSvc - ok
15:57:17.0982 0x0cf4  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:57:18.0172 0x0cf4  MRxDAV - ok
15:57:18.0255 0x0cf4  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:18.0445 0x0cf4  mrxsmb - ok
15:57:18.0541 0x0cf4  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:18.0801 0x0cf4  mrxsmb10 - ok
15:57:18.0872 0x0cf4  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:19.0168 0x0cf4  mrxsmb20 - ok
15:57:19.0257 0x0cf4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:57:19.0367 0x0cf4  msahci - ok
15:57:19.0412 0x0cf4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:57:19.0578 0x0cf4  msdsm - ok
15:57:19.0637 0x0cf4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:57:19.0714 0x0cf4  MSDTC - ok
15:57:19.0785 0x0cf4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:57:19.0929 0x0cf4  Msfs - ok
15:57:19.0951 0x0cf4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:57:20.0103 0x0cf4  mshidkmdf - ok
15:57:20.0180 0x0cf4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:57:20.0219 0x0cf4  msisadrv - ok
15:57:20.0419 0x0cf4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:57:20.0615 0x0cf4  MSiSCSI - ok
15:57:20.0623 0x0cf4  msiserver - ok
15:57:20.0746 0x0cf4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:57:20.0868 0x0cf4  MSKSSRV - ok
15:57:20.0950 0x0cf4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:21.0071 0x0cf4  MSPCLOCK - ok
15:57:21.0111 0x0cf4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:57:21.0278 0x0cf4  MSPQM - ok
15:57:21.0391 0x0cf4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:57:21.0483 0x0cf4  MsRPC - ok
15:57:21.0604 0x0cf4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:57:21.0684 0x0cf4  mssmbios - ok
15:57:21.0748 0x0cf4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:57:21.0946 0x0cf4  MSTEE - ok
15:57:21.0982 0x0cf4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:57:22.0082 0x0cf4  MTConfig - ok
15:57:22.0122 0x0cf4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:57:22.0178 0x0cf4  Mup - ok
15:57:22.0281 0x0cf4  [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
15:57:22.0364 0x0cf4  mwlPSDFilter - ok
15:57:22.0411 0x0cf4  [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
15:57:22.0485 0x0cf4  mwlPSDNServ - ok
15:57:22.0526 0x0cf4  [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
15:57:22.0672 0x0cf4  mwlPSDVDisk - ok
15:57:22.0810 0x0cf4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:57:23.0052 0x0cf4  napagent - ok
15:57:23.0149 0x0cf4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:57:23.0278 0x0cf4  NativeWifiP - ok
15:57:23.0487 0x0cf4  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:57:23.0645 0x0cf4  NDIS - ok
15:57:23.0735 0x0cf4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:57:23.0978 0x0cf4  NdisCap - ok
15:57:24.0341 0x0cf4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:24.0667 0x0cf4  NdisTapi - ok
15:57:25.0074 0x0cf4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:25.0367 0x0cf4  Ndisuio - ok
15:57:25.0615 0x0cf4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:26.0122 0x0cf4  NdisWan - ok
15:57:26.0222 0x0cf4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:57:26.0906 0x0cf4  NDProxy - ok
15:57:26.0983 0x0cf4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:57:27.0164 0x0cf4  NetBIOS - ok
15:57:27.0289 0x0cf4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:57:27.0453 0x0cf4  NetBT - ok
15:57:27.0481 0x0cf4  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
15:57:27.0575 0x0cf4  Netlogon - ok
15:57:27.0776 0x0cf4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:57:28.0215 0x0cf4  Netman - ok
15:57:28.0722 0x0cf4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:29.0242 0x0cf4  NetMsmqActivator - ok
15:57:29.0417 0x0cf4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:29.0541 0x0cf4  NetPipeActivator - ok
15:57:29.0729 0x0cf4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:57:30.0123 0x0cf4  netprofm - ok
15:57:30.0499 0x0cf4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:30.0679 0x0cf4  NetTcpActivator - ok
15:57:30.0829 0x0cf4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:57:31.0063 0x0cf4  NetTcpPortSharing - ok
15:57:31.0487 0x0cf4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:57:31.0619 0x0cf4  nfrd960 - ok
15:57:31.0696 0x0cf4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:57:31.0833 0x0cf4  NlaSvc - ok
15:57:31.0876 0x0cf4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:57:32.0032 0x0cf4  Npfs - ok
15:57:32.0088 0x0cf4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:57:32.0537 0x0cf4  nsi - ok
15:57:32.0704 0x0cf4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:57:33.0222 0x0cf4  nsiproxy - ok
15:57:33.0592 0x0cf4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:57:33.0871 0x0cf4  Ntfs - ok
15:57:34.0077 0x0cf4  [ D27A4546417ED7C4AEA7B3420D4F1F50, 8D52FF7D2C6E338E2E8B414F0FE9ED296A901CB38BCFF8814B1ECE52D8D1599D ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
15:57:34.0124 0x0cf4  NTI IScheduleSvc - ok
15:57:34.0782 0x0cf4  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:57:35.0442 0x0cf4  NTIDrvr - ok
15:57:35.0598 0x0cf4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:57:35.0835 0x0cf4  Null - ok
15:57:49.0529 0x0cf4  [ EE6B7B6A54BCAFF516E30B1C15467495, 85D5E22593549C7980AA3523F0C9C4391E0D147B29F07500A8DA68F49D80A84F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:57:52.0852 0x0cf4  nvlddmkm - ok
15:57:53.0114 0x0cf4  [ 4086D655D237E091ECC34BEC94E55C3E, 498A57AC8F02247A4C95A74F0C19FF49A2B91872DB22B7EF7FAC4195402D9447 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:57:53.0359 0x0cf4  nvpciflt - ok
15:57:53.0403 0x0cf4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:57:53.0505 0x0cf4  nvraid - ok
15:57:53.0560 0x0cf4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:57:53.0638 0x0cf4  nvstor - ok
15:57:53.0842 0x0cf4  [ 25626309AD2F81D47C829CCB5E46E478, D23F9F72C064B5D2A7979674703585345A78F7BE88887794FC9CA2971818B3DC ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:57:53.0989 0x0cf4  nvsvc - ok
15:57:54.0804 0x0cf4  [ A9AFE5B0648C8D7A411A72D8222F7F6E, A58AF8C615D97C769DA778D56F7E6999AAEB577C82C65455D3B2A8ED5B742777 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:57:55.0071 0x0cf4  nvUpdatusService - ok
15:57:55.0107 0x0cf4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:57:55.0158 0x0cf4  nv_agp - ok
15:57:55.0189 0x0cf4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:57:55.0282 0x0cf4  ohci1394 - ok
15:57:55.0368 0x0cf4  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:57:55.0537 0x0cf4  ose - ok
15:57:55.0671 0x0cf4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:57:55.0759 0x0cf4  p2pimsvc - ok
15:57:55.0818 0x0cf4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:57:55.0904 0x0cf4  p2psvc - ok
15:57:55.0954 0x0cf4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:57:56.0009 0x0cf4  Parport - ok
15:57:56.0047 0x0cf4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:57:56.0093 0x0cf4  partmgr - ok
15:57:56.0375 0x0cf4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:57:56.0593 0x0cf4  PcaSvc - ok
15:57:56.0829 0x0cf4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:57:56.0941 0x0cf4  pci - ok
15:57:57.0097 0x0cf4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:57:57.0163 0x0cf4  pciide - ok
15:57:57.0218 0x0cf4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:57:57.0317 0x0cf4  pcmcia - ok
15:57:57.0356 0x0cf4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:57:57.0396 0x0cf4  pcw - ok
15:57:57.0671 0x0cf4  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
15:57:57.0817 0x0cf4  PDF Architect Helper Service - ok
15:57:57.0970 0x0cf4  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
15:57:58.0058 0x0cf4  PDF Architect Service - ok
15:57:58.0141 0x0cf4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:57:58.0348 0x0cf4  PEAUTH - ok
15:57:58.0785 0x0cf4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:57:58.0853 0x0cf4  PerfHost - ok
15:57:59.0048 0x0cf4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:57:59.0265 0x0cf4  pla - ok
15:57:59.0363 0x0cf4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:57:59.0461 0x0cf4  PlugPlay - ok
15:57:59.0516 0x0cf4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:57:59.0579 0x0cf4  PNRPAutoReg - ok
15:57:59.0617 0x0cf4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:57:59.0672 0x0cf4  PNRPsvc - ok
15:57:59.0761 0x0cf4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:57:59.0863 0x0cf4  PolicyAgent - ok
15:57:59.0897 0x0cf4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:57:59.0977 0x0cf4  Power - ok
15:58:00.0076 0x0cf4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:58:00.0180 0x0cf4  PptpMiniport - ok
15:58:00.0271 0x0cf4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:58:00.0533 0x0cf4  Processor - ok
15:58:00.0855 0x0cf4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:58:00.0910 0x0cf4  ProfSvc - ok
15:58:00.0952 0x0cf4  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:58:00.0985 0x0cf4  ProtectedStorage - ok
15:58:01.0021 0x0cf4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:58:01.0109 0x0cf4  Psched - ok
15:58:01.0157 0x0cf4  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\Windows\system32\drivers\PxHlpa64.sys
15:58:01.0201 0x0cf4  PxHlpa64 - ok
15:58:01.0414 0x0cf4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:58:01.0695 0x0cf4  ql2300 - ok
15:58:01.0739 0x0cf4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:58:01.0783 0x0cf4  ql40xx - ok
15:58:01.0849 0x0cf4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:58:01.0892 0x0cf4  QWAVE - ok
15:58:01.0928 0x0cf4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:58:01.0979 0x0cf4  QWAVEdrv - ok
15:58:02.0021 0x0cf4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:58:02.0080 0x0cf4  RasAcd - ok
15:58:02.0261 0x0cf4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:58:02.0748 0x0cf4  RasAgileVpn - ok
15:58:02.0945 0x0cf4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:58:03.0347 0x0cf4  RasAuto - ok
15:58:03.0612 0x0cf4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:03.0953 0x0cf4  Rasl2tp - ok
15:58:04.0298 0x0cf4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:58:04.0584 0x0cf4  RasMan - ok
15:58:04.0643 0x0cf4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:04.0794 0x0cf4  RasPppoe - ok
15:58:04.0835 0x0cf4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:58:04.0971 0x0cf4  RasSstp - ok
15:58:05.0025 0x0cf4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:58:05.0205 0x0cf4  rdbss - ok
15:58:05.0230 0x0cf4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
15:58:05.0315 0x0cf4  rdpbus - ok
15:58:05.0342 0x0cf4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:05.0472 0x0cf4  RDPCDD - ok
15:58:05.0680 0x0cf4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:58:05.0839 0x0cf4  RDPENCDD - ok
15:58:05.0942 0x0cf4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:58:06.0071 0x0cf4  RDPREFMP - ok
15:58:06.0143 0x0cf4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:58:06.0249 0x0cf4  RDPWD - ok
15:58:06.0304 0x0cf4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:58:06.0343 0x0cf4  rdyboost - ok
15:58:06.0387 0x0cf4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:58:06.0539 0x0cf4  RemoteAccess - ok
15:58:06.0642 0x0cf4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:58:06.0816 0x0cf4  RemoteRegistry - ok
15:58:06.0916 0x0cf4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:58:07.0038 0x0cf4  RpcEptMapper - ok
15:58:07.0087 0x0cf4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:58:07.0164 0x0cf4  RpcLocator - ok
15:58:07.0279 0x0cf4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:58:07.0382 0x0cf4  RpcSs - ok
15:58:07.0466 0x0cf4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:58:07.0568 0x0cf4  rspndr - ok
15:58:07.0619 0x0cf4  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
15:58:07.0670 0x0cf4  SamSs - ok
15:58:07.0729 0x0cf4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:58:07.0808 0x0cf4  sbp2port - ok
15:58:07.0884 0x0cf4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:58:07.0997 0x0cf4  SCardSvr - ok
15:58:08.0065 0x0cf4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:58:08.0149 0x0cf4  scfilter - ok
15:58:08.0475 0x0cf4  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
15:58:08.0663 0x0cf4  Schedule - ok
15:58:08.0738 0x0cf4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:58:08.0817 0x0cf4  SCPolicySvc - ok
15:58:08.0864 0x0cf4  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
15:58:08.0919 0x0cf4  sdbus - ok
15:58:08.0980 0x0cf4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:58:09.0054 0x0cf4  SDRSVC - ok
15:58:09.0110 0x0cf4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:58:09.0207 0x0cf4  secdrv - ok
15:58:09.0242 0x0cf4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:58:09.0319 0x0cf4  seclogon - ok
15:58:09.0355 0x0cf4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:58:09.0424 0x0cf4  SENS - ok
15:58:09.0498 0x0cf4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:58:09.0646 0x0cf4  SensrSvc - ok
15:58:09.0690 0x0cf4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:58:09.0767 0x0cf4  Serenum - ok
15:58:09.0828 0x0cf4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
15:58:09.0917 0x0cf4  Serial - ok
15:58:09.0982 0x0cf4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:58:10.0046 0x0cf4  sermouse - ok
15:58:10.0110 0x0cf4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:58:10.0174 0x0cf4  SessionEnv - ok
15:58:10.0367 0x0cf4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:58:10.0657 0x0cf4  sffdisk - ok
15:58:10.0712 0x0cf4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:58:10.0828 0x0cf4  sffp_mmc - ok
15:58:10.0846 0x0cf4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:58:10.0928 0x0cf4  sffp_sd - ok
15:58:10.0972 0x0cf4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:58:11.0032 0x0cf4  sfloppy - ok
15:58:11.0164 0x0cf4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:58:11.0231 0x0cf4  SharedAccess - ok
15:58:11.0280 0x0cf4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:58:11.0344 0x0cf4  ShellHWDetection - ok
15:58:11.0399 0x0cf4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:58:11.0498 0x0cf4  SiSRaid2 - ok
15:58:11.0586 0x0cf4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:58:11.0647 0x0cf4  SiSRaid4 - ok
15:58:11.0692 0x0cf4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:58:11.0758 0x0cf4  Smb - ok
15:58:11.0862 0x0cf4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:58:11.0910 0x0cf4  SNMPTRAP - ok
15:58:11.0950 0x0cf4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:58:11.0966 0x0cf4  spldr - ok
15:58:12.0064 0x0cf4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:58:12.0304 0x0cf4  Spooler - ok
15:58:12.0879 0x0cf4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:58:13.0149 0x0cf4  sppsvc - ok
15:58:13.0173 0x0cf4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:58:13.0269 0x0cf4  sppuinotify - ok
15:58:13.0363 0x0cf4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:58:13.0436 0x0cf4  srv - ok
15:58:13.0477 0x0cf4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:58:13.0556 0x0cf4  srv2 - ok
15:58:13.0571 0x0cf4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:58:13.0664 0x0cf4  srvnet - ok
15:58:13.0717 0x0cf4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:58:13.0803 0x0cf4  SSDPSRV - ok
15:58:13.0861 0x0cf4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:58:13.0921 0x0cf4  SstpSvc - ok
15:58:14.0149 0x0cf4  [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:58:14.0858 0x0cf4  Steam Client Service - ok
15:58:14.0922 0x0cf4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:58:14.0966 0x0cf4  stexstor - ok
15:58:15.0030 0x0cf4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:58:15.0066 0x0cf4  stisvc - ok
15:58:15.0149 0x0cf4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:58:15.0235 0x0cf4  swenum - ok
15:58:15.0300 0x0cf4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:58:15.0366 0x0cf4  swprv - ok
15:58:15.0529 0x0cf4  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
15:58:15.0683 0x0cf4  SysMain - ok
15:58:15.0729 0x0cf4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:58:15.0772 0x0cf4  TabletInputService - ok
15:58:15.0802 0x0cf4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:58:15.0871 0x0cf4  TapiSrv - ok
15:58:15.0886 0x0cf4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:58:15.0930 0x0cf4  TBS - ok
15:58:16.0110 0x0cf4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:58:16.0518 0x0cf4  Tcpip - ok
15:58:16.0959 0x0cf4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:58:17.0051 0x0cf4  TCPIP6 - ok
15:58:17.0095 0x0cf4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:58:17.0162 0x0cf4  tcpipreg - ok
15:58:17.0248 0x0cf4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:58:17.0318 0x0cf4  TDPIPE - ok
