Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden (https://www.trojaner-board.de/183394-pc-gehackt-worden-trojaner-multiinjector-a-rfn-neurevt-gefunden.html)

Lumis 06.12.2016 23:42
PC ist gehackt worden und Trojaner Multiinjector.A!rfn und Neurevt gefunden
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo zusammen,
das ich Trojaner habe, habe ich erst am Samstag gemerkt, als ich plötzlich Bestätigungsmails über Käufe mittels Paypal erhielt, die nicht von mir waren. Es wurde Guthaben für eine Spieleplattform erworben. Paypal teilte mir später mit, dass die Käufe mit meiner IP (!) getätigt wurden.

Mein PC wird von McAffee Livesafe und gültigem Abo "gesichert", wurde auch davon gescannt, aber nichts gefunden. Ich installierte Microsoft Security Essentials, welches im Schnelltest die Trojaner Multiinjector.A!rfn und Neurevt fand. Ich ließ diese vom Programm löschen (ich finde leider kein Log-File) und machte einen Screenshot. Später sah ich, dass bei Neurevt "nicht gefunden" stand. Er hat wahrscheinlich seine Position verändert.

Nachdem mein PC heute kaum zum Laufen zu bringen war (und im Online-Monitor der Fritz Box 7490 unerklärliche Datenmengen sendete und empfing) habe ich mich intensiver mit dem Thema befasst und erkannt, dass ich wohl früher Profis hätte zur Rate ziehen sollen.

Er funktioniert jetzt soweit, ich schreibe auch von diesem Rechner und im Moment sendet er auch keine unerklärlichen Daten. Das heißt nichts, ich weiss.

Sorry, dass ich die Logs aus FRS anhängen musste, ich habe es hier mit # im Editor versucht, aber in der Vorschau wurde das nicht getrennt voneinander angezeigt.

Ich danke Euch schon einmal recht herzlich für Eure Hilfe!

Grüße,

Lumis

Edit: ich habe auch Addition.txt hochgeladen, es erscheint aber nicht. Habe ich etwas falsch gemacht?

cosinus 07.12.2016 15:42
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Lumis 07.12.2016 17:26
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-12-2016
durchgeführt von Lutz (06-12-2016 22:36:44)
Gestartet von C:\Users\Lutz\Desktop\Fliegen
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-02 18:09:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3438443834-875338260-1882614465-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3438443834-875338260-1882614465-1004 - Limited - Enabled)
Gast (S-1-5-21-3438443834-875338260-1882614465-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3438443834-875338260-1882614465-1002 - Limited - Enabled)
Lutz (S-1-5-21-3438443834-875338260-1882614465-1000 - Administrator - Enabled) => C:\Users\Lutz