15:58:17.0339 0x0cf4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:58:17.0374 0x0cf4  TDTCP - ok
15:58:17.0466 0x0cf4  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:58:17.0551 0x0cf4  tdx - ok
15:58:17.0621 0x0cf4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:58:17.0638 0x0cf4  TermDD - ok
15:58:17.0713 0x0cf4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:58:17.0885 0x0cf4  TermService - ok
15:58:17.0935 0x0cf4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:58:18.0074 0x0cf4  Themes - ok
15:58:18.0123 0x0cf4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:58:18.0823 0x0cf4  THREADORDER - ok
15:58:19.0065 0x0cf4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:58:19.0219 0x0cf4  TrkWks - ok
15:58:19.0318 0x0cf4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:58:19.0441 0x0cf4  TrustedInstaller - ok
15:58:19.0616 0x0cf4  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:19.0696 0x0cf4  tssecsrv - ok
15:58:19.0815 0x0cf4  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:58:19.0978 0x0cf4  TsUsbFlt - ok
15:58:20.0025 0x0cf4  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:58:20.0119 0x0cf4  TsUsbGD - ok
15:58:20.0363 0x0cf4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:58:20.0696 0x0cf4  tunnel - ok
15:58:20.0754 0x0cf4  [ FD24F98D2898BE093FE926604BE7DB99, F9851C57A2ED838AC76BB19FE2F62BB81C57DBBE2A2555F738B5D6725D39AD61 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
15:58:20.0865 0x0cf4  TurboB - ok
15:58:20.0984 0x0cf4  [ 600B406A04D90F577FEA8A88D7379F08, 77CC8E8AFB6F571A42D916C0B2FEFFD3A7A32A455C78228B407C6C9B6DED8CAD ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:58:21.0089 0x0cf4  TurboBoost - ok
15:58:21.0152 0x0cf4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:58:21.0257 0x0cf4  uagp35 - ok
15:58:21.0287 0x0cf4  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:58:21.0366 0x0cf4  UBHelper - ok
15:58:21.0449 0x0cf4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:58:21.0580 0x0cf4  udfs - ok
15:58:21.0681 0x0cf4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:58:21.0768 0x0cf4  UI0Detect - ok
15:58:21.0828 0x0cf4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:58:21.0925 0x0cf4  uliagpkx - ok
15:58:21.0994 0x0cf4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:58:22.0047 0x0cf4  umbus - ok
15:58:22.0066 0x0cf4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:58:22.0141 0x0cf4  UmPass - ok
15:58:22.0901 0x0cf4  [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:58:23.0135 0x0cf4  UNS - ok
15:58:23.0193 0x0cf4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:58:23.0317 0x0cf4  upnphost - ok
15:58:23.0385 0x0cf4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:23.0500 0x0cf4  usbccgp - ok
15:58:23.0574 0x0cf4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:58:23.0673 0x0cf4  usbcir - ok
15:58:23.0726 0x0cf4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:58:23.0791 0x0cf4  usbehci - ok
15:58:23.0873 0x0cf4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:58:23.0958 0x0cf4  usbhub - ok
15:58:23.0999 0x0cf4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:58:24.0058 0x0cf4  usbohci - ok
15:58:24.0108 0x0cf4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:58:24.0159 0x0cf4  usbprint - ok
15:58:24.0310 0x0cf4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:58:24.0830 0x0cf4  usbscan - ok
15:58:24.0893 0x0cf4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:25.0092 0x0cf4  USBSTOR - ok
15:58:25.0164 0x0cf4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:58:25.0251 0x0cf4  usbuhci - ok
15:58:25.0378 0x0cf4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:58:25.0518 0x0cf4  usbvideo - ok
15:58:25.0563 0x0cf4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:58:25.0640 0x0cf4  UxSms - ok
15:58:25.0677 0x0cf4  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
15:58:25.0705 0x0cf4  VaultSvc - ok
15:58:25.0743 0x0cf4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:58:25.0769 0x0cf4  vdrvroot - ok
15:58:25.0867 0x0cf4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:58:25.0974 0x0cf4  vds - ok
15:58:26.0024 0x0cf4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:26.0072 0x0cf4  vga - ok
15:58:26.0097 0x0cf4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:58:26.0227 0x0cf4  VgaSave - ok
15:58:26.0406 0x0cf4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:58:26.0718 0x0cf4  vhdmp - ok
15:58:26.0770 0x0cf4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:58:26.0908 0x0cf4  viaide - ok
15:58:26.0961 0x0cf4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:58:27.0020 0x0cf4  volmgr - ok
15:58:27.0079 0x0cf4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:58:27.0197 0x0cf4  volmgrx - ok
15:58:27.0273 0x0cf4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:58:27.0349 0x0cf4  volsnap - ok
15:58:27.0420 0x0cf4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:58:27.0553 0x0cf4  vsmraid - ok
15:58:27.0739 0x0cf4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:58:28.0036 0x0cf4  VSS - ok
15:58:28.0071 0x0cf4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:58:28.0148 0x0cf4  vwifibus - ok
15:58:28.0440 0x0cf4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:58:28.0568 0x0cf4  vwififlt - ok
15:58:29.0070 0x0cf4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:58:29.0165 0x0cf4  vwifimp - ok
15:58:29.0411 0x0cf4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:58:29.0516 0x0cf4  W32Time - ok
15:58:29.0553 0x0cf4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:58:29.0630 0x0cf4  WacomPen - ok
15:58:29.0679 0x0cf4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:58:29.0759 0x0cf4  WANARP - ok
15:58:29.0766 0x0cf4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:58:29.0846 0x0cf4  Wanarpv6 - ok
15:58:30.0031 0x0cf4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:58:30.0326 0x0cf4  wbengine - ok
15:58:30.0489 0x0cf4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:58:30.0605 0x0cf4  WbioSrvc - ok
15:58:30.0874 0x0cf4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:58:31.0093 0x0cf4  wcncsvc - ok
15:58:31.0162 0x0cf4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:58:31.0282 0x0cf4  WcsPlugInService - ok
15:58:31.0332 0x0cf4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:58:31.0410 0x0cf4  Wd - ok
15:58:31.0590 0x0cf4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:58:31.0757 0x0cf4  Wdf01000 - ok
15:58:31.0823 0x0cf4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:58:31.0920 0x0cf4  WdiServiceHost - ok
15:58:31.0934 0x0cf4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:58:32.0022 0x0cf4  WdiSystemHost - ok
15:58:32.0080 0x0cf4  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
15:58:32.0185 0x0cf4  WebClient - ok
15:58:32.0251 0x0cf4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:58:32.0405 0x0cf4  Wecsvc - ok
15:58:32.0447 0x0cf4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:58:32.0558 0x0cf4  wercplsupport - ok
15:58:32.0616 0x0cf4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:58:32.0718 0x0cf4  WerSvc - ok
15:58:32.0741 0x0cf4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:58:32.0818 0x0cf4  WfpLwf - ok
15:58:32.0877 0x0cf4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:58:32.0909 0x0cf4  WIMMount - ok
15:58:32.0953 0x0cf4  WinDefend - ok
15:58:33.0013 0x0cf4  WinHttpAutoProxySvc - ok
15:58:33.0152 0x0cf4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:58:33.0272 0x0cf4  Winmgmt - ok
15:58:33.0447 0x0cf4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
15:58:33.0786 0x0cf4  WinRM - ok
15:58:33.0924 0x0cf4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
15:58:34.0020 0x0cf4  WinUsb - ok
15:58:34.0144 0x0cf4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:58:34.0464 0x0cf4  Wlansvc - ok
15:58:34.0686 0x0cf4  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:58:34.0809 0x0cf4  wlcrasvc - ok
15:58:35.0236 0x0cf4  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:58:35.0932 0x0cf4  wlidsvc - ok
15:58:36.0037 0x0cf4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:58:36.0341 0x0cf4  WmiAcpi - ok
15:58:36.0816 0x0cf4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:58:37.0365 0x0cf4  wmiApSrv - ok
15:58:37.0453 0x0cf4  WMPNetworkSvc - ok
15:58:37.0518 0x0cf4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:58:37.0710 0x0cf4  WPCSvc - ok
15:58:37.0743 0x0cf4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:58:38.0054 0x0cf4  WPDBusEnum - ok
15:58:38.0153 0x0cf4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:58:38.0498 0x0cf4  ws2ifsl - ok
15:58:38.0869 0x0cf4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:58:38.0986 0x0cf4  wscsvc - ok
15:58:39.0096 0x0cf4  WSearch - ok
15:58:39.0558 0x0cf4  [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:58:39.0961 0x0cf4  wuauserv - ok
15:58:40.0181 0x0cf4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:58:40.0748 0x0cf4  WudfPf - ok
15:58:41.0223 0x0cf4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
15:58:41.0314 0x0cf4  WUDFRd - ok
15:58:41.0420 0x0cf4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:58:41.0495 0x0cf4  wudfsvc - ok
15:58:41.0607 0x0cf4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:58:42.0061 0x0cf4  WwanSvc - ok
15:58:42.0110 0x0cf4  ================ Scan global ===============================
15:58:42.0908 0x0cf4  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:58:42.0999 0x0cf4  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
15:58:43.0050 0x0cf4  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
15:58:43.0116 0x0cf4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:58:43.0271 0x0cf4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:58:43.0297 0x0cf4  [ Global ] - ok
15:58:43.0298 0x0cf4  ================ Scan MBR ==================================
15:58:43.0350 0x0cf4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:58:44.0974 0x0cf4  \Device\Harddisk0\DR0 - ok
15:58:44.0975 0x0cf4  ================ Scan VBR ==================================
15:58:44.0993 0x0cf4  [ 4054E6D010F116FF22C6A81A7867C748 ] \Device\Harddisk0\DR0\Partition1
15:58:44.0997 0x0cf4  \Device\Harddisk0\DR0\Partition1 - ok
15:58:45.0055 0x0cf4  [ 0930291C71695DC6E638306430DA84FB ] \Device\Harddisk0\DR0\Partition2
15:58:45.0060 0x0cf4  \Device\Harddisk0\DR0\Partition2 - ok
15:58:45.0061 0x0cf4  ================ Scan generic autorun ======================
15:58:45.0113 0x0cf4  [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe
15:58:45.0193 0x0cf4  IgfxTray - ok
15:58:45.0258 0x0cf4  [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe
15:58:45.0331 0x0cf4  HotKeysCmds - ok
15:58:45.0376 0x0cf4  [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe
15:58:45.0515 0x0cf4  Persistence - ok
15:58:45.0521 0x0cf4  IntelTBRunOnce - ok
15:58:45.0524 0x0cf4  ETDCtrl - ok
15:58:48.0454 0x0cf4  [ 5DADA908E14051D65DB1991CB0B1F58D, DC02EDA032CEC2241F302995BF010B0376D5421A3E97583CB8A13A80993290B4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:58:49.0388 0x0cf4  RtHDVCpl - ok
15:58:49.0838 0x0cf4  [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
15:58:50.0100 0x0cf4  RtHDVBg_Dolby - ok
15:58:50.0860 0x0cf4  [ F0474296AC4E0E6BDE733C1B8513E41A, 2E54894FC1B422F0C520D11166204926D3994A3440037D655C73D66D7118859C ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
15:58:51.0104 0x0cf4  Power Management - ok
15:58:51.0381 0x0cf4  Ocs_SM - ok
15:58:51.0636 0x0cf4  [ 6B08632F7634F344372B25A507DA7C47, C955BFB0F4601A4D1077119B204785FE4CB975E961D2AEE9C2BFA6EDC27E3CE2 ] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
15:58:51.0772 0x0cf4  Nvtmru - ok
15:58:52.0035 0x0cf4  [ 79C9B6A7836DC358216036A1EBA31B62, 9E3987ED10C5CFCD06A2DCBC4E0838004F97A1527527749EF3CC7C5EC5AC2597 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
15:58:52.0114 0x0cf4  AdobeAAMUpdater-1.0 - ok
15:58:52.0936 0x0cf4  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
15:58:53.0368 0x0cf4  Malwarebytes TrayApp - ok
15:58:53.0520 0x0cf4  [ 4A80B3C030178E65CF0BECFF1BB20905, EBBB74B0597D1884D279C77248A818A6D9300DDE06BCE498945B82715ABE0196 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
15:58:53.0594 0x0cf4  SuiteTray - ok
15:58:53.0660 0x0cf4  [ 4DDE3E01B5020B3D5DEEC7E3DC0F3185, C7315F3521EE461027A3DDE7CFC0EA4F8E705A98F9292284BB20620D7F34DDE9 ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
15:58:53.0735 0x0cf4  BackupManagerTray - ok
15:58:54.0070 0x0cf4  [ 9ABC4E3B00CFA3A47D5569F5B49FE42F, 5D33CCE770BC9BC3AFA544A21F100A7F1E5A36577FDB30884160AC4BFE6A1838 ] C:\Program Files (x86)\Launch Manager\LManager.exe
15:58:54.0284 0x0cf4  LManager - ok
15:58:54.0494 0x0cf4  [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Dolby PCEE4\pcee4.exe
15:58:54.0578 0x0cf4  Dolby Advanced Audio v2 - ok
15:58:55.0024 0x0cf4  [ 1BC31F797516DC7B7446B62A849D5905, 49B35A41F1C3739800CBA2A559C2AEFE89FBC090F8305681AF3B379B639E16AA ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
15:58:55.0220 0x0cf4  avgnt - ok
15:58:55.0452 0x0cf4  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:58:55.0532 0x0cf4  SunJavaUpdateSched - ok
15:58:55.0712 0x0cf4  [ 258E2CD2C4984A977106C9EF7CA8AF69, D8F6409D5F5782CC27D159D18E914A3DB59D8644D7017CA6F84F0CF30E95174C ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
15:58:55.0771 0x0cf4  Avira SystrayStartTrigger - ok
15:58:56.0523 0x0cf4  Dropbox - ok
15:58:56.0533 0x0cf4  WinampAgent - ok
15:58:56.0904 0x0cf4  [ D474767D4805CEF801AF6D4AEED1F9E3, 4645EABB554ED97737D9375826EFB06BF43E3DC4C33095FDCCC530B51DEC6145 ] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
15:58:56.0960 0x0cf4  ArcadeMovieService - ok
15:58:57.0262 0x0cf4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:58:57.0617 0x0cf4  Sidebar - ok
15:58:57.0681 0x0cf4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:58:57.0785 0x0cf4  mctadmin - ok
15:58:57.0793 0x0cf4  IsMyWinLockerReboot - ok
15:58:58.0041 0x0cf4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:58:58.0179 0x0cf4  Sidebar - ok
15:58:58.0336 0x0cf4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:58:58.0411 0x0cf4  mctadmin - ok
15:58:58.0417 0x0cf4  IsMyWinLockerReboot - ok
15:58:58.0841 0x0cf4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:58:59.0005 0x0cf4  Sidebar - ok
15:58:59.0048 0x0cf4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:58:59.0140 0x0cf4  mctadmin - ok
15:58:59.0297 0x0cf4  [ 8E27F731A1BDED1B13DEBA9E54FE0B20, 326F0CFC75AD7E552DA5DD64964C06AC0AD6E71BF0D5F568C2AEE9206C2FD0BE ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
15:58:59.0601 0x0cf4  ScrSav - ok
15:58:59.0720 0x0cf4  [ CC436BB2A26391F3DEBE316F6FB0474F, 2DA63827AD1449CA5F2888ADFA9645F1EAF8B39D26EC214441EE80F3A56E6E72 ] C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
15:58:59.0807 0x0cf4  BingSvc - ok
15:59:00.0512 0x0cf4  [ FB4A70985CE3C2571D7053630B6D2595, 5190F7DCFDA783DD8C8E500CC0187F747F70B890511318CCF31A332917D21529 ] C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
15:59:00.0851 0x0cf4  CAHeadless - ok
15:59:01.0666 0x0cf4  [ 5710E80EAB62305C4FD4D968567448D2, BDC26F7A2313AB637FDBEEFCA705C5DF5C6F73F28F4BBB4C5FF2BB6B3F551CE6 ] C:\Program Files (x86)\Steam\steam.exe
15:59:02.0002 0x0cf4  Steam - ok
15:59:02.0460 0x0cf4  [ 89CACBC5A5D9F14AD11F09D1DE49294E, 5D9F810E57527ED9E95BB208DBA13D25AF64346B298C1C793335775F9AED21C7 ] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
15:59:02.0553 0x0cf4  Sony PC Companion - ok
15:59:02.0631 0x0cf4  EA Core - ok
15:59:03.0064 0x0cf4  [ C1DE156BD17A08A294C61C28981CCAD5, BCB8351A3F00126F0DD70C9FD72ED8CBEA692E76D1C377ECF8762E822DC31DDF ] C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
15:59:03.0272 0x0cf4  f.lux - ok
15:59:03.0461 0x0cf4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:59:03.0582 0x0cf4  Sidebar - ok
15:59:03.0625 0x0cf4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:59:03.0699 0x0cf4  mctadmin - ok
15:59:03.0768 0x0cf4  [ 8E27F731A1BDED1B13DEBA9E54FE0B20, 326F0CFC75AD7E552DA5DD64964C06AC0AD6E71BF0D5F568C2AEE9206C2FD0BE ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
15:59:03.0851 0x0cf4  ScrSav - ok
15:59:03.0856 0x0cf4  Waiting for KSN requests completion. In queue: 29
15:59:04.0856 0x0cf4  Waiting for KSN requests completion. In queue: 29
15:59:05.0856 0x0cf4  Waiting for KSN requests completion. In queue: 29
15:59:06.0856 0x0cf4  Waiting for KSN requests completion. In queue: 29
15:59:08.0135 0x0cf4  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.24.143 ), 0x41000 ( enabled : updated )
15:59:08.0315 0x0cf4  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.138 ), 0x61000 ( enabled : updated )
15:59:08.0409 0x0cf4  Win FW state via NFP2: enabled ( trusted )
15:59:11.0744 0x0cf4  ============================================================
15:59:11.0744 0x0cf4  Scan finished
15:59:11.0744 0x0cf4  ============================================================
15:59:11.0757 0x1b84  Detected object count: 0
15:59:11.0757 0x1b84  Actual detected object count: 0
         