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
6500_E709_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
A2A Wings of POWER 3 Spitfire (HKLM-x32\...\A2A Wings of POWER 3 Spitfire) (Version:  - )
Accu-Sim for the WoP3 Spitfire (HKLM-x32\...\Accu-Sim for the WoP3 Spitfire) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player Packages (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Adobe Flash Player Packages) (Version:  - ) <==== ACHTUNG
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.72.0.337 - Innovative Solutions)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus X (HKLM-x32\...\{2336573C-3213-48AA-A306-8309BA9BD92C}) (Version: 1.21 - Aerosoft)
aerosoft's - Approaching Innsbruck X (HKLM-x32\...\{70864384-DD19-44CB-A999-A917F32F623D}) (Version: 1.10 - aerosoft)
aerosoft's - Balearic Islands X for FSX (HKLM-x32\...\{04B73EB2-7538-4CC4-BBD6-5463E508B69B}) (Version: 1.01 - aerosoft)
Aerosoft's - Corfu X (HKLM-x32\...\{8A073262-FB25-4224-AE36-C2725A616E05}) (Version: 1.10 - Aerosoft)
Aerosoft's - DHC-6 Twin Otter X (HKLM-x32\...\{3A8DED06-80E7-4555-AA1F-FF4A2A4D353C}) (Version: 1.11 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.6.0.4 - aerosoft)
Aerosoft's - German Airfields 1 (HKLM-x32\...\{61C63F60-152B-4D28-B357-6DB81837FA9B}) (Version: 1.00 - Aerosoft)
Aerosoft's - German Airfields 2 (HKLM-x32\...\{1C5510F5-5452-4411-A54C-3DA055D8A793}) (Version: 1.00 - Aerosoft)
Aerosoft's - German Airfields 3 (HKLM-x32\...\{417FC1D9-A946-4638-B02C-FD9AE0E96E95}) (Version: 1.10 - Aerosoft)
aerosoft's - German Airports 2 X - FSX (HKLM-x32\...\{01C3630A-7FD2-46DF-B514-A4B829B0021A}) (Version: 1.00 - aerosoft)
aerosoft's - German Airports 3 - Bremen X (HKLM-x32\...\{C1F98ADD-81BF-45E1-A36B-515CA20B61AF}) (Version: 1.04 - aerosoft)
aerosoft's - German Airports 3 - Hamburg X (HKLM-x32\...\{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}) (Version: 1.03 - aerosoft)
Aerosoft's - HelgolandX (HKLM-x32\...\{61957FA7-34C1-4F46-871C-A0FD49848832}) (Version: 1.00 - Aerosoft)
Aerosoft's - Luxembourg Airports (HKLM-x32\...\{F293A032-EB67-4ADC-8646-F1AA7F9E0143}) (Version: 3.01 - Aerosoft)
Aerosoft's - Mallorca X Evolution - FSX (HKLM-x32\...\Mallorca X Evolution - FSX) (Version: 1.01 - Aerosoft)
aerosoft's - Mega Airport Amsterdam FSX (HKLM-x32\...\{0A297C87-BF52-43FD-AD75-EE72228E4457}) (Version: 1.04 - aerosoft)
aerosoft's - Mega Airport Barcelona X (HKLM-x32\...\{A8736347-B854-400E-A060-19321AD85B98}) (Version: 1.01 - aerosoft)
aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.01 - aerosoft)
aerosoft's - Mega Airport London Heathrow X (HKLM-x32\...\{2F4AF40B-433A-494E-BB41-816D113F32BA}) (Version: 1.10 - aerosoft)
aerosoft's - Mega Airport Stockholm Arlanda X (HKLM-x32\...\{3B6F6E35-900C-4FE3-B2F6-067443353CD1}) (Version: 1.00 - aerosoft)
Aerosoft's - MyTraffic 2013 (HKLM-x32\...\{37F50C53-EDED-4FFE-9877-532A335C5C18}) (Version: 1.00 - Aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.03 - aerosoft)
aerosoft's - OMSI 2 - Drei Generationen (HKLM-x32\...\{C88376AA-BF64-40F4-9AD6-F8A18DA394F2}) (Version: 1.00 - aerosoft)
aerosoft's - OMSI 2 - Hamburg (HKLM-x32\...\{5BF6B590-F7F5-46B5-B5F4-B0CA93423AD6}) (Version: 2.01 - aerosoft)
aerosoft's - Venice X (HKLM-x32\...\{74F493A2-1264-4BF2-A135-0184C68BD580}) (Version: 1.00 - aerosoft)
Aerosoft's - VFR Germany 2 (HKLM-x32\...\{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}) (Version: 1.00 - Aerosoft)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 173 - Abelssoft)
Any Video Converter 3.1.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Appigo Sync (HKLM-x32\...\{89A060BA-6CF3-4BDB-A94C-91C9BEF21C6A}) (Version: 1.2.0.0 - Appigo, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArcSoft MediaImpression (HKLM-x32\...\{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}) (Version: 1.2.28.567 - ArcSoft)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.63.2.50050 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.63.4 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}) (Version: 2.0.0.36 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
C64Classix (HKLM-x32\...\C64Classix) (Version:  - )
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Carenado C208B Grand Caravan (HKLM-x32\...\Carenado C208B Grand Caravan) (Version: 1.00.00.00 - Carenado)
Carenado C208B Super Cargomaster Expansion Pack HD (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Carenado C208B Super Cargomaster Expansion Pack HD) (Version:  - )
Carenado C340 II FSX (HKLM-x32\...\Carenado C340 II FSX) (Version: 1.00.00.00 - Carenado)
Carenado CT210M Centurion II FSX (HKLM-x32\...\Carenado CT210M Centurion II FSX) (Version: 1.00.00.00 - Carenado)
Carenado SR22T HD SERIES FSX/P3D (HKLM-x32\...\Carenado SR22T HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Carenado TBM850 HD SERIES FSX/P3D (HKLM-x32\...\Carenado TBM850 HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Chromium (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Chromium) (Version: 44.0.2386.0 - Chromium)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Curse Client (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.4930 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.4930 - Ihr Firmenname) Hidden
Dataplex (HKLM\...\{6AD0B283-6BDB-47C0-9728-C1BA7A83CB8A}) (Version: 1.3.0.0 - NVELO, Inc.)
Desktopicon amazon.de (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DodoSim Bell 206 FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\DodoSim Bell 206 FSX) (Version:  - )
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DORNIER 228 FSX/P3D (HKLM-x32\...\DORNIER 228 FSX/P3D) (Version: 1.0 - Carenado)
DRAGON 1.7 (HKLM-x32\...\DRAGON) (Version: 1.7 - PREPAID-USENET LIMITED)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EDEKA Foto (HKLM-x32\...\EDEKA Foto) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
EKCH Copenhagen Airport, Kastrup X (HKLM-x32\...\{9D5BFBF1-EB38-4AE1-A833-4F564B999CE3}) (Version: 2.0 - Scansim)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Elite Dangerous Launcher version 0.4.5499.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.5499.0 - Frontier Developments)
Empire: Total War (HKLM\...\Steam App 10500) (Version:  - The Creative Assembly)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
European Ship Simulator (HKLM-x32\...\Steam App 299250) (Version:  - Excalibur)
EVE Online (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\{e9a55721-260b-4e0e-99ed-977140edf3ef}) (Version: 1.0.0 - CCP)
Fahrzeit Vol.1 'Metronom Frühschicht' 1.0 (HKLM-x32\...\ABFE3B59-DCAA-4EF5-82D5-5A07FE08E789_is1) (Version: 1.0 - 3DZUG)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Flight1 ATR 72-500 for FSX (Includes SP1) (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Flight1 ATR 72-500 for FSX (Includes SP1)) (Version:  - )
Flight1 Citation Mustang (HKLM-x32\...\f1mustang_FSX) (Version: 1.01 - Flight One Software)
Flight1 Downloader (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Flight1 Downloader) (Version:  - )
FMW 1 (Version: 1.143.1 - AVG Technologies) Hidden
Fokker 70-100 FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Fokker 70-100 FSX) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.9.37.426 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}) (Version: 3.0.89.14 - Fresco Logic Inc.)
FSXFollow 1.1 (HKLM-x32\...\FSXFollow) (Version: 1.1 - PositionGames)
Fw190A (HKLM-x32\...\Fw190A) (Version:  - )
Glary Utilities 5.6 (HKLM-x32\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 5.0.000 - Abelssoft)
Grob SPn ---  rel. 3.00 (HKLM-x32\...\Grob SPn ---  rel. 3.00) (Version:  - )
Grob SPn --- UPDATE to rel. 3.1.1 (HKLM-x32\...\Grob SPn --- UPDATE to rel. 3.1.1) (Version:  - )
Guardian Of Data v2.2 (HKLM-x32\...\Guardian Of Data_is1) (Version:  - ASCOMP Software GmbH)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Officejet 6500 E709 Series (HKLM\...\{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}) (Version: 14.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iFunbox (v1.95.901.639), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v1.95.901.639 - )
Inkscape 0.48.1  (HKLM-x32\...\Inkscape) (Version: 0.48.1 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Interaktive Sprachreise - Español Sprachkurs 1 (HKLM-x32\...\ISRS1_15_676867) (Version:  - digital publishing AG)
Iomega QuikProtect (HKLM\...\Iomega QuikProtect) (Version: 1.3.4.19745 - EMC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JFritz 0.7.5 Rev. 1 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version:  - JFritz Team)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - JMicron Technology Corp.)
Just Flight - Phenom 100 for FSX (HKLM-x32\...\{C6A0A43F-EBBA-4A32-BFE2-01BA3CFCD26C}) (Version: 1.00.0000 - Just Flight)
JustFlight DC-3 Legends of Flight (HKLM-x32\...\JustFlight DC-3 Legends of Flight) (Version:  - )
Kernel Outlook PST Viewer ver 10.09.01 (HKLM-x32\...\Kernel Outlook PST Viewer_is1) (Version:  - Nucleus Data Recovery .com)
Lanikai (64-bit) (3.1.1) (HKLM-x32\...\Lanikai (64-bit) (3.1.1)) (Version: 3.1.1 (en-US) - Mozilla)
LenovoEMC Storage Manager (HKLM\...\LenovoEMC Storage Manager) (Version: 1.4.3.9580 - EMC)
LFKJ Ajaccio Napoleon Bonaparte (HKLM-x32\...\LFKJ_AJACCIO_NAPOLEON_BONAPARTE_is1) (Version: 1.0.0.0 - SimMarket)
Live 8.2.6 (HKLM-x32\...\Live 8.2.6) (Version:  - )
Live Lite 4 for M-Audio 4.0.4 (HKLM-x32\...\Live Lite 4 for M-Audio 4.0.4) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.79 (HKLM\...\Logitech Gaming Software) (Version: 8.79.77 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
MAGIX 3D Maker (embedded MSI) (HKLM-x32\...\{2D266DB5-0C7E-45D3-939E-79DD342EC081}) (Version: 6.0.0.10 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf CD & DVD 9 (HKLM-x32\...\MAGIX_MSI_Fotos_auf_CD_DVD_9) (Version: 9.0.4.4 - MAGIX AG)
MAGIX Fotos auf CD & DVD 9 (x32 Version: 9.0.4.4 - MAGIX AG) Hidden
MAGIX Online Druck Service (HKLM-x32\...\{9BA2456A-EBDD-4B22-B379-80785D465517}) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{9BB8F86C-A246-4D3E-9EF5-1117CE67C6F4}) (Version: 6.0.1.4 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{DA6B1FF0-27E8-4272-8D06-37C53FCFD507}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus Sonderedition (HKLM-x32\...\MAGIX_{E41712A1-DEEB-4D10-BCF1-046BA0611F94}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Plus Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
MAGIX Web Designer 6 (HKLM-x32\...\MAGIX_MSI_Web_Designer_6) (Version: 6.0.1.14443 - MAGIX AG)
MAGIX Web Designer 6 (x32 Version: 6.0.1.14443 - MAGIX AG) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.164 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MilViz - Northrop T-38 Talon (HKLM-x32\...\MilViz - Northrop T-38 Talon1.1 Full) (Version: 1.1 Full - The SW)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Net View (HKLM-x32\...\{7F9C9908-69E3-4474-A081-256F27995A18}) (Version: 1.0.12.0 - Western Digital)
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
NeoSetup Updater (HKLM-x32\...\RPD_is1) (Version: 3.9.0.0 - Innovative Solutions)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nokia Connectivity Cable Driver (HKLM-x32\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 3.1.1.78 - Nokia)
Nokia Ovi Suite (x32 Version: 3.1.1.78 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM-x32\...\{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}) (Version: 02.07.004.45780 - Nokia Corporation)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Orbiter 2010-P1 (HKLM-x32\...\{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}) (Version: 1.1.0.0 - Martin Schweiger)
Ovi Desktop Sync Engine (x32 Version: 1.5.266.0 - Nokia) Hidden
OviMPlatform (x32 Version: 2.7.72.0 - Nokia) Hidden
PA-28-181 ARCHER II FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\PA-28-181 ARCHER II FSX) (Version:  - )
PA28RT ARROW IV FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\PA28RT ARROW IV FSX) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Phoenix R/C® (HKLM-x32\...\PhoenixRC) (Version: 5.0.v - Runtime Games Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.6.0.118 - Pinnacle Systems)
Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
PMB-Aktualisierungsprogramm (HKLM-x32\...\{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}) (Version: 5.6.01.03300 - Sony Corporation)
PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.)
PMDG744X_GE_AF (HKLM-x32\...\{70D78DCD-8369-4857-BFEF-021C9899DA75}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_GE_BR2 (HKLM-x32\...\{4A7EA2A2-221D-437C-8727-B033E6679124}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_GE_LH (HKLM-x32\...\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_GE_OZ2 (HKLM-x32\...\{4DA93734-2293-4016-B8B9-720BDEBFCD80}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_PW_FJ2 (HKLM-x32\...\{F66D065A-162C-4539-84BB-9A8B51BAEAD9}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_PW_IB (HKLM-x32\...\{1D67FB28-58DA-4425-B426-99E894468197}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_PW_KA (HKLM-x32\...\{1681B05D-683B-422B-9565-98B1DBF29713}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_RR_QF (HKLM-x32\...\{EC65FAF7-F12F-4C81-9E9D-2FE1115CFBA9}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744XF_GE_BRF (HKLM-x32\...\{1AF39B3E-954C-4ADB-BD31-D29F653D4B22}) (Version: 1.00.0000 - Precision Manuals Development Group)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pro Evolution Soccer 2015 (HKLM\...\Steam App 287680) (Version:  - KONAMI Digital Entertainment)
Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - Slightly Mad Studios)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Quick Startup 5.3.1.96 (HKLM-x32\...\Quick Startup) (Version: 5.3.1.96 - Glarysoft Ltd)
Real Environment Xtreme + Overdrive (HKLM-x32\...\{256FA569-AAAA-43D5-B1D8-57406A9D3A9A}) (Version: 2.5.2010.1027 - Real Environment Simulations, Inc.)
RealDownloader (x32 Version: 18.1.3.103 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.58.411.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
RollerCoaster Tycoon World (HKLM\...\Steam App 282560) (Version:  - Nvizzio Creations)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samplitude Music Studio 17 (HKLM-x32\...\MAGIX_MSI_ms17dlx) (Version: 17.0.0.0 - MAGIX AG)
Samplitude Music Studio 17 (x32 Version: 17.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2013 (HKLM-x32\...\MAGIX_{C02AB3DD-D476-4EF0-B59B-D4D58A71A5F9}) (Version: 19.0.0.10 - MAGIX AG)
Samplitude Music Studio 2013 (Version: 19.0.0.10 - MAGIX AG) Hidden
Samplitude Music Studio 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Screenshot Captor 3.03.01 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Secure Eraser v4.0 (HKLM-x32\...\Secure Eraser_is1) (Version:  - ASCOMP Software GmbH)
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.0.1 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.0.1 - Shark007)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis Games)
SiSoftware Sandra Lite 2012.SP5c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 18.74.2012.10 - SiSoftware)
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Soccer Manager 2016 (HKLM-x32\...\Steam App 407120) (Version:  - Soccer Manager Ltd)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Spotify (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SRWare Iron Version SRWare Iron 21.0.1200.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 21.0.1200.0 - SRWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
supra IPCam (HKLM-x32\...\{B0024EE6-6018-4FD6-BC5C-DFE6F0375A95}) (Version: 1.8.4.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Train Fever (HKLM-x32\...\Steam App 304730) (Version:  - Urban Games)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - Dovetail Games)
TransOcean - The Shipping Company (HKLM-x32\...\Steam App 289930) (Version:  - Deck 13 Hamburg)
Treiber-Studio 2013 (HKLM\...\{7BD95F83-10BC-43FB-9654-D1702EC2B555}) (Version: 8.0.415 - Publish Data)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.45 - TuneUp Software) Hidden
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.2.880 - PCTV Systems)
TwonkyMedia (HKLM-x32\...\TwonkyMediaTwonkyMedia) (Version: 6.0.39.0 - PacketVideo)
UK2000 Gatwick Xtreme FSX  (HKLM-x32\...\UK2000 Gatwick Xtreme FSX) (Version: 3.00 - UK2000 Scenery)
Ultimate Terrain X - Europe (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Ultimate Terrain X - Europe) (Version:  - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB Media Adaptor for Microsoft Windows (HKLM-x32\...\USB Media Adaptor) (Version:  - )
Vasco da Gama 5 HDPro (HKLM-x32\...\{067D2172-F8F3-477D-B4EE-0B0AA967D544}) (Version: 5.20.0000 - MotionStudios)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 1.5.658.56 - Vivaldi)
Vivaldi (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Vivaldi) (Version: 1.1.453.52 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
vShare.tv plugin 1.3 (HKLM-x32\...\vShare.tv plugin) (Version: 1.3 - vShare.tv, Inc.) <==== ACHTUNG
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Watermark Image software version 1.9.9.3 (HKLM-x32\...\Watermark Image_is1) (Version:  - )
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WD Quick View (HKLM-x32\...\{19A2103A-A588-421C-B4CD-30E02FA401A3}) (Version: 1.6.3.4 - Western Digital)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 1.6.1 (HKLM-x32\...\Wireshark) (Version: 1.6.1 - The Wireshark developer community, hxxp://www.wireshark.org)
Wise Folder Hider 1.53 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 1.53 - WiseCleaner.com, Inc.)
WoLoSoft SuperEdi 4.3.1 (HKLM-x32\...\SuperEdi_is1) (Version: 4.3.1 - WoLoSoft International)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xtreme FSX PC 2.8.0.0 (HKLM-x32\...\Xtreme FSX PC) (Version: 2.8.0.0 - FSPS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{04d81769-8002-4b11-b48d-3e6c2c21a025}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{05bc9a36-21d8-486e-a2dc-b4f063a56008}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{084ab9bc-d32b-4c22-b969-60e2a16868e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{09a35d61-ec85-4aa1-8b3e-b392a5966344}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1185dfb4-b03c-42ab-93e9-5006faf85fea}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{191fb2f6-c15d-4a75-ad24-e87d987f6b72}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{19d01be8-cdd7-47e9-81cc-ca4e868b59ee}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1aaf5769-b4d7-4e4a-9178-a1b2ee412d05}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1d47af89-1345-463f-b6f7-fc7bf23b754e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{214ace60-285c-4524-b7aa-c699e724b8d2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{21760e92-8a0f-4f01-ba84-e745e9d34115}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{24d6a94c-110d-43c3-8c8b-441aa3cae286}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{26f62c12-38d0-4cb3-88d2-c774961c6704}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{2787ee41-647c-4ed9-95f5-fb01f7ca5098}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{4274700d-5697-4158-87a0-915d3583633e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{447b5088-476d-4e17-a031-d982064588c6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{4bdfd52a-c9cc-4eca-a472-529b8beed1c9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{503b8954-030c-4c02-8b7b-d22bebc05f38}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{503dfae7-19b8-4963-a9a0-2acd3598d571}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{522eb9c7-d1a2-43c7-8623-125312449816}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{62f6f3f3-39bf-4339-b385-3faa8c0859fc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{64dcd37c-6014-4dc0-9c69-02295abb2890}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6595589b-261d-4dd5-ba63-68a553e40b51}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6ac3ae6d-eb71-481d-a89d-899f46acdb0d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6ae5ef15-470d-48a2-900e-0189cdf8ffbf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6b0cdc28-f7f0-4a4f-bb2e-0176a49a06bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6c62dc8b-dcec-40e4-8a0f-9dd350e77d7b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{70226c5a-ae82-4905-b186-01ada693a175}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{79bd353f-6e09-4e70-9a97-4c71711033b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{79c83bfb-366f-4baf-b017-454cf8dff90a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c3d3156-bd5c-445f-bac2-4756e374c11b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c55d38c-f135-43bc-aa33-459c3086755e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c8c38d6-5814-4d2a-a012-eb989e2efb37}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{8d179a5a-3950-4e8f-a9e8-2149b702fcf1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{8fe16fc5-40dc-487b-bb9a-d3b66acc0cf3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{908cc787-3106-48d6-8921-a09b6ef98166}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{97df3c16-9ed8-47e0-a4ef-95ac48bcb88f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{9b6c38cb-cd0d-4bcc-b5b3-9d5bcc7cbfe9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a06038cd-518a-4760-aba3-5235ecd95b1d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a1ac59fb-a02d-4649-aa82-a2bc488699ce}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a2e43181-a9e6-400e-97dc-82e244c18f85}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a761a701-af33-4805-970d-a17db83d6535}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ab6c9590-0341-4941-bd9e-83baa685cf1f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ad7a45fc-f682-44a4-82e0-d6d8a728a016}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b60e8a40-e50b-4830-bbda-94e237749874}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b618d331-3a28-426b-be3e-9a2c04a8d2b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b8e490ae-be4e-487d-9339-d78d6d7f3739}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b997f64d-91ca-4cf2-a128-dafaba1dacf2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b9ef413a-5682-4f47-a938-75d8b52c4595}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ba7f4f0b-a36b-4b15-b3a1-3bb6c8da4390}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ba9284d1-4dff-4065-8f31-0dc741a720ce}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{bd37d3c7-fcd6-40fc-936a-341ea3a36357}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{be989282-1c1e-4515-868a-317f33eda17f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{c6765c7b-394f-4b94-8774-5a2ab413856f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{cc2029a1-a1ba-43a1-97eb-8c4791053181}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{cc6dff49-7a5d-4e6c-a742-2f0d0e4504d2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{dcd01d5c-81ce-4f2f-9eee-c625a5d3a70b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e22e6d55-df7d-430c-9a6e-a521877d9e63}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e3e74351-b8bb-4a14-bfe3-9cd2ce280618}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e92f2613-fd44-4bf2-88b9-aa488cd881bb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ef715f28-ee88-452a-9bef-566124e936cf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{f3a433b0-9802-4841-93ae-5e578b1673d0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {06C7574E-7E73-4F47-A2EA-2FFABECD4ADE} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {07996DB4-129C-4F75-8158-B9DD98DFB6F1} - System32\Tasks\{1FEE1EFD-5BE9-480F-AF0C-C2C0344A1630} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {09AFD1CB-746B-4985-922F-D35A1B9E6BF8} - System32\Tasks\{22C953FD-90E9-4CE8-B2B3-82E6D793B2AB} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-05-17] (Skype Technologies S.A.)
Task: {09D74595-A61D-461B-9B6F-59BBC7160D58} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {1940FF79-2C54-4203-AEA4-AF07AE78A871} - System32\Tasks\{3EE7C121-4A7B-49B0-9D74-44D92D444EA4} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {233C5B3D-EE00-46E3-B5C0-3B0D10D1D996} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-13] (Adobe Systems Incorporated)
Task: {24721D18-852B-4F33-B2E5-D6AE4315700A} - System32\Tasks\{467E043D-D2B3-489B-B92A-9F0CB6FEDD64} => pcalua.exe -a "C:\Program Files (x86)\OkayFreedom\setuptool.exe" -d "C:\Program Files (x86)\OkayFreedom"
Task: {2890947D-296B-4C10-B39C-06038784272F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-08-18] (Glarysoft Ltd)
Task: {2E03AD65-6C75-416C-AF13-B819AC01C819} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {300C1EA2-E9FE-40F2-A858-2FCD59C8D95A} - System32\Tasks\{75A6B6D7-647D-42F5-A293-5D4420F57EF7} => pcalua.exe -a C:\Users\Lutz\Downloads\vcredist_x64(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3E0BA044-717C-44CA-A230-C0A0E9608558} - System32\Tasks\{E8789EBD-96FE-4E00-9384-33F050458B82} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\uncommonvalor.exe
Task: {414D97F2-E33D-4B2F-91C7-9D2337326F5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {460FB276-EBCC-4B2A-9F06-DFB8741E6DEE} - System32\Tasks\{037ED4FC-AEDC-4B7F-8659-7E4E99BB364E} => pcalua.exe -a C:\Users\Lutz\Downloads\Fokker70-100-SP2.exe -d C:\Users\Lutz\Downloads
Task: {4A9A0799-E4E3-4231-B666-8BBC87ABD1D8} - System32\Tasks\{2191C3FC-2D8A-4319-B8E3-6E81637CB2F4} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\uncommonvalor.exe
Task: {4BCC6BD6-C99A-4544-9757-C9CEEE48F0CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {4EAB6E52-8128-49B4-BF0C-C378A0C28527} - System32\Tasks\{38597039-AE79-46D8-925F-8E2B6093EEF8} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {5013F281-F998-4854-BC2D-6E164B066060} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {53C06319-69AF-4FBA-95AE-9066890ACEF1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {591975F3-49FE-4E98-8748-54E977FE5BBD} - System32\Tasks\NeoSetup Updater => C:\Program Files (x86)\Innovative Solutions\NeoSetup Updater\NeoSetup_Updater.exe [2015-06-26] (Innovative Solutions)
Task: {6147FA48-9E89-41B3-852E-511278DE3F1A} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-08-18] (Glarysoft Ltd)
Task: {6B3E7727-BF5E-4A6F-97FB-C9027C2AA286} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18] (ArcSoft Inc.)
Task: {6DDA85FF-A476-4586-856D-EDEDBBD7E173} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {71A76E68-95C5-4547-82C6-AF23D822412E} - System32\Tasks\{6121CC0B-6581-489E-908C-3F0450821362} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {7A2F978F-3368-4426-BF80-F531EC961C83} - System32\Tasks\InstallShield Update Service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-17] (InstallShield Software Corporation)
Task: {837D85D4-21E4-4F2D-8D11-B9ED717BD77B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {8F74DB31-DA82-4889-BCF7-B08E5DD2705A} - System32\Tasks\{434EC527-19D8-4152-AAE0-EAADDABFA758} => pcalua.exe -a C:\Users\Lutz\Downloads\setup.exe -d C:\Users\Lutz\Downloads
Task: {8FBAD392-F023-4AD8-8256-06BA4AC4D2E8} - System32\Tasks\{41D0D454-F664-4B57-927A-8D7434112D05} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\Temp1_um304x86.zip\um304x86\setup.exe <==== ACHTUNG
Task: {940424C1-22E3-4D2C-AE92-DCCF1EDEBC96} - System32\Tasks\{0DF8895D-E20F-4191-9EA0-500C282D8D76} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {97294692-DF92-4376-91AB-73DC9957A794} - System32\Tasks\{AC696D6F-E62F-448A-BE83-794BD22DDB39} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {97DC5329-4509-4BEB-A8DF-1E2CB824EDE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {990B475B-9764-4149-9510-9FF97D2A6A4F} - System32\Tasks\{96C8B12C-FED4-4877-9404-AED55A581635} => pcalua.exe -a "C:\Users\Lutz\Documents\downloads\complete\carenado\PA-28-181 ARCHER II.exe" -d C:\Users\Lutz\Documents\downloads\complete\carenado
Task: {99BDBCF5-660B-41EE-8308-C2651B1D9300} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {9E9E5679-73F1-41F1-ACD5-0A94CC77FDDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {A91127AF-E844-43EF-8C95-BCEC6438FBBA} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {A9CDBCC2-49B3-41A2-BBDA-2A893398008B} - System32\Tasks\{5795B20E-DE83-4FF0-8002-72B0D065C0F4} => pcalua.exe -a F:\setup.exe -d F:\
Task: {BD49F3FF-4CE2-4708-8187-9E3968755C34} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {C1935ADB-EEDA-4DA8-913E-BD1A221A54D4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-11-25] (AVG Technologies CZ, s.r.o.)
Task: {C1F5A065-F7E5-41FD-97D8-1F2151064B79} - System32\Tasks\{E91865F8-96CE-4304-94E8-B1368CACDDD0} => pcalua.exe -a C:\Users\Lutz\Documents\downloads\complete\1330271862\wop3_p40.EXE -d C:\Users\Lutz\Documents\downloads\complete\1330271862
Task: {C9C21059-BB15-4997-80E2-A1CB1B0A9B9B} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe [2016-04-11] (Innovative Solutions)
Task: {CAF77BA2-94DF-4D2A-BCE5-854BFBA01A06} - System32\Tasks\AdobeAAMUpdater-1.0-Lutz-PC-Lutz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {CC4A0E94-5BBD-4059-8DD9-6B5709721650} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {CE12364A-0D3C-4FE1-9AA3-079D066618AA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNetworks, Inc.)
Task: {CE3E0943-434B-477F-9CCF-B55CEC295B13} - System32\Tasks\Google Update => C:\Users\Lutz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {D78CF1C2-B8A5-4D00-A1FC-A3858E6E9B24} - System32\Tasks\{80B6C8F2-C1FA-49FC-9E3D-C7BDA86F1B30} => pcalua.exe -a "H:\FSX - 747-400X v2.10.0040 - PMDG\FSX - 747-400X v2.10.0040 - PMDG\PMDG747_400_FSX.exe" -d "H:\FSX - 747-400X v2.10.0040 - PMDG\FSX - 747-400X v2.10.0040 - PMDG"
Task: {D82E5F2D-32D1-42E7-8D36-F15C0FABAE65} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)
Task: {E1AECECA-8F96-41AC-9E7B-A17247B595CC} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E53062DD-C8D1-4B82-B0BA-5982FAFEE707} - System32\Tasks\{0FE70729-25B3-4A5D-BFE2-55976F8FA017} => pcalua.exe -a F:\setup.exe -d F:\
Task: {E651F558-3D82-42FC-9A97-06C91B999198} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {ECE1E9F5-6992-431C-8A6F-D4C7BEC96619} - System32\Tasks\{574CE011-1F26-48FB-836C-A9F5EDF8BF1B} => pcalua.exe -a C:\Users\Lutz\Downloads\Diablo-III-Setup-deDE.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FB4E00C8-BC32-4129-ADD6-C99C72ED3DA4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {FBB7D511-4945-4143-9889-EAC1F3ACAA79} - System32\Tasks\{0C6B6228-F57E-42EC-A95D-E3AD20AD688C} => pcalua.exe -a "C:\Users\Lutz\Desktop\World of Warcraft Beta Setup(4).exe" -d C:\Users\Lutz\Desktop

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Lutz\Desktop\Dateien\WEB.DE.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.web.de/tb/ie_desktop_portal
ShortcutWithArgument: C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1691702640"
ShortcutWithArgument: C:\Users\Lutz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1691702640"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-10-29 00:05 - 2016-09-16 23:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-29 18:28 - 2013-10-29 18:28 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2016-03-01 17:53 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-01 17:53 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-21 18:50 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2011-05-11 18:21 - 2015-12-30 16:27 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-05-11 18:21 - 2015-12-30 16:27 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2016-02-03 18:49 - 2016-02-03 18:49 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-09-26 16:23 - 2013-03-06 13:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-03-29 20:27 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-19 21:41 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-03-31 16:29 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2016-03-13 14:15 - 2014-03-07 09:23 - 00565827 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\sqlite3.dll
2016-11-28 17:42 - 2016-11-28 17:42 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-02-03 18:49 - 2016-02-03 18:49 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-12-21 00:15 - 2010-12-21 00:15 - 01041248 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2016-11-13 12:47 - 2016-11-13 12:47 - 19640512 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll
2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\Lutz:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF [268]
AlternateDataStreams: C:\Users\Lutz\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Lokale Einstellungen:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Vorlagen:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local\Verlauf:gs5sys [1792]
AlternateDataStreams: C:\Users\Lutz\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [3074]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2016-11-23 20:54 - 00000895 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 google-analytics.com
127.0.0.1 www.google-analytics.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: BCUService => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: DokanMounter => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: JMB36X => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: QPCopyEngine => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VMCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoEMC Storage Manager.lnk => C:\Windows\pss\LenovoEMC Storage Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk => C:\Windows\pss\SetPointII.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk => C:\Windows\pss\Twonky Tray Control.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AntiBrowserSpy - BrowserMask => C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
MSCONFIG\startupreg: Badoo Desktop => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
MSCONFIG\startupreg: BCU => "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: BrowserMask => "C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" -delayed
MSCONFIG\startupreg: Corel File Shell Monitor => D:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\Lutz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: QuiKProtect => C:\Program Files\Iomega\Quikprotect\StartQuikProtect.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SOS Browser Monitor => "C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SOS_Agent => "C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe" -agent
MSCONFIG\startupreg: Spotify => "C:\Users\Lutz\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lutz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SSS2009 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SSS2009 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 11\fredirstarter.exe"
MSCONFIG\startupreg: SSS2009 HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosHotKeyService.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe
MSCONFIG\startupreg: UVS12 Preload => D:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{183864FC-C601-49A7-B3CF-E19CBB897891}] => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{39FAD13A-7155-4FF0-88C1-D4E33FDEBAD5}] => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FEFBB719-A62B-46B6-854D-98635D7CF1CA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBBAC07C-2D00-4C57-9322-EFE8E10106B2}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{94F934D9-74E5-454F-9A8A-6DDA88262FC9}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{78B041CD-E5E4-4056-97AE-EC9C6CBDC169}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{A4DCB407-4515-45BA-965B-0F696629E64D}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{E90C2F03-5C6F-4E30-82B7-5ABBA5CA6E20}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{7EED8958-3B7F-4D8B-9974-A5BF2EF2C901}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{5AC85760-EDED-4BF5-B3E5-4C836A06506C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7D30EF9B-FB83-4A9E-82A3-543B1B6DDFE9}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DF658F46-35DE-49CC-A982-6769A212CE87}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{ACF2607B-1C7D-4E88-ACE9-2880F6F8AEF5}] => C:\Program Files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [{991DD234-82CB-49D9-B3FE-D8051B990A4A}] => C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{F5922D62-93B5-47AF-AFE6-167F8F607A6D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CE206D9-6FD9-4584-B90D-59462403F013}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0BF4541-FB32-4102-9E94-C6218647E6DB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DD14BB2-8B00-412A-9A8B-27E441327A3C}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EA54779E-8533-4AB0-BF36-9CC287D4D141}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{00018741-BA45-488E-9D25-06A3F7ECDD3E}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B92FC33C-6682-4077-A98F-BE1DDAFBD5FA}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7AD07F50-745C-491D-B028-358EADCAC731}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{18F0F321-702D-4525-BA4A-C644067D541D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F731816-12B5-488E-BCA1-E2B09576ED28}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E2A9D55-9537-4B19-9F24-D742F5CF8B11}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3616504-B0D7-48D9-88A1-795EFD78F744}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E57D672-708B-4411-8952-78533B7BB23A}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16BEBC66-AE36-4BCC-9AB7-628CBC6AD0E8}] => D:\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{C77CCC54-01A8-44DA-B553-AFCC99DC5D38}] => D:\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{A26471DB-0259-4BFA-9F4E-39DB0E5C708C}] => D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE119BB2-CEF2-422F-BAA2-8830EE795E51}] => D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5A443AD9-A50B-4FA0-BD59-AAF38AC17188}] => D:\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{8B698DAD-D2CC-4B49-8E1A-FF755DD521AF}] => D:\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{78F72C60-F084-41C5-AB3E-F5F9EF0F6918}] => D:\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{44B7D166-C59E-4B93-A847-FCCD27613D6B}] => D:\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{AAE69F65-F1B4-4A87-BA8E-EC0010DE00A0}] => E:\CIV 5\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{D040F1EF-374E-4CE1-9051-A8264B7CFE97}] => E:\CIV 5\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{EDF1C4A2-D1F8-46F1-92D5-435C1FD5F80F}] => D:\Steam\SteamApps\common\OMSI 2\Omsi.exe
FirewallRules: [{01E3360E-15E4-42DB-A96D-38A8E0CE23E8}] => D:\Steam\SteamApps\common\OMSI 2\Omsi.exe
FirewallRules: [{12195342-7516-44F1-AF40-36E2102986AC}] => D:\Steam\SteamApps\common\Train Fever\TrainFever.exe
FirewallRules: [{58C09F16-6775-4581-AB7C-8128EC00D8DD}] => D:\Steam\SteamApps\common\Train Fever\TrainFever.exe
FirewallRules: [{DEC04915-1CCB-4B98-90D7-9A479F8872AB}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{47C0ABC3-9B4A-417C-B10B-CABA10CA62B9}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{667CACB5-0730-4A52-851F-F250150943BF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8C40FE4A-4266-476C-BDEC-72FD05A59718}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{182A7BE0-41D6-4DC0-B203-08FD063D2FE1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7A7B4AC7-8030-48D0-99A7-968C9884207B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A34FF7BA-1432-47AE-A1D7-33E8F49AFD53}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4ADC216-086B-43A7-9495-4C4AE28D0268}] => D:\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{D72AB6A4-F503-49FE-9C99-044D408349EB}] => D:\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{31E0A09C-AE74-4CF6-8DBD-72BE48A320B0}] => E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{7905E67F-8364-4418-91DC-255299987E1D}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{410765E6-CC8B-47AB-84E6-1725BD42C5CF}] => D:\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{0D901DAE-9977-4093-B1CE-00A444CB914B}] => D:\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{693B1927-12F7-439F-A6DB-7F2D10989BAD}] => D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{A8F1D02B-7609-4F35-B1AC-C982CAEB5B4C}] => D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{0FD2DEA8-49E9-4AEA-9475-6E874CC9A403}] => D:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{1EDAC775-C4DD-49C0-B98E-C4535DB512E6}] => D:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{741C7860-05F0-4DB0-B32F-3A9A2C1ABE7E}] => C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{CE173514-206B-497A-A31B-AFE5E5D87B22}] => D:\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{EB0A216E-194E-458F-9EEB-8E4BC0A49CA9}] => D:\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{507AFCCA-B48B-47D9-82C5-F197A4052843}] => D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{335DA974-A73A-4094-BADF-C888AA52A1CE}] => D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{63272A13-0FFB-45A3-A46C-F994C4DD7A00}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B4685677-8E59-424D-9BF3-133CD1265A3D}] => D:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{4608D19C-EB00-4DD7-874E-C76B7B16033E}] => D:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{84F51808-9DE4-4292-ACB5-15BBB37CB3A7}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4E93BACC-0494-4AAD-BCFF-A6808C947F45}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C2C0A577-FED6-4D96-933F-EC4005B7CBA9}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{389E12B1-10FC-4310-82FD-EDEBAE5CEF3C}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{CB72CD40-85F8-4EF9-896B-C251911AB396}] => C:\Program Files\Vivaldi\Application\vivaldi.exe