AdwCleaner

Code:
ATTFilter
# AdwCleaner v6.044 - Bericht erstellt am 24/03/2017 um 20:09:51
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-02-28.2 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Mandragora - ACERASPIRE
# Gestartet von : C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\ProgramData\ICQ\ICQNewTab
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\ICQ\ICQNewTab
[-] Ordner gelöscht: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Ordner gelöscht: C:\extensions


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SearchAnonymizer
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SearchAnonymizer
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Schlüssel gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Mail.Ru
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Mail.Ru
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Mail.Ru
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes 
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[-] Wert gelöscht: HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes 
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes 
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [SuggestionsURL_JSON]
[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DisplayName]
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Ocs_SM]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5053 Bytes] - [24/03/2017 20:09:51]
C:\AdwCleaner\AdwCleaner[R0].txt - [19747 Bytes] - [09/02/2015 13:08:22]
C:\AdwCleaner\AdwCleaner[R1].txt - [1105 Bytes] - [04/06/2016 14:03:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [18218 Bytes] - [09/02/2015 13:11:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [1120 Bytes] - [04/06/2016 14:07:17]
C:\AdwCleaner\AdwCleaner[S2].txt - [5324 Bytes] - [24/03/2017 20:07:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5493 Bytes] ##########
         
__________________

Alt 25.03.2017, 15:43   #4
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Mandragora (Limited) on 24.03.2017 at 21:26:48,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 86 

Successfully deleted: C:\Users\Mandragora\AppData\Local\{0744DF4A-8076-48C9-A36B-D15DCA64D4F2} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{08C8FFAC-2477-49FB-9727-EBE827AD9E70} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{0949D0EB-3E1C-4B57-AF43-919D93C35484} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{1D5F922A-FEA7-4727-B851-6D78C9628299} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{34F0ECE6-E168-4E45-95D4-74BC62F13D86} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{3CDBFDB7-9E7E-4C57-BBCE-1A62F47A2D89} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{414248EB-B84A-4BC1-8C2A-D1898B6DF420} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{4309CB94-78D1-457C-AD0C-558E7D5A7772} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{4C9A7726-D5B1-45F9-9295-3D9BBB1594E3} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{5CE73B31-64D5-4969-83CB-EB68C1CAF3A9} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{6075D4C6-3EF3-4B3F-A257-FA3EB89D6C5E} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{73201AAE-6929-4268-A2D9-B516C3B16F4E} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{936D7BAC-E2A8-4D2A-9F28-B979A0FADB94} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{B5A86000-B532-4701-9CDE-716C981222E4} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{B97E51F1-603A-4F49-B32E-6D02E6349702} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{C185DCE7-C4FB-4A9E-AA01-46047F2A0108} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{C451A568-4F7C-408B-B5D9-D906E63C4566} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{C91ABA26-C29B-4E22-BA37-A52EF36ECDDC} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{D9860D18-F7A9-4CD8-B339-F8737453A0A3} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{EB4F1D4F-4FB8-4195-816A-0B560915E6FC} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{EEF33C8D-7F27-406B-8EF6-A6316C48315A} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{EF187AC9-21A0-4B6D-8EC1-E7444358C071} (Empty Folder)
Successfully deleted: C:\Users\Mandragora\AppData\Local\{F6A8B2F3-0458-4A23-9A04-A75EB612D0DB} (Empty Folder)
Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06XUI283 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JITW8SS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PJMC0IB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EPMS1TY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D71WBGU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LYE1WES (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AC3DCJ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIE0RBK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZM9S6X1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\923P3L67 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ILHN7S5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM39A7N8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3QB0TSZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXOZW63L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVJ02VM1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZXBID9M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFL0BOJP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWNHJWNA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2V1HE8I (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XV0M1S (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9W9YB5Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNC3ETQL (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMJTNCTR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMMBW0DY (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\06XUI283 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JITW8SS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PJMC0IB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EPMS1TY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3D71WBGU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LYE1WES (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4AC3DCJ0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIE0RBK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZM9S6X1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\923P3L67 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ILHN7S5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM39A7N8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3QB0TSZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXOZW63L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVJ02VM1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KZXBID9M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MFL0BOJP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWNHJWNA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2V1HE8I (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8XV0M1S (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9W9YB5Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNC3ETQL (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XMJTNCTR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZMMBW0DY (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder) 



Registry: 2 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2017 at 21:31:04,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Mbam

Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 21.03.17
Scan-Zeit: 15:19
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.75
Version des Aktualisierungspakets: 1.0.1394
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgebrochen
Gescannte Objekte: 39822
Abgelaufene Zeit: 12 Min., 29 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Deaktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         

Alt 25.03.2017, 15:44   #5
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Neue FRST Logs im normalen Modus


FRST

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Mandragora (Administrator) auf ACERASPIRE (25-03-2017 15:07:32)
Gestartet von E:\
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Flux Software LLC) C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Farbar) E:\FRST64bit.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [BingSvc] => C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [f.lux] => C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\MountPoints2: {fe347389-8546-11e4-94f6-dc0ea103d22b} - E:\Startme.exe
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\S-1-5-21-910591887-2798395287-988946140-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk -> C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
Tcpip\..\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: [DhcpNameServer] 192.168.1.250
Tcpip\..\Interfaces\{5DAF830A-DF25-4C60-9337-70381CE34126}: [DhcpNameServer] 62.220.18.8 89.246.64.8

Internet Explorer:
==================
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-910591887-2798395287-988946140-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-01] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 [2017-03-24]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> Bing
FF Homepage: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> hxxps://www.bing.com/
FF Session Restore: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> ist aktiviert.
FF Extension: (NoScript) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-20]
FF Extension: (Adblock Plus) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-25] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Google Mail) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-12] (Avira Operations GmbH & Co. KG)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-25] (Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-25 08:44 - 2017-03-25 08:57 - 00000000 ____D C:\Users\TEMP
2017-03-24 21:58 - 2017-03-24 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 21:51 - 2017-03-24 21:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 21:43 - 2017-03-24 21:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 21:39 - 2017-03-24 21:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 21:31 - 2017-03-24 21:31 - 00013808 _____ C:\Users\Mandragora\Desktop\JRT.txt
2017-03-24 21:26 - 2017-03-24 21:22 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-24 20:17 - 2017-03-25 09:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 20:17 - 2017-03-24 20:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 20:17 - 2017-03-24 20:17 - 00001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-24 20:17 - 2017-03-24 20:17 - 00001343 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-24 20:17 - 2017-03-24 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-24 20:17 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-03-24 20:13 - 2017-03-24 20:13 - 00005627 _____ C:\Users\Mandragora\Desktop\AdwCleaner[C0].txt
2017-03-24 19:37 - 2017-03-24 17:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-24 19:37 - 2017-03-24 17:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mandragora\Desktop\spybot-2.4.40.exe
2017-03-24 19:37 - 2017-03-24 17:37 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-21 23:58 - 2017-03-25 15:07 - 00000000 ____D C:\FRST
2017-03-21 16:11 - 2017-03-21 16:11 - 00109259 _____ C:\Users\Mandragora\Desktop\TDSSKiller Report.alt.txt
2017-03-21 15:55 - 2017-03-21 16:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 15:54 - 2017-03-21 15:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 14:14 - 2017-03-25 15:11 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-21 14:14 - 2017-03-25 15:04 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-21 14:14 - 2017-03-25 15:04 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-21 14:14 - 2017-03-25 15:04 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-21 14:14 - 2017-03-21 14:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-21 14:13 - 2017-03-21 14:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 14:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-20 15:11 - 2017-03-20 15:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 15:07 - 2017-03-20 15:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 12:15 - 2017-03-14 18:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-11 00:17 - 2017-03-11 00:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-25 15:10 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-25 15:10 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 15:05 - 2016-02-06 17:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-25 15:04 - 2016-06-04 15:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-25 15:03 - 2015-08-16 08:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-25 15:02 - 2016-02-06 17:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-25 15:02 - 2012-01-06 19:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-25 15:01 - 2013-06-13 09:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-25 15:01 - 2013-06-02 21:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-25 15:01 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-25 08:56 - 2011-11-03 03:28 - 00699682 _____ C:\Windows\system32\perfh007.dat
2017-03-25 08:56 - 2011-11-03 03:28 - 00149790 _____ C:\Windows\system32\perfc007.dat
2017-03-25 08:56 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 08:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-25 08:54 - 2015-02-09 13:06 - 00000000 ____D C:\AdwCleaner
2017-03-25 08:49 - 2015-07-18 16:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-25 08:42 - 2016-02-06 17:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-24 23:36 - 2014-08-04 12:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 21:58 - 2016-02-06 17:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 21:39 - 2015-02-09 11:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 20:09 - 2016-11-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 20:09 - 2012-04-22 21:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 19:43 - 2012-01-08 02:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 17:17 - 2013-05-29 14:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 16:08 - 2014-08-05 10:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-21 16:08 - 2013-04-17 07:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-03-21 15:49 - 2016-11-19 09:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-21 14:13 - 2012-01-06 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 14:12 - 2016-10-26 11:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-21 14:05 - 2016-11-18 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 14:05 - 2012-05-08 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 15:10 - 2015-08-04 18:53 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uru Live
2017-03-20 15:08 - 2012-02-19 23:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 15:07 - 2012-02-19 23:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 15:07 - 2012-01-06 17:29 - 00000000 ____D C:\Users\Mandragora
2017-03-16 19:01 - 2016-02-29 22:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 13:14 - 2016-11-25 22:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 11:02 - 2013-03-19 10:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 11:02 - 2013-03-19 10:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 11:02 - 2013-03-19 10:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 11:02 - 2011-08-12 08:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 11:02 - 2011-08-12 08:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 12:49 - 2014-08-18 18:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 20:55 - 2016-01-15 21:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 22:13 - 2016-02-06 17:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 21:44 - 2013-04-09 15:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-06 23:07 - 2014-03-04 15:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm
2017-02-25 19:12 - 2012-01-07 16:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-06-02 04:21 - 2010-06-02 04:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 04:22 - 2010-06-02 04:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2013-06-26 17:03 - 2014-07-18 12:57 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-06-02 04:22 - 2010-06-02 04:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2014-08-18 18:35 - 2017-03-12 12:49 - 0000132 _____ () C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-08-23 14:33 - 2015-08-23 14:33 - 0001456 _____ () C:\Users\Mandragora\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-04 15:02 - 2017-03-06 23:07 - 0004096 ____H () C:\Users\Mandragora\AppData\Local\keyfile3.drm
2016-03-16 11:30 - 2016-03-16 11:30 - 0007597 _____ () C:\Users\Mandragora\AppData\Local\Resmon.ResmonCfg
2011-11-02 19:03 - 2011-11-02 19:05 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll


Einige Dateien in TEMP:
====================
2013-01-28 23:20 - 2013-01-28 23:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 18:04 - 2012-01-06 18:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 22:47 - 2005-10-18 22:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-06 23:41 - 2005-10-10 22:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 12:40 - 2014-08-05 10:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 18:15 - 2015-11-12 18:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 18:03 - 2012-01-06 18:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 19:53 - 2012-10-10 19:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 10:39 - 2012-04-08 10:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 11:37 - 2005-10-18 22:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 12:01 - 2001-10-11 12:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 22:44 - 2004-08-18 09:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 10:34 - 2013-03-19 10:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 19:04 - 2012-01-06 19:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 11:41 - 2005-09-18 14:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 17:59 - 2003-10-06 19:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 17:59 - 2003-10-06 19:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 19:14 - 2012-03-26 19:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 12:43 - 2013-04-02 12:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 15:53 - 2012-03-09 15:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 09:33 - 2015-01-25 21:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 12:43 - 2014-08-04 12:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 17:59 - 2003-10-06 19:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 18:00 - 2014-08-12 20:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 20:39 - 2015-05-03 20:40 - 36124056 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 18:52 - 2015-11-04 18:53 - 39228760 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 09:16 - 2017-02-28 09:18 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 11:19 - 2016-03-25 11:21 - 40830448 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 10:11 - 2016-08-09 10:11 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 17:47 - 2016-06-30 17:48 - 41478784 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 22:08 - 2009-03-28 22:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 22:44 - 2004-08-18 09:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 22:44 - 2004-08-18 09:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 18:04 - 2012-01-06 18:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-17 12:24

==================== Ende von FRST.txt ============================
         


Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (25-03-2017 15:14:22)
Gestartet von E:\
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version:  - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version:  - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version:  - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version:  - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version:  - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version:  - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version:  - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version:  - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe  <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe 
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe  <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {814DE142-C4AB-4762-8098-81B792BBC521} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-08-15 17:59 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-01-22 00:45 - 2009-01-22 00:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-01-18 23:27 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-12 08:37 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-12-25 11:15 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2017-03-24 20:17 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-24 20:17 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-25 11:15 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-25 11:15 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2017-03-24 21:57 - 2017-03-21 19:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-24 21:58 - 2017-02-28 21:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-24 21:57 - 2017-02-28 21:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-24 21:58 - 2017-02-28 21:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-24 21:57 - 2017-02-28 21:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-24 21:58 - 2017-02-28 21:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-24 21:57 - 2017-02-28 21:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-24 21:57 - 2017-03-21 19:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-24 21:58 - 2017-03-21 19:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-24 21:57 - 2017-02-28 21:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-24 21:57 - 2017-02-28 21:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-24 21:57 - 2017-03-21 19:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-03-24 20:17 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-10-25 11:07 - 2014-10-25 11:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-12 07:58 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.220.18.8 - 89.246.64.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{D6220000-49CE-4ED3-AFDF-4A0CE797458D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

02-03-2017 11:53:33 Windows Update
10-03-2017 12:51:12 Windows Update
17-03-2017 12:20:57 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/25/2017 03:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 03:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 03:02:08 PM) (Source: SDUpdSvc.exe) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/25/2017 09:02:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 08:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 08:57:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT-AUTORITÄT)
Description: Das Profilverzeichnis kann nicht gelöscht werden C:\Users\TEMP. Dies liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm verwendet werden. 

 DETAIL - Das Verzeichnis ist nicht leer.

Error: (03/25/2017 08:53:11 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\TEMP\Desktop\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 08:53:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 08:44:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: acerAspire)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (03/25/2017 08:44:54 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: acerAspire)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.


Systemfehler:
=============
Error: (03/25/2017 03:03:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/25/2017 03:03:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (03/25/2017 03:02:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/25/2017 03:02:04 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (03/25/2017 03:01:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 03:01:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 09:03:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: 
Die Daten sind unzulässig.

Error: (03/25/2017 09:03:01 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet: 
Der Authentifizierungsdienst ist unbekannt.

Error: (03/25/2017 09:02:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/25/2017 09:02:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 1497.68 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 5211.55 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:115 GB) NTFS
Drive e: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.45 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         


Alt 25.03.2017, 16:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Spybot deinstallieren, das Zeug ist komplett fürn Arsch.

Bitte auch Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!
__________________
--> Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail

Alt 25.03.2017, 16:58   #7
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



So, müsste beides weg sein.

Hier die neuen Logs:


FRST

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Mandragora (Administrator) auf ACERASPIRE (25-03-2017 16:46:50)
Gestartet von C:\Users\Mandragora\Desktop
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Flux Software LLC) C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Telegram Messenger LLP) C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [BingSvc] => C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [f.lux] => C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\MountPoints2: {fe347389-8546-11e4-94f6-dc0ea103d22b} - E:\Startme.exe
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\S-1-5-21-910591887-2798395287-988946140-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk -> C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-910591887-2798395287-988946140-1001] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
Tcpip\..\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: [DhcpNameServer] 192.168.1.250
Tcpip\..\Interfaces\{5DAF830A-DF25-4C60-9337-70381CE34126}: [DhcpNameServer] 62.220.18.8 89.246.64.8