==================== Wiederherstellungspunkte =========================

05-12-2016 19:18:36 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AppleCharger
Description: AppleCharger
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AppleCharger
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/06/2016 09:14:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a7e4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c54f
ID des fehlerhaften Prozesses: 0xd64
Startzeit der fehlerhaften Anwendung: 0x01d24ffd55ebab9c
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung: 939d4875-bbf0-11e6-b1b8-0000001f0200

Error: (12/06/2016 09:13:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a7e4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c54f
ID des fehlerhaften Prozesses: 0x1998
Startzeit der fehlerhaften Anwendung: 0x01d24ffd41f08c7b
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung: 80df4216-bbf0-11e6-b1b8-0000001f0200

Error: (12/06/2016 08:39:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/06/2016 08:39:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:39:18 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:21:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/06/2016 08:21:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:21:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/06/2016 08:11:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/06/2016 08:11:39 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


Systemfehler:
=============
Error: (12/06/2016 09:14:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Der Server "{D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (12/06/2016 08:32:22 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AppleCharger
nvelofsfltr

Error: (12/06/2016 08:32:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/06/2016 08:32:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (12/06/2016 08:30:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AppleCharger
nvelofsfltr

Error: (12/06/2016 08:29:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/06/2016 08:29:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (12/06/2016 08:28:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎12.‎2016 um 20:26:17 unerwartet heruntergefahren.

Error: (12/06/2016 08:26:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (12/06/2016 08:25:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 16343.05 MB
Verfügbarer physikalischer RAM: 11807.58 MB
Summe virtueller Speicher: 32684.29 MB
Verfügbarer virtueller Speicher: 28241.64 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:204.98 GB) (Free:17.17 GB) NTFS
Drive d: (Volume) (Fixed) (Total:363.18 GB) (Free:16.04 GB) NTFS
Drive e: (Volume) (Fixed) (Total:363.25 GB) (Free:9.94 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5889D043)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=363.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=363.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Lumis 07.12.2016 17:27
FRST
 
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
durchgeführt von Lutz (Administrator) auf LUTZ-PC (06-12-2016 22:35:07)
Gestartet von C:\Users\Lutz\Desktop\Fliegen
Geladene Profile: Lutz (Verfügbare Profile: Lutz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Innovative Solutions) C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\Dataplex\NveloSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [nveloApp] => C:\Program Files\Dataplex\CacheFilter\nveloApp.exe [117952 2015-01-16] (Windows (R) Win 7 DDK provider)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15112312 2016-02-09] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2013-06-14] (AVM Berlin)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [] => [X]
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [37152 2014-08-20] (Glarysoft Ltd)
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [Amazon Music] => C:\Users\Lutz\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {011ac20a-306a-11e0-af04-1c6f654b6b74} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {41c17a89-40af-11e3-b040-000000360200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {41c17a9a-40af-11e3-b040-000000360200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {56da7206-883a-11e3-aa2d-000000880200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {81f25f56-ff05-11df-bc06-1c6f654b6b74} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {85f8dda4-400b-11e3-8dbc-000000210200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {ad4bb9f3-7a56-11e0-93ff-1c6f654b6b74} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {ba47202e-d852-11e3-95a1-000000520200} - G:\pushinst.exe
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acrun.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acstart.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\arcrepair.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\chrome.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\chromesetup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cyberghost.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cyberghost_6.0.3.2124.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fileencrypt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\filesplitter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hirezgamesdiagandsupport.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\integrator.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\itunes.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lenovoemcstoragemanager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mediaimpression.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\neosetup_updater.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rnxproc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rpsystray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\slideshowplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\steam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wddmstatus.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1B090B5E-27DB-4D25-9137-02111A82FE0C}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B95865FF-C877-44B8-8779-DE6FB2B89925}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{DF0F7ED1-4D85-4830-BFF3-E2526D9175AB}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E102E7EA-629C-438B-9D5C-E9260B75A44E}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F750D2D5-FD48-465B-A44E-C52A3A23968B}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FD661E04-31D3-47C1-9D98-FFDDC4CED1F5}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> {A94277E3-1076-43b3-BF3F-54D391687391} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=9f6766b7-f7fe-11e0-bf17-1c6f654b6b74&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {FD6E7837-A203-4098-9FF7-1488A50FF4EB} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151106&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {FD6E7837-A203-4098-9FF7-1488A50FF4EB} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151106&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> DefaultScope {A94277E3-1076-43b3-BF3F-54D391687391} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vit_15_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutByEyCyDtCtC0C0CyC0EtDyB0A0AyE0BtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyC0DyD0EtAtGyDyE0F0FtGtD0F0EtBtGtDtD0CtAtGyCyEyB0CzzyBtBzyyBtB0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0BtB0B0F0EtBtCtGtA0CyEzztGyE0DtB0CtG0AtAyE0CtGzy0A0A0DtByDzytC0ByE0EtB2QtN0A0LzutB%26cr%3D1097294414%26a%3Dwncy_vit_15_18%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {0048620A-CF1A-4D69-A9C5-5DA83311764F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {13DA3995-D9D0-4C53-9412-47ECD9BFC808} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://startsear.ch/?aff=1&src=sp&cf=9f6766b7-f7fe-11e0-bf17-1c6f654b6b74&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {46ACC4B2-2869-44B6-94CA-4A3F5BEE9C04} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {A94277E3-1076-43b3-BF3F-54D391687391} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_vit_15_18&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutByEyCyDtCtC0C0CyC0EtDyB0A0AyE0BtN0D0Tzu0StCtBtCzztN1L2XzutAtFtCtDtFyDtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDtDtAyC0DyD0EtAtGyDyE0F0FtGtD0F0EtBtGtDtD0CtAtGyCyEyB0CzzyBtBzyyBtB0Ezz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0BtB0B0F0EtBtCtGtA0CyEzztGyE0DtB0CtG0AtAyE0CtGzy0A0A0DtByDzytC0ByE0EtB2QtN0A0LzutB%26cr%3D1097294414%26a%3Dwncy_vit_15_18%26os%3DWindows 7 Home Premium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {CDF501C7-DA57-4305-B098-33C851941150} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {E5006287-6B48-45FF-AE9A-99C3E5BED4EE} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: IE5BarLauncherBHO Class -> {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} -> C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll [2011-09-22] (VShare Inc.)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll [2015-09-15] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Toolbar: HKLM-x32 - VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll [2011-09-22] (VShare Inc.)
Toolbar: HKU\.DEFAULT -> Kein Name - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -  Keine Datei
Toolbar: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> Kein Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  Keine Datei
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxp://dominosrv02.wm-fahrzeugteile.de/dwa85W.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-05-24] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: t3851jul.default
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3438443834-875338260-1882614465-1000\FireFox [nicht gefunden]
FF ProfilePath: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default [2016-12-06]
FF user.js: detected! => C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\user.js [2012-11-23]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t3851jul.default -> Sichere Suche
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t3851jul.default -> Sichere Suche
FF Homepage: Mozilla\Firefox\Profiles\t3851jul.default -> hxxp://heise.de/
FF Keyword.URL: Mozilla\Firefox\Profiles\t3851jul.default -> hxxp://badoo.com/startpage/?source=bsb&q=
FF Extension: (ADB Helper) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\adbhelper@mozilla.org [2016-11-03]
FF Extension: (Ghostery) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (Valence) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\fxdevtools-adapters@mozilla.org [2016-05-07]
FF Extension: (HTTPS Everywhere) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\https-everywhere-eff@eff.org.xpi [2016-12-02]
FF Extension: (Mailvelope) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2016-12-03]
FF Extension: (Garmin Communicator) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-04-28]
FF Extension: (Google Analytics Opt-out Browser Add-on) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2016-07-29]
FF Extension: (Adblock Plus) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (Bitdefender QuickScan) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-12-06]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-11-10]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\11-suche.xml [2011-12-19]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\badoo.xml [2012-12-08]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\duckduckgo.xml [2013-08-26]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\englische-ergebnisse.xml [2011-12-19]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\google-images.xml [2014-08-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\google-maps.xml [2014-08-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\startsear.xml [2011-07-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\webde-suche.xml [2011-12-19]
FF Extension: (Skype extension) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-07-05] [ist nicht signiert]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-01] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 11\pfplugin => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 11\spmplugin3 => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-08-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: (Thunderbird Address Book Synchronisation Extension) - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-07-21] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-05-28] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-08-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-08-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2015-09-15] (Perfect World Entertainment Inc)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-07-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-07-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-03-18] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3438443834-875338260-1882614465-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3438443834-875338260-1882614465-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-11-17] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-11-20] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-11-20] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2011-10-03] (vShare.tv )