Internet Explorer:
==================
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-910591887-2798395287-988946140-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-01] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 [2017-03-25]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> Bing
FF Homepage: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> hxxps://www.bing.com/
FF Session Restore: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> ist aktiviert.
FF Extension: (NoScript) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-20]
FF Extension: (Adblock Plus) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-25] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Google Mail) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-25] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-25] (Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-25 16:46 - 2017-03-25 16:50 - 00023062 _____ C:\Users\Mandragora\Desktop\FRST.txt
2017-03-25 16:45 - 2017-03-21 14:31 - 02424832 _____ (Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
2017-03-25 16:25 - 2017-03-25 16:26 - 00000085 _____ C:\Windows\wininit.ini
2017-03-25 16:25 - 2017-03-25 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-25 08:44 - 2017-03-25 08:57 - 00000000 ____D C:\Users\TEMP
2017-03-24 21:58 - 2017-03-24 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 21:51 - 2017-03-24 21:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 21:43 - 2017-03-24 21:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 21:39 - 2017-03-24 21:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 21:26 - 2017-03-24 21:22 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-24 20:17 - 2017-03-25 16:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 20:17 - 2017-03-25 16:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 19:37 - 2017-03-24 17:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-24 19:37 - 2017-03-24 17:37 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-21 23:58 - 2017-03-25 16:46 - 00000000 ____D C:\FRST
2017-03-21 15:55 - 2017-03-21 16:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 15:54 - 2017-03-21 15:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 14:14 - 2017-03-25 16:41 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-21 14:14 - 2017-03-25 16:41 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-21 14:14 - 2017-03-25 16:41 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-21 14:14 - 2017-03-25 16:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-21 14:14 - 2017-03-21 14:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-21 14:13 - 2017-03-21 14:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-21 14:13 - 2017-03-21 14:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 14:13 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-20 15:11 - 2017-03-20 15:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 15:07 - 2017-03-20 15:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 12:15 - 2017-03-14 18:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-11 00:17 - 2017-03-11 00:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 00:17 - 2017-03-11 00:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-25 16:46 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-25 16:46 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 16:43 - 2016-11-19 09:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-25 16:42 - 2016-02-06 17:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-25 16:42 - 2016-02-06 17:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-25 16:42 - 2013-04-17 07:42 - 00000000 ____D C:\ProgramData\Avira
2017-03-25 16:41 - 2012-01-06 19:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-25 16:40 - 2016-06-04 15:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-25 16:40 - 2015-08-16 08:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-25 16:39 - 2016-02-06 17:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-25 16:39 - 2013-06-13 09:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-25 16:39 - 2013-06-02 21:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-25 16:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-25 16:38 - 2013-04-17 07:47 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Avira
2017-03-25 16:31 - 2016-10-26 11:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-25 16:30 - 2012-01-07 16:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium
2017-03-25 08:56 - 2011-11-03 03:28 - 00699682 _____ C:\Windows\system32\perfh007.dat
2017-03-25 08:56 - 2011-11-03 03:28 - 00149790 _____ C:\Windows\system32\perfc007.dat
2017-03-25 08:56 - 2009-07-14 06:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 08:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-03-25 08:54 - 2015-02-09 13:06 - 00000000 ____D C:\AdwCleaner
2017-03-25 08:49 - 2015-07-18 16:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-24 23:36 - 2014-08-04 12:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 21:58 - 2016-02-06 17:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 21:39 - 2015-02-09 11:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 20:09 - 2016-11-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 20:09 - 2012-04-22 21:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 19:43 - 2012-01-08 02:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 17:17 - 2013-05-29 14:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 14:13 - 2012-01-06 18:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 14:05 - 2016-11-18 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 14:05 - 2012-05-08 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 15:10 - 2015-08-04 18:53 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uru Live
2017-03-20 15:08 - 2012-02-19 23:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 15:07 - 2012-02-19 23:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 15:07 - 2012-01-06 17:29 - 00000000 ____D C:\Users\Mandragora
2017-03-16 19:01 - 2016-02-29 22:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 13:14 - 2016-11-25 22:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 11:02 - 2013-03-19 10:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 11:02 - 2013-03-19 10:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 11:02 - 2013-03-19 10:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 11:02 - 2011-08-12 08:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 11:02 - 2011-08-12 08:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 12:49 - 2014-08-18 18:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 20:55 - 2016-01-15 21:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 22:13 - 2016-02-06 17:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 21:44 - 2013-04-09 15:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-06 23:07 - 2014-03-04 15:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-06-02 04:21 - 2010-06-02 04:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 04:21 - 2010-06-02 04:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 04:22 - 2010-06-02 04:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 04:22 - 2010-06-02 04:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2013-06-26 17:03 - 2014-07-18 12:57 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-06-02 04:22 - 2010-06-02 04:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 04:22 - 2010-06-02 04:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2014-08-18 18:35 - 2017-03-12 12:49 - 0000132 _____ () C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-08-23 14:33 - 2015-08-23 14:33 - 0001456 _____ () C:\Users\Mandragora\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-04 15:02 - 2017-03-06 23:07 - 0004096 ____H () C:\Users\Mandragora\AppData\Local\keyfile3.drm
2016-03-16 11:30 - 2016-03-16 11:30 - 0007597 _____ () C:\Users\Mandragora\AppData\Local\Resmon.ResmonCfg
2011-11-02 19:03 - 2011-11-02 19:05 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll


Einige Dateien in TEMP:
====================
2013-01-28 23:20 - 2013-01-28 23:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 18:04 - 2012-01-06 18:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 22:47 - 2005-10-18 22:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-06 23:41 - 2005-10-10 22:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 12:40 - 2014-08-05 10:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 18:15 - 2015-11-12 18:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-04-30 23:06 - 2015-11-12 18:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 18:03 - 2012-01-06 18:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 19:53 - 2012-10-10 19:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 10:24 - 2014-07-16 10:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 10:39 - 2012-04-08 10:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 11:37 - 2005-10-18 22:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 12:01 - 2001-10-11 12:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-29 02:30 - 2001-09-29 02:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 22:44 - 2004-08-18 09:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 10:34 - 2013-03-19 10:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 19:04 - 2012-01-06 19:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 11:32 - 2007-06-03 21:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 11:41 - 2005-09-18 14:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 17:59 - 2003-10-06 19:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 17:59 - 2003-10-06 19:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 19:14 - 2012-03-26 19:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 12:43 - 2013-04-02 12:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 15:53 - 2012-03-09 15:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 09:33 - 2015-01-25 21:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 12:43 - 2014-08-04 12:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 10:24 - 2014-07-16 10:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 17:59 - 2003-10-06 19:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 18:00 - 2014-08-12 20:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 20:39 - 2015-05-03 20:40 - 36124056 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 18:52 - 2015-11-04 18:53 - 39228760 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 09:16 - 2017-02-28 09:18 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 11:19 - 2016-03-25 11:21 - 40830448 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 10:11 - 2016-08-09 10:11 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 17:47 - 2016-06-30 17:48 - 41478784 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 19:53 - 2012-10-10 19:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 22:08 - 2009-03-28 22:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 22:44 - 2004-08-18 09:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 22:44 - 2004-08-18 09:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 18:04 - 2012-01-06 18:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-17 12:24

==================== Ende von FRST.txt ============================
         



Addition

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (25-03-2017 16:51:26)
Gestartet von C:\Users\Mandragora\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version:  - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version:  - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version:  - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version:  - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version:  - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version:  - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version:  - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version:  - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe  <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe 
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe  <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {814DE142-C4AB-4762-8098-81B792BBC521} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-08-15 17:59 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-01-18 23:27 - 2012-01-09 19:44 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-08-12 08:37 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 14:13 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-12-25 11:15 - 2015-06-10 10:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-01-05 14:22 - 2012-01-05 14:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 14:22 - 2012-01-05 14:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-12-25 11:15 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-25 11:15 - 2015-10-20 17:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2011-08-24 18:03 - 2011-08-24 18:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2017-03-24 21:57 - 2017-03-21 19:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-24 21:58 - 2017-02-28 21:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-24 21:58 - 2017-02-28 21:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-24 21:57 - 2017-02-28 21:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-24 21:58 - 2017-02-28 21:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-24 21:57 - 2017-02-28 21:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-24 21:57 - 2017-02-28 21:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-24 21:58 - 2017-02-28 21:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-24 21:58 - 2017-02-28 21:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-24 21:57 - 2017-03-21 19:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-24 21:57 - 2017-02-28 21:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-24 21:57 - 2017-03-21 19:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-24 21:58 - 2017-03-21 19:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-24 21:57 - 2017-02-28 21:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-24 21:57 - 2017-02-28 21:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-24 21:57 - 2017-03-21 19:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-24 21:58 - 2017-02-28 21:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-24 21:58 - 2017-03-21 19:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-24 21:57 - 2017-03-21 19:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2014-10-25 11:07 - 2014-10-25 11:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-12 07:58 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.220.18.8 - 89.246.64.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{D6220000-49CE-4ED3-AFDF-4A0CE797458D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

02-03-2017 11:53:33 Windows Update
10-03-2017 12:51:12 Windows Update
17-03-2017 12:20:57 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/25/2017 04:45:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 04:40:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 04:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 04:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 03:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 03:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 03:02:08 PM) (Source: SDUpdSvc.exe) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/25/2017 09:02:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 08:59:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 08:57:33 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT-AUTORITÄT)
Description: Das Profilverzeichnis kann nicht gelöscht werden C:\Users\TEMP. Dies liegt u. U. daran, dass Dateien in diesem Verzeichnis von einem anderen Programm verwendet werden. 

 DETAIL - Das Verzeichnis ist nicht leer.


Systemfehler:
=============
Error: (03/25/2017 04:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 04:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 04:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 04:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 04:23:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/25/2017 04:23:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (03/25/2017 04:22:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (03/25/2017 04:22:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (03/25/2017 04:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 04:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 1165.63 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 5277.95 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:116.79 GB) NTFS
Drive e: (SCARAB) (Removable) (Total:3.91 GB) (Free:3.45 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.9 GB) (Disk ID: CD152345)
Partition 1: (Active) - (Size=3.9 GB) - (Type=0B)

==================== Ende von Addition.txt ============================
         

Alt 25.03.2017, 17:02   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2017, 18:43   #9
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Kein Fund

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.18124

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4139630592, free: 1950064640

Downloaded database version: v2017.03.25.05
Downloaded database version: v2017.03.11.01
Downloaded database version: v2017.03.14.01
=======================================
Initializing...
------------ Kernel report ------------
     03/25/2017 17:16:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\bScsiSDa.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\bScsiMSa.sys
\SystemRoot\system32\DRIVERS\b57xdbd.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\CmBatt.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\system32\DRIVERS\b57xdmp.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mwac.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.25.05
  rootkit: v2017.03.11.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007619060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80074b68f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007619060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004e92050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1BCD5BD1

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 37748736
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 37750784  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 37955584  Numsec = 587184128
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-6F04361DDBDB39CFB0FB8AED4049E4D934D23E56.bin.83" is compressed (flags = 1)
Scan finished
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.25.05
  rootkit: v2017.03.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18124
Mandragora :: ACERASPIRE [administrator]

25.03.2017 17:16:38
mbar-log-2017-03-25 (17-16-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 398012
Time elapsed: 1 hour(s), 15 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 25.03.2017, 23:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Wir haben leider noch ne ältere Anleitung vom adwCleaner, bitte nochmal ausführen und so einstellen:






2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2017, 23:25   #11
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Code:
ATTFilter
# AdwCleaner v6.044 - Bericht erstellt am 25/03/2017 um 23:17:17
# Aktualisiert am 28/02/2017 von Malwarebytes
# Datenbank : 2017-03-23.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Mandragora - ACERASPIRE
# Gestartet von : C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1220 Bytes] - [25/03/2017 23:17:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1293 Bytes] ##########
         


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.2 (03.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by Mandragora (Administrator) on 25.03.2017 at 23:18:29,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13 

Successfully deleted: C:\Windows\wininit.ini (File) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Mandragora\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHA3IF56 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MU4XEI8Q (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SOZ5AYW5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCYCX1O1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VV2K5P4K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX64U4P (Temporary Internet Files Folder) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.03.2017 at 23:22:37,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 25.03.2017, 23:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2017, 09:24   #13
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
durchgeführt von Mandragora (Administrator) auf ACERASPIRE (26-03-2017 09:15:24)
Gestartet von C:\Users\Mandragora\Desktop
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Inc.) C:\Program Files (x86)\Acer\clear.fi Client\ExtractDeviceIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Flux Software LLC) C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Telegram Messenger LLP) C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-22] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [WinampAgent] => "C:\Program Files (x86)\Winamp\winampa.exe"
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [BingSvc] => C:\Users\Mandragora\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Run: [f.lux] => C:\Users\Mandragora\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC)
HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\MountPoints2: {fe347389-8546-11e4-94f6-dc0ea103d22b} - E:\Startme.exe
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-910591887-2798395287-988946140-1004\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162408 2011-09-13] ()
HKU\S-1-5-21-910591887-2798395287-988946140-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-04-10]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2016-06-04]
ShortcutTarget: Telegram.lnk -> C:\Users\Mandragora\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram Messenger LLP)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyServer: [S-1-5-21-910591887-2798395287-988946140-1001] => localhost:8080
Tcpip\Parameters: [DhcpNameServer] 62.220.18.8 89.246.64.8
Tcpip\..\Interfaces\{2D354F33-412B-4746-916B-D93389455A7C}: [DhcpNameServer] 192.168.1.250
Tcpip\..\Interfaces\{5DAF830A-DF25-4C60-9337-70381CE34126}: [DhcpNameServer] 62.220.18.8 89.246.64.8

Internet Explorer:
==================
HKU\S-1-5-21-910591887-2798395287-988946140-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-910591887-2798395287-988946140-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-13] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll => Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-13] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll => Keine Datei
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-02-01] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll Keine Datei

FireFox:
========
FF ProfilePath: C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 [2017-03-25]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> Bing
FF Homepage: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> hxxps://www.bing.com/
FF Session Restore: Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279 -> ist aktiviert.
FF Extension: (NoScript) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-20]
FF Extension: (Adblock Plus) - C:\Users\Mandragora\AppData\Roaming\Mozilla\Firefox\Profiles\ipe6xzgc.default-1423484530279\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: (PDF Architect Converter For Firefox) - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-25] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-08] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-02-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default [2016-05-20]
CHR Extension: (Google Docs) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-20]
CHR Extension: (Google Drive) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-20]
CHR Extension: (YouTube) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20]
CHR Extension: (Google Mail) - C:\Users\Mandragora\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-20]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 c2cautoupdatesvc; "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [X]
S2 c2cpnrsvc; "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-26] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-26] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-26] (Malwarebytes)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-26 09:15 - 2017-03-26 09:19 - 00022595 _____ C:\Users\Mandragora\Desktop\FRST.txt
2017-03-26 00:13 - 2017-03-26 00:17 - 00000000 ____D C:\AdwCleaner
2017-03-26 00:11 - 2017-03-26 00:04 - 01663904 _____ (Malwarebytes) C:\Users\Mandragora\Desktop\JRT.exe
2017-03-26 00:11 - 2017-03-26 00:03 - 04031440 _____ C:\Users\Mandragora\Desktop\AdwCleaner_6.044.exe
2017-03-25 18:16 - 2017-03-25 19:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-25 18:14 - 2017-03-25 19:35 - 00000000 ____D C:\Users\Mandragora\Desktop\mbar
2017-03-25 18:12 - 2017-03-25 18:08 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Mandragora\Desktop\mbar-1.09.3.1001.exe
2017-03-25 17:45 - 2017-03-21 15:31 - 02424832 _____ (Farbar) C:\Users\Mandragora\Desktop\FRST64bit.exe
2017-03-25 17:25 - 2017-03-25 17:25 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-25 09:44 - 2017-03-25 09:57 - 00000000 ____D C:\Users\TEMP
2017-03-24 22:58 - 2017-03-24 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 22:51 - 2017-03-24 22:51 - 00000000 ____D C:\Program Files (x86)\ESET
2017-03-24 22:43 - 2017-03-24 22:50 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\AVAST Software
2017-03-24 22:39 - 2017-03-24 22:40 - 00219870 _____ C:\TDSSKiller.3.1.0.12_24.03.2017_21.39.23_log.txt
2017-03-24 21:17 - 2017-03-25 17:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-24 21:17 - 2017-03-25 17:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-24 20:37 - 2017-03-24 18:46 - 02870984 _____ (ESET) C:\Users\Mandragora\Desktop\esetsmartinstaller_deu.exe
2017-03-22 00:58 - 2017-03-26 09:15 - 00000000 ____D C:\FRST
2017-03-21 16:55 - 2017-03-21 17:12 - 00218608 _____ C:\TDSSKiller.3.1.0.12_21.03.2017_15.55.26_log.txt
2017-03-21 16:54 - 2017-03-21 16:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Mandragora\Desktop\tdsskiller.exe
2017-03-21 15:14 - 2017-03-26 09:19 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-21 15:14 - 2017-03-26 09:14 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-21 15:14 - 2017-03-26 09:14 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-21 15:14 - 2017-03-26 09:14 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-21 15:14 - 2017-03-21 15:44 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-21 15:13 - 2017-03-21 15:13 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-21 15:13 - 2017-03-21 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-21 15:13 - 2017-03-21 15:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-21 15:13 - 2017-02-24 07:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-20 16:11 - 2017-03-20 16:11 - 00000000 ____D C:\Users\Mandragora\Documents\Uru Live
2017-03-20 16:07 - 2017-03-20 16:07 - 00001640 _____ C:\Users\Mandragora\.recently-used.xbel
2017-03-14 13:15 - 2017-03-14 19:46 - 00000000 ____D C:\Users\Mandragora\Desktop\ebayFotos
2017-03-11 01:17 - 2017-03-11 01:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-26 09:16 - 2016-02-06 18:41 - 00000000 ___RD C:\Users\Mandragora\Dropbox
2017-03-26 09:16 - 2012-01-06 20:50 - 00000000 ____D C:\ProgramData\clear.fi
2017-03-26 09:15 - 2016-06-04 16:21 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Telegram Desktop
2017-03-26 09:14 - 2016-02-06 18:35 - 00001218 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-03-26 09:14 - 2015-08-16 09:04 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-26 09:13 - 2013-06-13 10:32 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2017-03-26 09:13 - 2013-06-02 22:42 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-03-26 09:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-26 00:21 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-26 00:21 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-25 19:42 - 2016-02-06 18:35 - 00001222 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-03-25 19:36 - 2016-11-19 10:36 - 00000000 ____D C:\Users\Mandragora\AppData\LocalLow\Mozilla
2017-03-25 17:42 - 2013-04-17 08:42 - 00000000 ____D C:\ProgramData\Avira
2017-03-25 17:38 - 2013-04-17 08:47 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Avira
2017-03-25 17:31 - 2016-10-26 12:28 - 00000000 ____D C:\Users\Mandragora\Desktop\MA
2017-03-25 17:30 - 2012-01-07 17:29 - 00000000 ___RD C:\Users\Mandragora\Desktop\Studium
2017-03-25 09:56 - 2011-11-03 04:28 - 00699682 _____ C:\Windows\system32\perfh007.dat
2017-03-25 09:56 - 2011-11-03 04:28 - 00149790 _____ C:\Windows\system32\perfc007.dat
2017-03-25 09:56 - 2009-07-14 07:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-25 09:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-03-25 09:49 - 2015-07-18 17:32 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-03-25 00:36 - 2014-08-04 13:57 - 00000000 ___RD C:\Users\Mandragora\Desktop\AW
2017-03-24 22:58 - 2016-02-06 18:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 22:39 - 2015-02-09 12:25 - 970902040 _____ C:\Windows\ntbtlog.txt
2017-03-24 21:09 - 2016-11-18 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-24 21:09 - 2012-04-22 22:56 - 00000000 ____D C:\ProgramData\ICQ
2017-03-24 20:43 - 2012-01-08 03:19 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Adobe
2017-03-21 18:17 - 2013-05-29 15:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\vlc
2017-03-21 15:13 - 2012-01-06 19:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-21 15:05 - 2016-11-18 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-03-21 15:05 - 2012-05-08 12:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-20 16:10 - 2015-08-04 19:53 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uru Live
2017-03-20 16:08 - 2012-02-20 00:46 - 00000000 ____D C:\Users\Mandragora\.gimp-2.6
2017-03-20 16:07 - 2012-02-20 00:48 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\gtk-2.0
2017-03-20 16:07 - 2012-01-06 18:29 - 00000000 ____D C:\Users\Mandragora
2017-03-16 20:01 - 2016-02-29 23:18 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\avidemux
2017-03-16 14:14 - 2016-11-25 23:50 - 00000000 ___RD C:\Users\Mandragora\Desktop\Fragmente der Erinnerung
2017-03-15 12:02 - 2013-03-19 11:31 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-15 12:02 - 2013-03-19 11:31 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-15 12:02 - 2013-03-19 11:31 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-15 12:02 - 2011-08-12 09:32 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-15 12:02 - 2011-08-12 09:32 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-12 13:49 - 2014-08-18 19:35 - 00000132 _____ C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2017-03-11 21:55 - 2016-01-15 22:42 - 00000000 ____D C:\Users\Mandragora\AppData\Roaming\TS3Client
2017-03-09 23:13 - 2016-02-06 18:35 - 00000000 ____D C:\Users\Mandragora\AppData\Local\Dropbox
2017-03-07 22:44 - 2013-04-09 16:18 - 00000000 ___RD C:\Users\Mandragora\Desktop\ALEA
2017-03-07 00:07 - 2014-03-04 16:02 - 00004096 ____H C:\Users\Mandragora\AppData\Local\keyfile3.drm

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-06-02 05:21 - 2010-06-02 05:21 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1078962 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1397830 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0179133 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0133103 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046010 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0695865 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1606039 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0195766 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0151225 _____ () C:\Program Files (x86)\APR2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0096817 _____ () C:\Program Files (x86)\APR2007_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0053302 _____ () C:\Program Files (x86)\APR2007_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1350542 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1077644 _____ () C:\Program Files (x86)\Aug2005_d3dx9_27_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0182903 _____ () C:\Program Files (x86)\AUG2006_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0137235 _____ () C:\Program Files (x86)\AUG2006_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0087142 _____ () C:\Program Files (x86)\AUG2006_xinput_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0046058 _____ () C:\Program Files (x86)\AUG2006_xinput_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0852286 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0796867 _____ () C:\Program Files (x86)\AUG2007_d3dx10_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1800160 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1708152 _____ () C:\Program Files (x86)\AUG2007_d3dx9_35_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0198096 _____ () C:\Program Files (x86)\AUG2007_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0153012 _____ () C:\Program Files (x86)\AUG2007_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0867612 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0849167 _____ () C:\Program Files (x86)\Aug2008_d3dx10_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1794084 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 1464672 _____ () C:\Program Files (x86)\Aug2008_d3dx9_39_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0121772 _____ () C:\Program Files (x86)\Aug2008_XACT_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0092996 _____ () C:\Program Files (x86)\Aug2008_XACT_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271412 _____ () C:\Program Files (x86)\Aug2008_XAudio_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0271038 _____ () C:\Program Files (x86)\Aug2008_XAudio_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0919044 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0900598 _____ () C:\Program Files (x86)\Aug2009_D3DCompiler_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3112111 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 3319740 _____ () C:\Program Files (x86)\Aug2009_d3dcsx_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0232635 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0192131 _____ () C:\Program Files (x86)\Aug2009_d3dx10_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0136301 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0105044 _____ () C:\Program Files (x86)\Aug2009_d3dx11_42_x86.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0930116 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x64.cab
2010-06-02 05:21 - 2010-06-02 05:21 - 0728456 _____ () C:\Program Files (x86)\Aug2009_d3dx9_42_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122408 _____ () C:\Program Files (x86)\Aug2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093106 _____ () C:\Program Files (x86)\Aug2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273264 _____ () C:\Program Files (x86)\Aug2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272642 _____ () C:\Program Files (x86)\Aug2009_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1357976 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1079456 _____ () C:\Program Files (x86)\Dec2005_d3dx9_28_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0212807 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0191720 _____ () C:\Program Files (x86)\DEC2006_d3dx10_00_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1571154 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1574376 _____ () C:\Program Files (x86)\DEC2006_d3dx9_32_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0192475 _____ () C:\Program Files (x86)\DEC2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0145599 _____ () C:\Program Files (x86)\DEC2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0089944 _____ (Microsoft Corporation) C:\Program Files (x86)\DSETUP.dll
2010-06-02 05:22 - 2010-06-02 05:22 - 1801048 _____ () C:\Program Files (x86)\dsetup32.dll
2010-06-02 05:22 - 2010-06-02 05:22 - 0042410 _____ () C:\Program Files (x86)\dxdllreg_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0537432 _____ () C:\Program Files (x86)\DXSETUP.exe
2010-06-02 05:22 - 2010-06-02 05:22 - 0094011 _____ () C:\Program Files (x86)\dxupdate.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1247499 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1013225 _____ () C:\Program Files (x86)\Feb2005_d3dx9_24_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1362796 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1084720 _____ () C:\Program Files (x86)\Feb2006_d3dx9_29_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0178359 _____ () C:\Program Files (x86)\Feb2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0132409 _____ () C:\Program Files (x86)\Feb2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0194675 _____ () C:\Program Files (x86)\FEB2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0147983 _____ () C:\Program Files (x86)\FEB2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054678 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0020713 _____ () C:\Program Files (x86)\Feb2010_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122446 _____ () C:\Program Files (x86)\Feb2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093180 _____ () C:\Program Files (x86)\Feb2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0276960 _____ () C:\Program Files (x86)\Feb2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277191 _____ () C:\Program Files (x86)\Feb2010_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1336002 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1064925 _____ () C:\Program Files (x86)\Jun2005_d3dx9_26_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0180785 _____ () C:\Program Files (x86)\JUN2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0133671 _____ () C:\Program Files (x86)\JUN2006_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0699044 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0698472 _____ () C:\Program Files (x86)\JUN2007_d3dx10_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607774 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1607286 _____ () C:\Program Files (x86)\JUN2007_d3dx9_34_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197122 _____ () C:\Program Files (x86)\JUN2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0152909 _____ () C:\Program Files (x86)\JUN2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0867828 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0849919 _____ () C:\Program Files (x86)\JUN2008_d3dx10_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1792608 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1463878 _____ () C:\Program Files (x86)\JUN2008_d3dx9_38_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055154 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021905 _____ () C:\Program Files (x86)\JUN2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121054 _____ () C:\Program Files (x86)\JUN2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093128 _____ () C:\Program Files (x86)\JUN2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269628 _____ () C:\Program Files (x86)\JUN2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0269024 _____ () C:\Program Files (x86)\JUN2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0944460 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0931471 _____ () C:\Program Files (x86)\Jun2010_D3DCompiler_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0752783 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0762188 _____ () C:\Program Files (x86)\Jun2010_d3dcsx_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0235955 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0197283 _____ () C:\Program Files (x86)\Jun2010_d3dx10_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138205 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0109445 _____ () C:\Program Files (x86)\Jun2010_d3dx11_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0937246 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0768036 _____ () C:\Program Files (x86)\Jun2010_d3dx9_43_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0124596 _____ () C:\Program Files (x86)\Jun2010_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093686 _____ () C:\Program Files (x86)\Jun2010_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0277338 _____ () C:\Program Files (x86)\Jun2010_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0278060 _____ () C:\Program Files (x86)\Jun2010_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0844884 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0818260 _____ () C:\Program Files (x86)\Mar2008_d3dx10_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1769862 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1443282 _____ () C:\Program Files (x86)\Mar2008_d3dx9_37_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0055058 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021867 _____ () C:\Program Files (x86)\Mar2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0122336 _____ () C:\Program Files (x86)\Mar2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0093734 _____ () C:\Program Files (x86)\Mar2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0251194 _____ () C:\Program Files (x86)\Mar2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0226250 _____ () C:\Program Files (x86)\Mar2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1067160 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1040745 _____ () C:\Program Files (x86)\Mar2009_d3dx10_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1973702 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1612446 _____ () C:\Program Files (x86)\Mar2009_d3dx9_41_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054600 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021298 _____ () C:\Program Files (x86)\Mar2009_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121506 _____ () C:\Program Files (x86)\Mar2009_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092740 _____ () C:\Program Files (x86)\Mar2009_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0275044 _____ () C:\Program Files (x86)\Mar2009_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273018 _____ () C:\Program Files (x86)\Mar2009_XAudio_x86.cab
2013-06-26 18:03 - 2014-07-18 13:57 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2010-06-02 05:22 - 2010-06-02 05:22 - 0864600 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0803884 _____ () C:\Program Files (x86)\Nov2007_d3dx10_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1802058 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1709360 _____ () C:\Program Files (x86)\Nov2007_d3dx9_36_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0046144 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0018496 _____ () C:\Program Files (x86)\NOV2007_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0196762 _____ () C:\Program Files (x86)\NOV2007_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0148264 _____ () C:\Program Files (x86)\NOV2007_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0994154 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0965421 _____ () C:\Program Files (x86)\Nov2008_d3dx10_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1906878 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1550796 _____ () C:\Program Files (x86)\Nov2008_d3dx9_40_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0054522 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0021851 _____ () C:\Program Files (x86)\Nov2008_X3DAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0121794 _____ () C:\Program Files (x86)\Nov2008_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0092684 _____ () C:\Program Files (x86)\Nov2008_XACT_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0273960 _____ () C:\Program Files (x86)\Nov2008_XAudio_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0272611 _____ () C:\Program Files (x86)\Nov2008_XAudio_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0086037 _____ () C:\Program Files (x86)\Oct2005_xinput_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0045359 _____ () C:\Program Files (x86)\Oct2005_xinput_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1412902 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 1127217 _____ () C:\Program Files (x86)\OCT2006_d3dx9_31_x86.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0182361 _____ () C:\Program Files (x86)\OCT2006_XACT_x64.cab
2010-06-02 05:22 - 2010-06-02 05:22 - 0138017 _____ () C:\Program Files (x86)\OCT2006_XACT_x86.cab
2014-08-18 19:35 - 2017-03-12 13:49 - 0000132 _____ () C:\Users\Mandragora\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2015-08-23 15:33 - 2015-08-23 15:33 - 0001456 _____ () C:\Users\Mandragora\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2014-03-04 16:02 - 2017-03-07 00:07 - 0004096 ____H () C:\Users\Mandragora\AppData\Local\keyfile3.drm
2016-03-16 12:30 - 2016-03-16 12:30 - 0007597 _____ () C:\Users\Mandragora\AppData\Local\Resmon.ResmonCfg
2011-11-02 20:03 - 2011-11-02 20:05 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll


Einige Dateien in TEMP:
====================
2013-01-29 00:20 - 2013-01-29 00:20 - 0248008 _____ (Ask.com) C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
2012-01-06 19:04 - 2012-01-06 19:04 - 3486088 _____ (Ask) C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
2005-10-18 23:47 - 2005-10-18 23:47 - 0733184 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRun.exe
2012-01-07 00:41 - 2005-10-10 23:32 - 0573440 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\AutoRunGUI.dll
2013-10-07 13:40 - 2014-08-05 11:01 - 0000000 ____D () C:\Users\Mandragora\AppData\Local\Temp\avgnt.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 0255072 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Mandragora\AppData\Local\Temp\avguidx.dll
2015-11-12 19:15 - 2015-11-12 19:15 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BingSvc.exe
2015-05-01 00:06 - 2015-11-12 19:15 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcProcessor.exe
2015-05-01 00:06 - 2015-11-12 19:15 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\BSvcUpdater.exe
2012-01-06 19:03 - 2012-01-06 19:03 - 0334848 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\BunndleOfferManager.dll
2012-10-10 20:53 - 2012-10-10 20:53 - 4720736 _____ () C:\Users\Mandragora\AppData\Local\Temp\CommonInstaller.exe
2014-07-16 11:24 - 2014-07-16 11:24 - 0026936 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x64.dll
2014-07-16 11:24 - 2014-07-16 11:24 - 0028984 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\DseShExt-x86.dll
2012-04-08 11:39 - 2012-04-08 11:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\EADEB76.exe
2012-02-02 12:32 - 2007-06-03 22:59 - 0879688 _____ () C:\Users\Mandragora\AppData\Local\Temp\EAInstall.dll
2012-02-02 12:37 - 2005-10-18 23:47 - 0339968 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\eauninstall.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU17A7.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2BB3.exe
2001-10-11 13:01 - 2001-10-11 13:01 - 4091904 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU2E80.DLL
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU41B.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU4A4.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBU524.exe
2001-09-29 03:30 - 2001-09-29 03:30 - 0483386 ____N (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\EBUEF0.exe
2012-01-18 23:44 - 2004-08-18 10:33 - 1453843 ____R (Macromedia, Inc.) C:\Users\Mandragora\AppData\Local\Temp\First15.exe
2013-03-19 11:34 - 2013-03-19 11:34 - 16486616 _____ (Adobe Systems Incorporated) C:\Users\Mandragora\AppData\Local\Temp\fp_pl_pfs_installer.exe
2012-01-06 20:04 - 2012-01-06 20:04 - 3763360 _____ (Adobe Systems, Inc.) C:\Users\Mandragora\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
2012-02-02 12:32 - 2007-06-03 22:59 - 0109640 _____ (Microsoft Corporation) C:\Users\Mandragora\AppData\Local\Temp\GameuxInstallHelper.dll
2015-02-09 12:41 - 2005-09-18 15:52 - 0073728 _____ (Electronic Arts Inc.) C:\Users\Mandragora\AppData\Local\Temp\Harry Potter and the Goblet of Fire_uninst.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 0163936 _____ () C:\Users\Mandragora\AppData\Local\Temp\MachineIdCreator.exe
2014-01-19 18:59 - 2003-10-06 20:59 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\MakeFilesHidden.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 12143200 _____ () C:\Users\Mandragora\AppData\Local\Temp\oi_{58DB1360-58CA-435F-A459-597FDDFC2474}.exe
2014-01-19 18:59 - 2003-10-06 20:58 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\OpenTxtFile.exe
2012-03-26 20:14 - 2012-03-26 20:14 - 14763880 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_413e.exe
2013-04-02 13:43 - 2013-04-02 13:43 - 14809416 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_5fe.exe
2012-03-09 16:53 - 2012-03-09 16:53 - 14739304 _____ (Google Inc.) C:\Users\Mandragora\AppData\Local\Temp\PicasaUpdater_7759.exe
2014-11-08 10:33 - 2015-01-25 22:19 - 0553984 _____ () C:\Users\Mandragora\AppData\Local\Temp\Quarantine.exe
2014-08-04 13:43 - 2014-08-04 13:42 - 0111104 _____ () C:\Users\Mandragora\AppData\Local\Temp\readSTILog.dll
2014-07-16 11:24 - 2014-07-16 11:24 - 0032568 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-win32.dll
2014-07-16 11:24 - 2014-07-16 11:24 - 0032056 _____ (TuneUp Software) C:\Users\Mandragora\AppData\Local\Temp\SDShelEx-x64.dll
2014-01-19 18:59 - 2003-10-06 20:57 - 0016384 _____ () C:\Users\Mandragora\AppData\Local\Temp\ShellEx.exe
2012-06-07 19:00 - 2014-08-12 21:21 - 35595360 _____ (Skype Technologies S.A.) C:\Users\Mandragora\AppData\Local\Temp\SkypeSetup.exe
2015-05-03 21:39 - 2015-05-03 21:40 - 36124056 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011080.exe
2015-11-04 19:52 - 2015-11-04 19:53 - 39228760 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34011541.exe
2017-02-28 10:16 - 2017-02-28 10:18 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34013494.exe
2016-03-25 12:19 - 2016-03-25 12:21 - 40830448 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34015287.exe
2016-08-09 11:11 - 2016-08-09 11:11 - 42463240 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34018299.exe
2016-06-30 18:47 - 2016-06-30 18:48 - 41478784 _____ (Digital Wave Ltd                                            ) C:\Users\Mandragora\AppData\Local\Temp\tmd_34019719.exe
2012-10-10 20:53 - 2012-10-10 20:53 - 8212064 _____ () C:\Users\Mandragora\AppData\Local\Temp\ToolbarInstaller.exe
2009-03-28 23:08 - 2009-03-28 23:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Mandragora\AppData\Local\Temp\UninstallEADM.dll
2012-01-18 23:44 - 2004-08-18 10:34 - 0023040 ____R () C:\Users\Mandragora\AppData\Local\Temp\VP6Install.exe
2012-01-18 23:44 - 2004-08-18 10:34 - 0442368 ____R (On2.com) C:\Users\Mandragora\AppData\Local\Temp\VP6VFW.dll
2012-01-06 19:04 - 2012-01-06 19:05 - 13657088 _____ (Bunndle, Inc.) C:\Users\Mandragora\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-17 13:24

==================== Ende von FRST.txt ============================
         


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (26-03-2017 09:20:46)
Gestartet von C:\Users\Mandragora\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-01-06 16:29:27)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-910591887-2798395287-988946140-500 - Administrator - Disabled)
Gast (S-1-5-21-910591887-2798395287-988946140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-910591887-2798395287-988946140-1003 - Limited - Enabled)
Mandragora (S-1-5-21-910591887-2798395287-988946140-1001 - Administrator - Enabled) => C:\Users\Mandragora
UpdatusUser (S-1-5-21-910591887-2798395287-988946140-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Alice: Madness Returns (HKLM-x32\...\Steam App 19680) (Version:  - Spicy Horse Games)
Antichamber (HKLM\...\Steam App 219890) (Version:  - Alexander Bruce)
Antichamber (HKLM\...\UDK-03d800e5-0cb9-4097-934c-b65f9cb978bc) (Version:  - Epic Games, Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.10.150607 - )
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Blender (HKLM\...\{3ABDE236-0A3F-4D0D-BECB-DB67EE21C593}) (Version: 2.77.0 - Blender Foundation)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Die Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
Discord (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper 2) (Version:  - )
Electronic Arts Product Registration (HKLM-x32\...\InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}) (Version: 1.01.0000 - Electronic Arts)
Electronic Arts Product Registration (x32 Version: 1.01.0000 - Electronic Arts) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 8.0.6.3_WHQL (HKLM\...\Elantech) (Version: 8.0.6.3 - ELAN Microelectronic Corp.)
EXMARaLDA 1.9 (HKLM-x32\...\EXMARaLDA_is1) (Version:  - Thomas Schmidt, Kai Woerner, Timm Lehmberg, Hanna Hedeland)
f.lux (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\Flux) (Version:  - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 52.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 de)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
Myst Online: Uru Live (remove only) (HKLM-x32\...\MOUL) (Version:  - )
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8942 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8942 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\QuickTime) (Version:  - )
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
realMyst (HKLM-x32\...\Steam App 63600) (Version:  - Cyan Worlds)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Rememoried (HKLM\...\Steam App 368450) (Version:  - Vladimir Kudelka)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Sony PC Companion (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
Telegram Desktop version 1.0.14 (HKU\S-1-5-21-910591887-2798395287-988946140-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.0.14 - Telegram Messenger LLP)
Trillian (HKLM-x32\...\Trillian) (Version:  - Cerulean Studios, LLC)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version:  - )
Uru - Ages Beyond Myst (HKLM-x32\...\Uru - Ages Beyond Myst) (Version: 1.0.0.0 - ubi.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 4.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1074EB25-B430-4337-BA99-EEC5ED58CBB7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-24] (CyberLink)
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe  <==== ACHTUNG
Task: {2D840F2C-F801-4B70-B60B-2B3C0FC281EE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {38AB495B-06AD-4576-8F08-654CE683FB3B} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {41B2EC03-DD3F-40AE-B427-53CEF1552856} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {44A38F1C-2804-49F0-9E90-23FC769A4071} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {506E0C36-3A40-4735-8DD9-7330B66DDA22} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe 
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe  <==== ACHTUNG
Task: {6B062F60-CC7C-4344-85C3-F16FCC7A2A61} - System32\Tasks\AdobeAAMUpdater-1.0-acerAspire-Mandragora => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)
Task: {814DE142-C4AB-4762-8098-81B792BBC521} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {93F5ED5B-41F9-4C81-9D19-7811DFACCE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-24] (CyberLink Corp.)
Task: {CF89131E-D69D-4419-A8BE-F322CF3AA529} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {EDC0473E-1B12-4AE5-975B-09C5E538A8C3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-06] (Dropbox, Inc.)
Task: {F3A3CC50-29C6-4F72-8778-6C8980DF0411} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Meine Websites auf MSN\target.lnk -> hxxp://www.msnusers.co