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://heise.de/
CHR StartupUrls: Default -> "hxxp://heise.de/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll => Keine Datei
CHR Plugin: (vShare.tv plug-in) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll (vShare.tv )
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll (vShare.tv )
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Keine Datei
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => Keine Datei
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => Keine Datei
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll => Keine Datei
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Keine Datei
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Lutz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (OkayFreedom) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-05-09]
CHR Extension: (YouTube) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google-Suche) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech SetPoint) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-12-01]
CHR Extension: (Booking.com for Chrome™) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2015-09-17]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-04]
CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-10]
CHR Extension: (AdBlock) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-28]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-03-19]
CHR Extension: (vshare plugin) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2012-01-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Better Pop Up Blocker) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2012-03-10]
CHR Extension: (Google Mail) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-21]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [2011-08-31]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -user-agent=Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1449098014

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-19] (Adobe Systems) [Datei ist nicht signiert]
S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 ArcService; D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-09-15] (Perfect World Entertainment Inc)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-01] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-05-15] ()
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76336 2016-11-28] (CyberGhost S.R.L)
S4 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-12-02] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-12-02] (Creative Labs) [Datei ist nicht signiert]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Datei ist nicht signiert]
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064520 2016-04-11] ()
S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-02-09] (Logitech Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-10-29] ()
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 nveloSvc; C:\Windows\System32\Dataplex\nveloSvc.exe [33984 2015-01-16] (Windows (R) Win 7 DDK provider)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-13] (Electronic Arts)
S4 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-27] (LenovoEMC Ltd.)
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2015-12-30] ()
S4 QPCopyEngine; C:\Program Files\Iomega\Quikprotect\QpMonitor.exe [458240 2012-09-07] () [Datei ist nicht signiert]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S4 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-18] (RealNetworks, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4788496 2016-11-25] (AVG Technologies CZ, s.r.o.)
S4 TwonkyMedia; C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [512840 2012-02-03] (PacketVideo)
S4 TwonkyWebDav; C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe [250696 2012-02-03] ()
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-11-25] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2016-11-25] (AVG Technologies CZ, s.r.o.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-08-23] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-06-10] (AVM Berlin)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [227456 2014-04-08] (Dexetek )
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [44544 2010-04-17] (Fresco Logic)
S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1330656 2013-09-13] (AVM GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-08] (Glarysoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20672 2014-08-26] (Glarysoft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslDrv; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\MpKslDrv.sys [44928 2016-12-06] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 nvelodiskfltr; C:\Windows\System32\DRIVERS\nvelodiskfltr.sys [299712 2015-01-16] (Windows (R) Win 7 DDK provider)
S0 nvelofsfltr; C:\Windows\System32\DRIVERS\nvelofsfltr.sys [111296 2015-01-16] (Windows (R) Win 7 DDK provider)
R0 nveloportfltr; C:\Windows\System32\DRIVERS\nveloportfltr.sys [25280 2015-01-16] (Windows (R) Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 QsFsFltr; C:\Windows\System32\DRIVERS\QsFsFltr.sys [22584 2012-08-20] (Windows (R) Win 7 DDK provider)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-11-22] (Sagatek Co. Ltd.) [Datei ist nicht signiert]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 utewmzu5; C:\Windows\SysWOW64\Drivers\utewmzu5.sys [7168 2015-11-26] () [Datei ist nicht signiert]
S3 ValFltr; C:\Windows\System32\drivers\ValoFltr.sys [14720 2009-04-10] (ROCCAT Development, Inc.)
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2012-09-09] (Iomega Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 pmem; \??\C:\Users\Lutz\AppData\Local\Temp\_MEI74002\drivers\winpmem64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-06 22:34 - 2016-12-06 22:35 - 00000000 ____D C:\FRST
2016-12-06 00:51 - 2016-12-06 00:51 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\QuickScan
2016-12-05 19:15 - 2016-12-05 19:15 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-05 19:15 - 2016-12-05 19:15 - 00001912 _____ C:\Windows\epplauncher.mif
2016-12-05 19:15 - 2016-12-05 19:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-05 19:15 - 2016-12-05 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-12-05 19:14 - 2016-12-05 19:14 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2016-12-05 19:07 - 2016-12-05 19:09 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\McAfee TechCheck
2016-12-05 19:07 - 2016-12-05 19:09 - 00000000 _____ C:\Users\Lutz\Desktop\iphist.dat
2016-12-05 19:05 - 2016-12-05 19:05 - 03408408 _____ C:\Users\Lutz\Desktop\McAfee_TechCheck.exe
2016-12-05 19:02 - 2016-12-05 19:02 - 01496584 _____ C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe
2016-12-02 20:32 - 2016-12-05 20:08 - 00000000 __SHD C:\ProgramData\CPU Temp Monitor Service
2016-12-02 18:33 - 2016-12-02 18:33 - 11451644 _____ C:\Users\Lutz\Desktop\CE2300X.zip
2016-11-30 20:52 - 2016-11-30 20:52 - 00433419 ____N C:\Users\Lutz\Documents\Scan 30.11.2016, 19.14.pdf
2016-11-27 16:19 - 2016-11-27 16:19 - 00417599 _____ C:\Users\Lutz\Desktop\aktuelle-zahlen-zu-asyl-oktober-2016.pdf
2016-11-23 20:53 - 2016-11-23 20:53 - 00001079 _____ C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2016-11-23 20:53 - 2016-11-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2016-11-23 20:53 - 2016-11-23 20:53 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2016-11-20 11:57 - 2016-11-20 11:57 - 00000222 _____ C:\Users\Lutz\Desktop\Paladins.url
2016-11-19 12:20 - 2016-11-19 13:12 - 00000000 ____D C:\Users\Lutz\Documents\Overwatch
2016-11-19 10:55 - 2016-12-06 21:11 - 00000000 ____D C:\Users\Lutz\AppData\LocalLow\Mozilla
2016-11-13 23:50 - 2016-11-13 23:50 - 00000000 ____D C:\Users\Lutz\.QtWebEngineProcess
2016-11-13 23:50 - 2016-11-13 23:50 - 00000000 ____D C:\Users\Lutz\.EVE
2016-11-13 23:49 - 2016-11-13 23:49 - 00000641 _____ C:\Users\Lutz\Desktop\EVE Launcher.lnk
2016-11-13 23:49 - 2016-11-13 23:49 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE Launcher
2016-11-13 20:28 - 2016-11-13 20:28 - 08974809 _____ C:\Users\Lutz\Desktop\EVE-Online-Einsteiger-Kompendium.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-06 22:35 - 2015-06-08 18:10 - 00000000 ____D C:\Users\Lutz\Desktop\Fliegen
2016-12-06 22:34 - 2012-09-18 16:35 - 00000000 ____D C:\Users\Lutz\Desktop\Dateien
2016-12-06 22:30 - 2011-05-13 12:13 - 00000000 ____D C:\Users\Lutz\Documents\Outlook-Dateien
2016-12-06 22:03 - 2012-04-06 09:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-06 21:16 - 2016-04-27 00:12 - 00002209 _____ C:\Users\Lutz\Desktop\Vivaldi.lnk
2016-12-06 21:14 - 2016-09-20 18:00 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-06 21:14 - 2015-12-22 20:02 - 00000000 ____D C:\Users\Lutz\AppData\Local\CrashDumps
2016-12-06 21:13 - 2013-11-10 09:41 - 00000000 ____D C:\Users\Lutz\AppData\Local\F87799D3-C920-4E93-B73C-2721F6CBD519.aplzod
2016-12-06 20:45 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-06 20:45 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-06 20:39 - 2009-07-14 18:58 - 32578676 _____ C:\Windows\system32\perfh007.dat
2016-12-06 20:39 - 2009-07-14 18:58 - 10256332 _____ C:\Windows\system32\perfc007.dat
2016-12-06 20:39 - 2009-07-14 06:13 - 00007312 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-06 20:32 - 2010-12-02 19:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-06 20:32 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-06 11:14 - 2016-10-27 18:38 - 00000000 ____D C:\Users\Lutz\Desktop\Planung 2017
2016-12-06 11:13 - 2012-04-11 23:27 - 00000058 _____ C:\Users\Lutz\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2016-12-06 10:33 - 2016-10-30 09:16 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-06 10:28 - 2014-08-16 13:46 - 00000000 ____D C:\Users\Lutz\AppData\Local\Adobe
2016-12-06 10:18 - 2014-08-08 22:27 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2016-12-06 00:59 - 2014-08-08 22:27 - 00002970 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-12-06 00:59 - 2014-08-08 22:27 - 00002624 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-12-06 00:56 - 2014-01-27 18:42 - 00000000 ____D C:\Users\Lutz\AppData\Local\Battle.net
2016-12-05 23:02 - 2014-10-14 15:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-05 22:58 - 2014-08-08 22:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-12-05 20:32 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-05 19:56 - 2015-12-30 19:13 - 00002106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-12-05 19:56 - 2015-12-30 19:13 - 00002094 _____ C:\Users\Public\Desktop\Vivaldi.lnk
2016-12-05 19:56 - 2015-12-30 19:13 - 00000000 ____D C:\Program Files\Vivaldi
2016-12-05 19:54 - 2015-12-30 19:13 - 00000000 ____D C:\Users\Lutz\AppData\Local\Vivaldi
2016-12-05 19:14 - 2011-01-31 22:59 - 00000000 ____D C:\Users\Lutz\AppData\Local\Downloaded Installations
2016-12-05 19:08 - 2011-03-23 12:04 - 00000000 ____D C:\Users\Lutz\AppData\Local\Corel
2016-12-05 19:07 - 2011-03-23 12:01 - 00000000 ____D C:\Users\Lutz\Documents\My PSP Files
2016-12-04 23:02 - 2014-12-25 10:05 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-12-04 23:02 - 2011-06-22 14:52 - 00003696 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2016-12-04 21:17 - 2016-03-19 11:59 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 21:17 - 2016-03-18 22:11 - 00003422 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2016-12-04 21:17 - 2016-03-18 17:49 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 21:17 - 2016-03-18 17:49 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 18:15 - 2011-04-13 00:50 - 00000000 ____D C:\Users\Lutz\.smplayer
2016-12-04 16:12 - 2010-12-02 21:52 - 00000000 ____D C:\Users\Lutz\Documents\Flight Simulator X-Dateien
2016-12-04 12:28 - 2016-09-27 21:29 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-12-04 11:30 - 2016-10-28 23:55 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-12-04 11:18 - 2013-06-08 13:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-03 14:02 - 2016-04-14 22:25 - 00003432 _____ C:\Windows\System32\Tasks\NeoSetup Updater
2016-12-02 20:33 - 2012-05-02 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-02 20:33 - 2010-12-02 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-02 20:19 - 2016-10-28 23:55 - 00001732 _____ C:\Users\Lutz\Desktop\CyberGhost 6.lnk
2016-12-01 20:01 - 2014-08-08 22:27 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\DiskDefrag
2016-11-30 19:54 - 2012-01-25 12:00 - 00002579 _____ C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-28 18:02 - 2016-10-15 00:01 - 00000002 _____ C:\END
2016-11-25 13:45 - 2016-02-08 00:48 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-11-25 13:39 - 2016-02-16 21:39 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2016-11-25 13:39 - 2016-02-16 21:39 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2016-11-25 13:39 - 2016-02-08 00:48 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-11-25 13:39 - 2016-02-08 00:48 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-11-24 11:10 - 2016-05-03 21:10 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-24 11:10 - 2016-05-03 21:10 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-24 01:21 - 2013-06-30 15:48 - 00000000 ____D C:\Users\Lutz\AppData\Local\Ubisoft Game Launcher
2016-11-23 20:54 - 2016-05-03 21:10 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-23 20:54 - 2016-05-03 21:10 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-23 20:53 - 2014-08-11 15:54 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Abelssoft
2016-11-23 20:53 - 2010-12-03 12:39 - 00000000 ____D C:\Users\Lutz\AppData\Local\Abelssoft
2016-11-23 20:30 - 2016-10-28 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2016-11-20 11:57 - 2012-10-27 23:45 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-17 01:58 - 2010-12-03 18:39 - 00000000 ____D C:\Users\Lutz\AppData\Local\Deployment
2016-11-16 00:47 - 2015-12-09 17:18 - 00000000 ____D C:\Users\Lutz\Desktop\Planung 2016
2016-11-15 16:29 - 2016-05-03 21:11 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 16:29 - 2016-05-03 21:11 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 23:50 - 2010-12-02 19:09 - 00000000 ____D C:\Users\Lutz
2016-11-13 15:46 - 2013-07-30 22:22 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\vlc
2016-11-13 12:47 - 2012-04-06 09:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-13 12:47 - 2012-04-06 09:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-13 12:47 - 2011-11-06 22:32 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-13 12:47 - 2011-05-16 16:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-13 12:47 - 2010-12-02 21:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-10 18:13 - 2015-11-06 16:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-09 20:00 - 2015-12-07 17:10 - 00000000 ____D C:\Program Files\McAfee
2016-11-07 10:29 - 2015-09-12 11:50 - 00003816 _____ C:\Windows\System32\Tasks\InstallShield Update Service
2016-11-07 10:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\Clips
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\Cocoa
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\ColorSync
2014-12-25 11:12 - 2014-12-25 11:21 - 0000012 ____T () C:\Users\Lutz\AppData\Roaming\Samsung Magician Installer.lockfile
2012-09-11 14:31 - 2012-09-11 15:59 - 11624448 _____ () C:\Users\Lutz\AppData\Roaming\Sandra.mdb
2012-09-11 15:05 - 2012-09-11 15:05 - 0186077 _____ () C:\Users\Lutz\AppData\Local\ars.cache
2012-09-11 15:06 - 2012-09-11 15:06 - 0915999 _____ () C:\Users\Lutz\AppData\Local\census.cache
2012-04-11 23:27 - 2016-12-06 11:13 - 0000058 _____ () C:\Users\Lutz\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2011-06-13 08:00 - 2011-06-13 08:00 - 0000092 _____ () C:\Users\Lutz\AppData\Local\fusioncache.dat
2012-09-11 14:53 - 2012-09-11 14:53 - 0000036 _____ () C:\Users\Lutz\AppData\Local\housecall.guid.cache
2011-07-27 18:45 - 2013-04-07 23:06 - 0007593 _____ () C:\Users\Lutz\AppData\Local\Resmon.ResmonCfg
2013-02-22 15:28 - 2013-02-22 15:28 - 0000011 _____ () C:\ProgramData\.tv6
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Colors
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Comedy Noises
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Command Line Utility
2011-02-26 19:51 - 2011-02-26 19:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-03-23 12:03 - 2012-08-16 19:01 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-11-28 20:41 - 2012-11-28 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-11-28 20:41 - 2012-11-28 20:45 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-11-28 20:41 - 2012-11-28 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Lutz\CGWebInstall (1).exe
C:\Users\Lutz\CGWebInstall.exe