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-08-15 18:59 - 2013-06-21 12:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-21 15:13 - 2017-02-24 07:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 15:13 - 2017-02-24 07:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2011-08-12 09:37 - 2011-06-10 19:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-03 06:27 - 2013-09-03 06:27 - 04689312 _____ () C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\AMocWrapper.dll
2014-12-25 12:15 - 2015-06-10 11:13 - 00113024 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2012-01-05 15:22 - 2012-01-05 15:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 15:22 - 2012-01-05 15:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-24 19:03 - 2011-08-24 19:03 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-12-25 12:15 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2014-12-25 12:15 - 2015-10-20 18:44 - 00242176 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2017-03-24 22:57 - 2017-03-21 20:06 - 00842560 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-03-24 22:58 - 2017-02-28 22:49 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-03-24 22:58 - 2017-02-28 22:49 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-03-24 22:58 - 2017-02-28 22:49 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-03-24 22:58 - 2017-02-28 22:50 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-03-24 22:58 - 2017-02-28 22:49 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-03-24 22:57 - 2017-02-28 22:49 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-03-24 22:57 - 2017-02-28 22:50 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-03-24 22:57 - 2017-02-28 22:49 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-03-24 22:58 - 2017-02-28 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-03-24 22:57 - 2017-02-28 22:49 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-03-24 22:57 - 2017-02-28 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-24 22:58 - 2017-02-28 22:51 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-03-24 22:58 - 2017-02-28 22:50 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-03-24 22:57 - 2017-03-21 20:09 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-03-24 22:57 - 2017-02-28 22:47 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-03-24 22:57 - 2017-03-21 20:09 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-03-24 22:58 - 2017-03-21 20:10 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-03-24 22:57 - 2017-02-28 22:56 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-03-24 22:57 - 2017-02-28 22:56 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-03-24 22:57 - 2017-03-21 20:10 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-03-24 22:58 - 2017-02-28 22:52 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-03-24 22:58 - 2017-03-21 20:10 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-24 22:57 - 2017-03-21 20:10 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2014-10-25 12:07 - 2014-10-25 12:07 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-08-12 08:58 - 2011-04-30 09:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Users\Mandragora\Desktop\MA:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1525.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL1723.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL2518.tmp:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Mandragora\Desktop\~WRL3615.tmp:com.dropbox.attributes [168]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-910591887-2798395287-988946140-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mandragora\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 62.220.18.8 - 89.246.64.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{8D117281-4ECC-4D19-9A59-9498F7049ABB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C0DE20F1-3440-46BD-9197-A8685EB04C4B}] => (Allow) LPort=2869
FirewallRules: [{14C5742C-BF4C-4731-812B-14F870F6F9A2}] => (Allow) LPort=1900
FirewallRules: [{D8793EF8-B554-4D44-8902-432762F4DFA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4080E16E-1E76-4968-B921-5DF209A535C7}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{E80B59D9-F81C-4F5F-8292-2C812AC1E6F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9285B7C0-4A2C-4D66-B888-7007B8F102A4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{9F1855DD-5903-48DF-BE88-6208B718D06C}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{A0EB8BE4-5FA2-4789-B8CB-383F57867C70}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{D4315AE7-D9C3-4EEE-AB80-92E6DFDDDCA2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{1BA4D3BD-94CE-4217-903C-31389FABCAE4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{90EA422D-F8D3-45AF-9245-892B2C136ED2}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{BE9A9460-6078-437A-A167-90F2C5E501BC}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{D976413F-D66E-417A-BB73-4CC8CEB44FF8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{C6452A2D-E8E1-4C9E-80D9-7AC71E440F7F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{2CC2C2BA-03D8-4D03-99FC-FB0BDF2F23C6}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [UDP Query User{8FCC3D8A-EE00-451F-AF68-EAFCF22F6825}C:\program files (x86)\trillian\trillian.exe] => (Allow) C:\program files (x86)\trillian\trillian.exe
FirewallRules: [TCP Query User{27B2111E-D0DF-4697-8FD6-B51EAC1A1C67}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [UDP Query User{F2849A07-BE71-47A6-8473-77BF115418C4}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{4535CEA3-CC0E-4AC7-815A-C086DB030FD5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5AA8A058-2530-4203-AC67-7A983D159AA4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{F938FAA4-2AF2-489A-ABE2-1CB0C89F0884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B0640F3D-0672-4696-8C7D-DAC1642D5189}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A933A339-8EF5-4CE4-AB80-B7120D8AD34D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{96EF1256-DD44-456A-BEB3-4FCA497F5F4D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5F34E618-2483-4E2D-9B56-753A6B271719}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{641A77A7-ECBE-424F-AB5F-1156DA6330FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{402BA76D-02C5-458E-BB2E-C60036F5D793}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1F7841DF-8A25-40E3-9544-3107E0620873}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EFF70E2A-C1E2-4D17-9B12-860F82A572CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{F3E2C821-CD8E-4A6B-AEBD-EC97AEDEEDBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\RealMYST.exe
FirewallRules: [{04E0FF11-3A03-4908-98D7-8AAD30B2F09E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{D92D7B03-6763-4DAB-AE0E-68EC21C36650}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Real Myst\realMYSTSetup.exe
FirewallRules: [{7EDD9AA7-2FDD-4C1B-8F90-B505CF9A2877}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{86A9C794-2D65-4423-B45C-7C01B99D4606}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{798A6D6F-CBCC-47EF-8ED6-075942B1E1EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{38E294B4-31CC-4F35-8B5A-7EEF3EEB3D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alice Madness Returns\Binaries\Win32\AliceMadnessReturns.exe
FirewallRules: [{91AA941D-965F-4FDB-A9D1-BCE8FA795C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{901FE775-BE28-4B27-84E6-1870E7C69FF6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{01431CD5-4F5B-484F-8F1F-99D9228C496E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{3C658FEC-5396-454A-92FF-0E2A08A29295}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{466A95DE-0CA3-4A02-9014-F26D2E11A26E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{B2221D6B-A8BD-4BB1-8422-005277358460}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rememoried\rememoried.exe
FirewallRules: [{D6220000-49CE-4ED3-AFDF-4A0CE797458D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Wiederherstellungspunkte =========================

02-03-2017 12:53:33 Windows Update
10-03-2017 13:51:12 Windows Update
17-03-2017 13:20:57 Windows Update
26-03-2017 00:18:35 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/26/2017 09:14:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/26/2017 12:08:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 06:12:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\Bereinigung\Tools\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 06:11:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 05:45:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 05:40:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 05:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 05:22:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.

Error: (03/25/2017 04:05:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "E:\esetsmartinstaller_deu.exe". Fehler in
Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (03/25/2017 04:02:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Ereignisfilter mit Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" nicht reaktiviert werden aufgrund des Fehlers 0x80041003. Ereignisse können nicht durch diesen Filter geschickt werden, bis dieses Problem gelöst ist.


Systemfehler:
=============
Error: (03/26/2017 09:13:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/26/2017 09:13:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/26/2017 12:19:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/26/2017 12:06:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/26/2017 12:06:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 06:11:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 06:11:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 05:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 05:39:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call Updater" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.

Error: (03/25/2017 05:27:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Skype Click to Call PNR Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Das System kann die angegebene Datei nicht finden.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3947.86 MB
Verfügbarer physikalischer RAM: 1464.53 MB
Summe virtueller Speicher: 7893.93 MB
Verfügbarer virtueller Speicher: 5488.56 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:116.84 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1BCD5BD1)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 27.03.2017, 09:42   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
BootExecute: autocheck autochk * sdnclean64.exe
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe  <==== ACHTUNG
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe  <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
C:\Windows\System32\Tasks\Safer-Networking
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\ProgramData\Avira
C:\Users\Mandragora\AppData\Roaming\Avira
C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2017, 10:57   #15
Hexx_
 
Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Standard

Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail



Ist ja wirklich interessant, dass immer noch Rückstände von AVG und Avira vorhanden waren...

Übrigens bekam ich jetzt schon öfter die Meldung vom Benutzerkontrollzentrum, die ich bestätigen sollte. Die Meldung betrifft den Java Auto Updater (jucheck.exe -auto -critical). Ich habe bisher auf Nein geklickt, weil ich nicht weiß, was dieses -critical bedeuten soll.


Hier das Fixlog von FRST:

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-03-2017
durchgeführt von Mandragora (27-03-2017 10:45:30) Run:1
Gestartet von C:\Users\Mandragora\Desktop
Geladene Profile: Mandragora & UpdatusUser (Verfügbare Profile: Mandragora & UpdatusUser)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
BootExecute: autocheck autochk * sdnclean64.exe
Task: {2D04712F-98CD-45EC-A93C-81AF858F27D8} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe  <==== ACHTUNG
Task: {6A3DD29B-BD60-4503-A9F0-18B4D91C6762} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe  <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{318023F6-4FD5-4611-89E9-5A252D90EADF}.exe <==== ACHTUNG
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{45DFFD60-1D41-40D0-971D-C88323D70DA7}.exe <==== ACHTUNG
C:\Windows\System32\Tasks\Safer-Networking
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Spybot - Search & Destroy
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\ProgramData\Avira
C:\Users\Mandragora\AppData\Roaming\Avira
C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll
C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe
C:\Users\Mandragora\fbchathistory.dat
C:\Users\Public\AlexaNSISPlugin.3912.dll
emptytemp:
         
*****************

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D04712F-98CD-45EC-A93C-81AF858F27D8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D04712F-98CD-45EC-A93C-81AF858F27D8} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A3DD29B-BD60-4503-A9F0-18B4D91C6762} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A3DD29B-BD60-4503-A9F0-18B4D91C6762} => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_HP_rmv => Schlüssel erfolgreich entfernt
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => erfolgreich verschoben
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => erfolgreich verschoben
C:\Windows\System32\Tasks\Safer-Networking => erfolgreich verschoben
C:\Program Files (x86)\Spybot - Search & Destroy 2 => erfolgreich verschoben
C:\ProgramData\Spybot - Search & Destroy => erfolgreich verschoben
"C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job" => nicht gefunden.
"C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job" => nicht gefunden.
C:\ProgramData\Avira => erfolgreich verschoben
C:\Users\Mandragora\AppData\Roaming\Avira => erfolgreich verschoben
C:\Users\Mandragora\AppData\Local\Temp\AskSLib.dll => erfolgreich verschoben
C:\Users\Mandragora\AppData\Local\Temp\asktoolbar.exe => erfolgreich verschoben
C:\Users\Mandragora\fbchathistory.dat => erfolgreich verschoben
C:\Users\Public\AlexaNSISPlugin.3912.dll => erfolgreich verschoben

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 323550662 B
Java, Flash, Steam htmlcache => 40043642 B
Windows/system/drivers => 1746134052 B
Edge => 0 B
Chrome => 14641954 B
Firefox => 382748910 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 98654064 B
systemprofile32 => 840035 B
LocalService => 0 B
NetworkService => 1068694 B
UpdatusUser => 0 B
Mandragora => 5525388215 B
UpdatusUser => 0 B

RecycleBin => 1513492765 B
EmptyTemp: => 9 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 10:50:49 ====
         

Antwort

Themen zu Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail
adware, antivir, antivirus, avg, avira, browser, converter, cpu, desktop, dllhost.exe, error, flash player, google, helper, home, internet, kaspersky, launch, mp3, problem gelöst, realtek, registry, safer networking, server, services.exe, software, super, system, trojaner, windows



Ähnliche Themen: Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail


  1. Windows 7 - Fund "Adware.ChinAd" durch Malwarebytes
    Log-Analyse und Auswertung - 18.03.2017 (19)
  2. "Windows 7 Reperatur" Popups in Chrome und "Browsing Secure" in der Programmliste - Adware?
    Log-Analyse und Auswertung - 27.01.2016 (8)
  3. Phishing Mail Amazon geöffnet und Link "gedrückt", dadurch schädliche Software eingefangen?
    Log-Analyse und Auswertung - 15.07.2015 (5)
  4. Trojaner "c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.06.2015 (16)
  5. Windows7 (64bit) : "Ads by TheTorntvs V11-1" Adware-Infektion
    Plagegeister aller Art und deren Bekämpfung - 26.02.2015 (11)
  6. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  7. Windows 7: AVScan positiv auf "ADWARE/Downware.AA.3" und "TR/Dropper.Gen"
    Log-Analyse und Auswertung - 16.06.2014 (23)
  8. Windows 7: Adware/Pop-Ups durch "iminent" bzw. "Free M4a to MP3 Converter"
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (13)
  9. "service(at)paypal.de" verschickt phishing-mail
    Überwachung, Datenschutz und Spam - 05.01.2014 (4)
  10. Bluescreen beim Enfernen von "ADWARE/BProtector.E" durch Avira Antivir
    Log-Analyse und Auswertung - 08.12.2013 (9)
  11. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  12. CPU-Auslastung 100% durch sychost.exe -> sehr lahmer PC (->plötzlich) - "ADWARE/Adppeeps.A" gefunden
    Log-Analyse und Auswertung - 14.11.2013 (1)
  13. Windows 8: "TR/Crypt.XPACK.Gen2" / "ADWARE/Amonetize.U.3"
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (9)
  14. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  15. Phishing mail von "paypal"
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  16. Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM
    Log-Analyse und Auswertung - 01.09.2011 (31)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail - Liebes Team, am Dienstag hat sich mein Laptop durch Öffnen des zip-Anhangs einer Phishing-Mail mit Adware und vermutlich Trojanern infiziert. Symptome kann ich nicht beschreiben, da ich den PC recht - Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail...
Archiv
Du betrachtest: Windows 7: Infektion mit "Adware Chin.Ad" durch Phishing-Mail auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.