Einige Dateien in TEMP:
====================
C:\Users\Lutz\AppData\Local\Temp\1e1u1yk7ea.exe
C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
C:\Users\Lutz\AppData\Local\Temp\ii5u9sa5.exe
C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Lutz\AppData\Local\Temp\ScanBy.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-09-19 17:29

==================== Ende von FRST.txt ============================

cosinus 07.12.2016 20:12
Zitat:
Ich installierte Microsoft Security Essentials, welches im Schnelltest die Trojaner Multiinjector.A!rfn und Neurevt fand
1. sollte man nicht einfach ein AV nach dem anderen raufklatschen
2. fehlt das Log dazu, keiner kann dir was dazu sagen du nur den Schädlingsnamen nennst

POste vollständige Angaben und deinstallieren einen der beiden AVs. Ich hätte McAfee weggeschmissen uns MSE behalten.

Lumis 07.12.2016 21:21
Hallo,

1. Ich habe MSE dazu installiert, weil mir McAffee nichts angezeigt hat. Ich habe McAffee draufgelassen und parallel mit dem Support gesprochen, was aber nicht zielführend war.

MSE funktioniert leider auch nicht mehr richtig. Es bricht den Scan bei ca. 30% ab und sagt alles sei ok.

2. Ich habe gegoogelt, wie man aus MSE ein Log ausliest. Das mit der Ereignisanzeige habe ich hinbekommen, das Log zu generieren in DOS leider nicht.
Was kann ich tun?

Kannst Du mir nicht einen Virenscanner empfehlen, den ich dann installiere, scanne und davon das Log poste? Oder kann ich die Ereignisanzeige posten?

Sorry, ich bin IT-Laie. Ich habe sonst mit so etwas nichts zu tun.

Vielleicht finden wir trotzdem einen Weg?

Grüße,

Lumis

Code:
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 19:15:51
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 18:15:51.767578100 UTC
2016-12-05T18:15:51.767Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T18:15:51.783Z Trace session started - MpWppTracing-12052016-191551-00000003-ffffffff.bin
2016-12-05T18:15:51.783Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045Resetting SFCState failed with 0x80070015
2016-12-05T18:15:51.798Z New system volume cache created. TrustedUSN state is 1.**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 0
Number of invalid entries is 0
Number of inserts issued is 0
Number of replaces issued is 0
Number of insert failures is 0
Number of inserts with duplicate entries is 0
Number of lookups is 0
Number of lookup misses is 0
Number of fast lookup misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 319488
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T18:15:51.876Z Verifying RTP plugin...
2016-12-05T18:15:51.986Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll]
2016-12-05T18:15:52.017Z Loading engine...
2016-12-05T18:15:52.017Z CSignatureStatus: changed to DUE_REPORTED
2016-12-05T18:15:52.017Z Engine loaded!
2016-12-05T18:15:52.017Z Verifying license file...
2016-12-05T18:15:52.033Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll]
2016-12-05T18:15:52.033Z Product supports installmode: 0
2016-12-05T18:15:52.080Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T18:15:52.080Z Loaded module#0 MpComServer.
2016-12-05T18:15:52.080Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T18:15:52.080Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2016-12-05T18:15:54.455Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:54.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:56.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:56.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:58.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 2848
2016-12-05T18:15:58.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 2848
2016-12-05T18:15:58.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:58.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:15:58.548Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2016-12-05T18:15:58.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 2848
2016-12-05T18:15:58.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 2848
2016-12-05T18:15:58.564Z [Mini-filter] Restricted access to process 2744 from pid: 4752. Original desired access: 0x1fffff.
2016-12-05T18:16:00.470Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:16:00.470Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(0)
2016-12-05T18:16:12.455Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:12.455Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.048Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:51.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.064Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:51.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.064Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.126Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.142Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.142Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.142Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.173Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.173Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.189Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:51.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2848
2016-12-05T18:16:51.220Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:52.080Z Calling MpUpdateStart with update options = 257
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.080Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.126Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.126Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.158Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.158Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.173Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.173Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.173Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.205Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.205Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.220Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.220Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:16:58.236Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.267Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.267Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.564Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:58.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.580Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:16:58.580Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.580Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.611Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.611Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.611Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.626Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.626Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.626Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.658Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.658Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.658Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:16:58.673Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.673Z [Mini-filter] Restricted access to process 2744 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:16:58.673Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:18:51.189Z Verifying engine and signature files (source: 0) ...
2016-12-05T18:18:51.236Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll]
2016-12-05T18:18:51.345Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm]
2016-12-05T18:18:51.345Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm]
2016-12-05T18:18:51.580Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm]
2016-12-05T18:18:51.595Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm]
Database:Creating offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

Database:Product:4, ProductVersion:258, Platform:6, PlatformVersion:11, IsBeta:0, IsAdvancedAtLoad:0, IsParanoid: 0, IsOffline: 0

Database:IsEmbedded: 0, IsIEVEnabled: 1, IsServerSku: 0, IsEnterpriseProduct: 0, IsMsft: 0, IsSeville: 0, IsMba: 0, IsPus: 0, IsManaged: 0

Database:IsAutoSubmit:1, IsPusRem:0, LoadedAS:0, LoadedAV:1, LoadedInternal: 1, PassiveMode: 0, SxsPassiveMode:0, IsDevMode:0, IsTestSigning:0

Database:kLCID:1031, kOsVersion:393217, kProcessorArch:9, dwIsTest:0, kOOsVersion:393217, kOsSP:1, kOsBld:7601

2016-12-05T18:18:57.001Z Initializing MPUT in engine...
2016-12-05T18:18:57.001Z MPUT initialized in the engine successfully
2016-12-05T18:18:57.033Z CSignatureStatus: back to good
2016-12-05T18:18:57.033Z Initializing RTP plugin state...
2016-12-05T18:18:57.033Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,0,0
  Proc:0,0,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:15028
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:6
  TotalStreamCon:3535
  NTFS Cache Statistics:
  TotalMisses:13154
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

Signature updated on 12-05-2016 19:18:57
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
2016-12-05T18:18:57.064Z Process scan (postsignatureupdatescan) started.
2016-12-05T18:18:59.048Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:18:59.064Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:01.064Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:01.064Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:03.064Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:03.064Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:05.064Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:05.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:07.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:07.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:09.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:09.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T18:19:10.283Z Verified [C:\Windows\Temp\2C2C208E-B229-4511-AE50-D7A0BBABAA68-Sigs\gapaengine.dll]
2016-12-05T18:19:10.283Z Verified [C:\Windows\Temp\2C2C208E-B229-4511-AE50-D7A0BBABAA68-Sigs\nisbase.vdm]
2016-12-05T18:19:10.298Z Verified [C:\Windows\Temp\2C2C208E-B229-4511-AE50-D7A0BBABAA68-Sigs\nisfull.vdm]
2016-12-05T18:19:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:19:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-05T18:19:11.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:11.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Signature updated via MicrosoftUpdateServer on 12-05-2016 19:19:11
************************************************************
2016-12-05T18:19:13.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:13.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T18:19:22.080Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2016-12-05T18:19:22.126Z [Mini-filter] Restricted access to process 4664 from pid: 7156. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Persist, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T18:19:48.580Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:19:48.580Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:19:48.580Z [Mini-filter] Restricted access to process 4664 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T18:20:03.720Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:20:03.720Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Persist, sigseq=0x0000376121A2F41C, signame=ALFPER:HSTR/ATuneUpPf, cached=false, resource="\\?\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T18:20:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.548Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.548Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:20:10.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.564Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:20:10.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.564Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2848
2016-12-05T18:20:10.611Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.611Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.611Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:20:10.642Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.642Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.642Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T18:20:10.673Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.673Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.673Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:20:10.689Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.689Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:20:10.689Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Begin Resource Scan
Scan ID:{BE08F640-564C-46E7-8B59-C7229592A923}
Scan Source:7
Start Time:12-05-2016 19:20:03
End Time:12-05-2016 19:20:33
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2120,ProcessStart:131254344193437500
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3344,ProcessStart:131254344203837890
Explicit resource to scan
Resource Schema:process
Resource Path:pid:6516,ProcessStart:131254352790341796
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2120,ProcessStart:131254344193437500
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:6516,ProcessStart:131254352790341796
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Result Count:8
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:15490869229661454334
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:6516,ProcessStart:131254352790341796
Extended Info:40956872578181
Unknown File
Identifier:12270248892783656958
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2120,ProcessStart:131254344193437500
Extended Info:9223502295520413380
Unknown File
Identifier:4443369305966379006
Number of Resources:2
Resource Schema:process
Resource Path:pid:2120,ProcessStart:131254344193437500
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
Unknown File
Identifier:7106473450117529598
Number of Resources:3
Resource Schema:process
Resource Path:pid:6516,ProcessStart:131254352790341796
Extended Info:0
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\D406DAFC-378F-DA13-57D0-4776FF63C75A_1d24fed712062e7"
2016-12-05T18:20:38.580Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{B1B7A701-41E8-4356-941D-BE55B18952DD}
Scan Source:7
Start Time:12-05-2016 19:20:53
End Time:12-05-2016 19:20:59
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\D406DAFC-378F-DA13-57D0-4776FF63C75A_1d24fed712062e7
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:15715452438209101822
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAMDATA\MICROSOFT\Microsoft Antimalware\Scans\FilesStash\F0EE3506-ADEB-E5D7-1FAE-F5D9E2CB9B15_1d24fed71527449->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-05T18:20:59.970Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\CHIP DIGITAL GMBH\CHIP1CLICK\CHIP 1-CLICK INSTALLER.EXE"
2016-12-05T18:25:52.080Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-05T18:25:52.095Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-05T18:25:52.095Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 23161659(ms)
2016-12-05T18:25:52.142Z Product supports installmode: 0
2016-12-05T18:25:52.705Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-05T18:25:52.845Z Task(GetDeviceTicket -AccessKey 8A815259-715D-D228-E8EE-4D23B5D060C3 ) launched as network service
2016-12-05T18:25:52.908Z Trace buffers written: 256, events lost: 0, buffers lost: 0, days: 0
2016-12-05T18:25:52.908Z Trusted image bitmap: 0x0
2016-12-05T18:25:52.908Z Trusted image OEM name: (not found)
2016-12-05T18:25:52.908Z Start sending one time SQM data points.
2016-12-05T18:25:52.908Z Finished sending one time SQM data points.
2016-12-05T18:25:52.908Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-05T18:25:52.923Z [Mini-filter] Restricted access to process 6632 from pid: 4000. Original desired access: 0x1fffff.
2016-12-05T18:25:53.126Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:52.970Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 2848
2016-12-05T18:26:53.001Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:26:53.001Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:28:57.095Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T18:28:59.845Z Process scan (poststartupscan) completed.
2016-12-05T18:29:41.861Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:30:40.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.126Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.158Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.314Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.314Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.330Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.330Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.345Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.361Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.361Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.376Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:30:40.376Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T18:30:40.408Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:32:17.439Z Cache Resizing**********Cache stats************
No. Of buckets -> 12800
Each Bucket has max capacity of -> 1 entries
number of Entries is 11945
Number of invalid entries is 0
Number of inserts issued is 12918
Number of replaces issued is 0
Number of insert failures is 1
Number of inserts with duplicate entries is 11008
Number of lookups is 33590
Number of lookup misses is 1520
Number of fast lookup misses is 31658
Number of false fast lookups is 1520
Number of invalidations is 6
Number of maintenance invalidations is 0
Current File Size is 319488
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T18:33:55.857Z Cache Resizing**********Cache stats************
No. Of buckets -> 16000
Each Bucket has max capacity of -> 1 entries
number of Entries is 15326
Number of invalid entries is 0
Number of inserts issued is 30339
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 14384
Number of lookups is 40447
Number of lookup misses is 2836
Number of fast lookup misses is 37191
Number of false fast lookups is 2836
Number of invalidations is 6
Number of maintenance invalidations is 0
Current File Size is 397312
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"

BEGIN BM telemetry
GUID:{A67FDC4B-037A-A0AF-A2F1-D81645CE767C}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:2860
ProcessCreationTime:131254344201337890
SessionID:0
CreationTime:12-05-2016 19:36:08
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

2016-12-05T18:36:11.134Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Begin Resource Scan
Scan ID:{80DA2DF1-324A-4CBC-AC6A-62F5C59D0316}
Scan Source:7
Start Time:12-05-2016 19:38:13
End Time:12-05-2016 19:38:14
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:35875764682496
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Begin Resource Scan
Scan ID:{C2603F97-6D46-450D-B378-377DA8CC0F13}
Scan Source:7
Start Time:12-05-2016 19:38:35
End Time:12-05-2016 19:38:36
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe
Extended Info:25770771399865
End Scan
************************************************************

Lumis 07.12.2016 21:23
Code:
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF9ABFFB, signame=ALF:Win32/Dorv.D!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E4B4F7506, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF9ABFFB, signame=ALF:Win32/Dorv.D!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL"
Internal signature match:subtype=Lowfi, sigseq=0x0000157ECF9ABFFB, signame=ALF:Win32/Dorv.D!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\da60c21e21f3c1efe837e3f670a2456d88468480
Dynamic Signature Compilation Timestamp:12-05-2016 19:39:58
Persistence Type:Duration
Time remaining:216000000
2016-12-05T18:40:07.465Z Dynamic signature received
2016-12-05T18:40:07.472Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Begin Resource Scan
Scan ID:{4374AA98-BADE-4A26-9AFD-FD4804DC39D4}
Scan Source:7
Start Time:12-05-2016 19:39:57
End Time:12-05-2016 19:40:07
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Result Count:1
Unknown File
Identifier:2611507776458850302
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\Microsoft Antimalware\Scans\FilesStash\DC4BC2D8-E655-4A5E-8E73-191D2C9C1828_1d24ff02ae43485"
2016-12-05T18:40:08.266Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll"
Begin Resource Scan
Scan ID:{D74B64D2-981E-4C1D-9B73-4ACFCE1B3983}
Scan Source:7
Start Time:12-05-2016 19:43:28
End Time:12-05-2016 19:43:59
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Result Count:1
Unknown File
Identifier:3143770244384817150
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:23631009530335
End Scan
************************************************************

2016-12-05T18:44:35.033Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E05EDC1DF, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\Microsoft Antimalware\Scans\FilesStash\3FA67B2D-B345-4F5F-514C-67DBD6F1F3CD_1d24ff0ca50fedc"
2016-12-05T18:44:36.057Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\Device\HarddiskVolume2\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
2016-12-05T18:45:58.672Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\bf42aabbea08945f1cea20f3a72a910b81d278dc
Dynamic Signature Compilation Timestamp:12-05-2016 19:45:59
Persistence Type:Duration
Time remaining:216000000
2016-12-05T18:45:58.677Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Begin Resource Scan
Scan ID:{280EA478-9C5A-4DF5-8F6F-5DF378033637}
Scan Source:7
Start Time:12-05-2016 19:45:57
End Time:12-05-2016 19:45:58
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Result Count:1
Unknown File
Identifier:14105644664979718142
Number of Resources:1
Resource Schema:file
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
End Scan
************************************************************

2016-12-05T18:45:58.992Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T18:50:39.300Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.300Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.301Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.314Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:50:39.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.333Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.333Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.334Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1f1fff.
2016-12-05T18:50:39.373Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.374Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.375Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.394Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.395Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.396Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.422Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.423Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.424Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
2016-12-05T18:50:39.443Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.444Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:50:39.445Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 2848
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\innovative solutions\advanced uninstaller pro\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
2016-12-05T18:55:21.213Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\a926cfec24f01dd562fdf47189200a0caf50f4cd
Dynamic Signature Compilation Timestamp:12-05-2016 19:55:22
Persistence Type:Duration
Time remaining:216000000
2016-12-05T18:55:21.220Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-05T18:55:54.168Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:55:54.171Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:55:55.149Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:55:55.150Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Begin Resource Scan
Scan ID:{4B312167-B833-48DC-9ED7-31A08D56EF89}
Scan Source:7
Start Time:12-05-2016 19:56:26
End Time:12-05-2016 19:56:32
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-05T18:56:41.392Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
2016-12-05T18:56:50.196Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:56:50.197Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x000005550240CBF2, signame=MpReportSyncLowfi, cached=false, resource="\\?\C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Begin Resource Scan
Scan ID:{33069724-4379-4FB3-AFDE-E2BCB92BE233}
Scan Source:7
Start Time:12-05-2016 19:56:47
End Time:12-05-2016 19:56:52
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe
Result Count:1
Unknown File
Identifier:3848702724166123518
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files\Vivaldi\Application\1.5.658.56\Installer\chrmstp.exe
Extended Info:5862668159986
End Scan
************************************************************

2016-12-05T18:56:53.600Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:56:53.600Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:56:54.453Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T18:57:06.618Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.619Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.779Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.780Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.871Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.873Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.898Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.899Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.933Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.934Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.959Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:06.960Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.096Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.096Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.121Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.122Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.156Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.157Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.181Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.182Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.706Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.707Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.735Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.736Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.764Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.765Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.789Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:07.790Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.380Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.381Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.408Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.409Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.437Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.438Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.463Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:08.464Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T18:57:12.358Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.359Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.388Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.389Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.425Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.426Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.457Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:12.458Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T18:57:18.169Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
Begin Resource Scan
Scan ID:{70D20DF3-35C6-43B3-AEE9-9CA4AE66EF23}
Scan Source:7
Start Time:12-05-2016 19:57:09
End Time:12-05-2016 19:57:18
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Result Count:2
Unknown File
Identifier:3340142729047834622
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\792F817A-DE2B-6580-9878-88DEE7175EE4_1d24ff2919cafb2"
2016-12-05T18:57:26.683Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T18:57:53.413Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T18:57:53.413Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"
2016-12-05T19:00:17.196Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{F6A6BE3F-5B99-426C-88DC-EF1AFB517BE0}
Scan Source:7
Start Time:12-05-2016 20:00:13
End Time:12-05-2016 20:00:17
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
Result Count:1
Unknown File
Identifier:1231512738186919934
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
Extended Info:5866336595677
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\AEDC9A4F-6253-3D00-9246-D39F0372968F_1d24ff2fc2e7a30"
2016-12-05T19:00:18.388Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe"
Begin Resource Scan
Scan ID:{2E919521-0210-40CC-A70C-6063B1E61322}
Scan Source:7
Start Time:12-05-2016 20:00:32
End Time:12-05-2016 20:00:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
Extended Info:25770492256673
End Scan
************************************************************

2016-12-05T19:00:34.914Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\AppData\Local\Temp\DMR\dmr_72.exe"
Begin Resource Scan
Scan ID:{0FAFE066-5F35-4D92-922C-D26252B8CB48}
Scan Source:3
Start Time:12-05-2016 20:00:34
End Time:12-05-2016 20:00:36
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
End Scan
************************************************************

2016-12-05T19:00:37.007Z DETECTIONEVENT Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe;
2016-12-05T19:00:37.055Z DETECTION_ADD Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Begin Resource Scan
Scan ID:{2E50E440-283D-4188-82E3-E9D626AA6D8D}
Scan Source:6
Start Time:12-05-2016 20:00:39
End Time:12-05-2016 20:00:41
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
End Scan
************************************************************

2016-12-05T19:00:43.745Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:00:43.749Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-05T19:00:54.081Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{A2EE4E3B-7340-45E4-B28C-DE321535E8B0}
Scan Source:7
Start Time:12-05-2016 20:00:53
End Time:12-05-2016 20:00:54
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Result Count:1
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Extended Info:5863497417884
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\EF0B4B1B-5D20-2A49-38EA-0819C6B48264_1d24ff31213b2b6"
2016-12-05T19:00:58.342Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-05T19:01:00.015Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-05T19:01:10.067Z DETECTION_MERGE Trojan:Win32/Neurevt regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:10.067Z DETECTION_MERGE Trojan:Win32/Neurevt runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:10.068Z DETECTIONEVENT Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe;regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;
Begin Resource Scan
Scan ID:{3EED1771-2388-4215-BA6E-58B2BC98912C}
Scan Source:6
Start Time:12-05-2016 20:00:41
End Time:12-05-2016 20:01:10
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:runonce
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Begin Resource Scan
Scan ID:{657F3EFF-57DB-41B4-A776-8071770FCC2D}
Scan Source:7
Start Time:12-05-2016 20:01:09
End Time:12-05-2016 20:01:10
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Result Count:1
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
End Scan
************************************************************

FileName:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
SHA1:a3210589830de8701c4cbde58828b1f1be9033da
2016-12-05T19:01:12.303Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:01:15.309Z MAPS Report Send (hr=0x0 httpcode=200)
Beginning threat actions
Start time:12-05-2016 20:01:11
Threat Name:Trojan:Win32/Neurevt
Threat ID:2147681664
Action:quarantine
Resource action complete:Quarantine
Schema:regkey
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:runonce
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Threat ID:2147681664
Resource refcount:1
Result:0
Registry value to be removed:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Type:1
Value:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Action remove successful on regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Resource action complete:Removal
Schema:regkey
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
Resource action complete:Removal
Schema:runonce
Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Threat ID:2147681664
Resource refcount:1
Result:0
File owner:Lutz-PC\Lutz
File scheduled for removal on reboot
File Name:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Threat ID:2147681664
Resource refcount:1
Result:3010
Finished threat ID:2147681664
Threat result:0
Threat status flags:386
Finished threat actions
End time:12-05-2016 20:01:14
Result:0
2016-12-05T19:01:16.687Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:16.690Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:18.695Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:18.698Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:01:20.580Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\7136683dc89b4916a158aabfb46fdeee84b186f0
Dynamic Signature Compilation Timestamp:12-05-2016 20:01:21
Persistence Type:VDM Version
Source Version:282475797741569
Expiration Version:282475797741569
2016-12-05T19:01:20.584Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:01:20.625Z DETECTIONEVENT Trojan:Win32/MultiInjector.A!rfn containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip;file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe;
2016-12-05T19:01:20.625Z DETECTION_ADD Trojan:Win32/MultiInjector.A!rfn containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
2016-12-05T19:01:20.625Z DETECTION_ADD Trojan:Win32/MultiInjector.A!rfn file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
2016-12-05T19:01:20.630Z DETECTIONEVENT Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe;regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service;
2016-12-05T19:01:20.631Z DETECTION_ADD Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
2016-12-05T19:01:20.631Z DETECTION_ADD Trojan:Win32/Neurevt regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:20.631Z DETECTION_ADD Trojan:Win32/Neurevt runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Begin Quick Scan
Scan ID:{1384EB81-2530-4613-9AA0-804CE3B1AD4D}
Scan Source:2
Start Time:12-05-2016 19:34:31
End Time:12-05-2016 20:01:20
Result Count:25
Threat Name:Trojan:Win32/MultiInjector.A!rfn
ID:2147694523
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Extended Info:24633383919688
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:runonce
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Extended Info:0
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Extended Info:24631940408518
Unknown File
Identifier:1589573838700542
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
Extended Info:5866336595677
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Unknown File
Identifier:15948155041911668734
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
Extended Info:5866336595677
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Unknown File
Identifier:1231512738186919934
Number of Resources:3
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe
Extended Info:5866336595677
Resource Schema:firefoxplugins
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MozillaPlugins\ubisoft.com/uplaypc
Extended Info:0
Unknown File
Identifier:8668428389951995902
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:5865471105564
Unknown File
Identifier:17155677555219496958
Number of Resources:1
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Extended Info:536274339601368
Unknown File
Identifier:3340142729047834622
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
Unknown File
Identifier:7242926480961830910
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Extended Info:23631009530335
Unknown File
Identifier:12153967519442403326
Number of Resources:3
Code:
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Extended Info:23633742824874
Unknown File
Identifier:14958751411939049470
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Extended Info:23631699224337
Unknown File
Identifier:17469801885471866878
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Extended Info:23634104720268
Unknown File
Identifier:12840072245577515006
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:5863487478424
Unknown File
Identifier:3143770244384817150
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Common Files\Nokia\Tss\Product API Libraries\ta_productdata_handlers_lib.dll
Extended Info:23631009530335
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:7173338355680149502
Number of Resources:7
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Microsoft Office\Office14\WWLIB.DLL
Extended Info:23634393087995
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0
Extended Info:0
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0
Extended Info:0
Unknown File
Identifier:11114419910065782782
Number of Resources:5
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe
Extended Info:23632173561094
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Resource Schema:firefoxplugins
Resource Path:HKLM\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0
Extended Info:0
Unknown File
Identifier:10100072441477857278
Number of Resources:3
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Extended Info:9223533080976662056
Unknown File
Identifier:10801045176160616446
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:23632075254285
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Extended Info:0
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Extended Info:0
Unknown File
Identifier:13318595489990443006
Number of Resources:21
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Extended Info:23632520901406
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Unknown File
Identifier:15215047301790695422
Number of Resources:1
Resource Schema:samplefilerootkit
Resource Path:ems->Trigger:EMS
Extended Info:347194694280023
Unknown File
Identifier:15490869229661454334
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:6516,ProcessStart:131254352790341796
Extended Info:40956872578181
Unknown File
Identifier:12270248892783656958
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2120,ProcessStart:131254344193437500
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-05T19:01:20.655Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:01:20.658Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
Begin Resource Scan
Scan ID:{FD559BE0-B72A-4EF1-B58C-C9E73CD4BEE0}
Scan Source:7
Start Time:12-05-2016 20:01:20
End Time:12-05-2016 20:01:20
Explicit resource to scan
Resource Schema:samplefilerootkit
Resource Path:ems->Trigger:EMS
Result Count:1
Unknown File
Identifier:15215047301790695422
Number of Resources:1
Resource Schema:samplefilerootkit
Resource Path:ems->Trigger:EMS
Extended Info:0
End Scan
************************************************************

2016-12-05T19:01:20.936Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:02:20.654Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.655Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.655Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.662Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.698Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.698Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.800Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.801Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.821Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.822Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.825Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.848Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.849Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.867Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:02:20.868Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 2848
2016-12-05T19:02:20.895Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:05:33.428Z DETECTIONEVENT Trojan:Win32/Rundas.A containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip;file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe;
2016-12-05T19:05:33.429Z DETECTION_ADD Trojan:Win32/Rundas.A containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
2016-12-05T19:05:33.429Z DETECTION_ADD Trojan:Win32/Rundas.A file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Begin Resource Scan
Scan ID:{6BFCAC5D-F3C1-4820-B334-74AF74554906}
Scan Source:6
Start Time:12-05-2016 20:05:13
End Time:12-05-2016 20:05:33
Explicit resource to scan
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Explicit resource to scan
Resource Schema:runonce
Resource Path:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
Result Count:2
Threat Name:Trojan:Win32/MultiInjector.A!rfn
ID:2147694523
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Extended Info:24633383919688
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
Threat Name:Trojan:Win32/Rundas.A
ID:2147717515
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:42224134630980
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=false, resource="Ereignisanzeige löschen_x86.exe->Ereignisanzeige löschen_x64.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EFB1EC32E, signame=TEL:SNID:Tool:Win32/ScriptToExe!f2ko, cached=false, resource="Ereignisanzeige löschen_x86.exe->Ereignisanzeige löschen_x86.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=false, resource="Ereignisanzeige löschen_x86.exe->Ereignisanzeige löschen_x86.exe"
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
SHA1:a2a0d4e77dd8b0ea7beb9ca844b14674be009f16
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
SHA1:0317d4b341194ed8717e403bf5833f79a93eed37
Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=true, resource="Ereignisanzeige löschen_x64.exe->Ereignisanzeige löschen_x64.exe"
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
SHA1:905f5c85dd500eba437ef22f3de59a35ee12da87
Beginning threat actions
Start time:12-05-2016 20:05:35
Threat Name:Trojan:Win32/MultiInjector.A!rfn
Threat ID:2147694523
Action:remove
Threat Name:Trojan:Win32/Rundas.A
Threat ID:2147717515
Action:unknown
File to act on SHA1:0317D4B341194ED8717E403BF5833F79A93EED37
File owner:VORDEFINIERT\Administratoren
File cleaned/removed successfully
File Name:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
Threat ID:2147694523
Resource refcount:1
Result:0
Finished threat ID:2147717515
Threat result:0
Threat status flags:0
Finished threat ID:2147694523
Threat result:0
Threat status flags:0
Finished threat actions
End time:12-05-2016 20:05:35
Result:0
2016-12-05T19:05:35.740Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:05:38.555Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{F26CB1B9-944B-48F6-9876-398DF7F01599}
Scan Source:6
Start Time:12-05-2016 20:05:38
End Time:12-05-2016 20:05:38
Explicit resource to scan
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Result Count:1
Threat Name:Trojan:Win32/Rundas.A
ID:2147717515
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:42224134630980
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
End Scan
************************************************************

2016-12-05T19:05:40.568Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:05:40.572Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{1E89EC1F-217D-48AB-A5B6-892CE8813ACB}
Scan Source:6
Start Time:12-05-2016 20:05:38
End Time:12-05-2016 20:05:59
Explicit resource to scan
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Result Count:1
Threat Name:Trojan:Win32/Rundas.A
ID:2147717515
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Extended Info:42224134630980
Resource Schema:containerfile
Resource Path:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555A9525A1C, signame=#LowFi:Tool:Win32/BatToExeB2E, cached=true, resource="Ereignisanzeige löschen_x64.exe->Ereignisanzeige löschen_x64.exe"
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
SHA1:905f5c85dd500eba437ef22f3de59a35ee12da87
FileName:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
SHA1:b204cc9c616acaaf3496a662453aad46eded66f3
Beginning threat actions
Start time:12-05-2016 20:06:00
Threat Name:Trojan:Win32/Rundas.A
Threat ID:2147717515
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Threat ID:2147717515
Resource refcount:1
Result:0
Resource action complete:Quarantine
Schema:containerfile
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Threat ID:2147717515
Resource refcount:1
Result:0
File to act on SHA1:B204CC9C616ACAAF3496A662453AAD46EDED66F3
File owner:VORDEFINIERT\Administratoren
File cleaned/removed successfully
File Name:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
Threat ID:2147717515
Resource refcount:1
Result:0
Finished threat ID:2147717515
Threat result:0
Threat status flags:0
Finished threat actions
End time:12-05-2016 20:06:00
Result:0
2016-12-05T19:06:00.521Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:06:02.412Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:06:02.416Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-05T19:07:03.009Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.009Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.030Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.031Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.055Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.056Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.076Z [Mini-filter] Restricted access to process 3896 from pid: 2848. Original desired access: 0x1fffff.
2016-12-05T19:07:03.077Z [Mini-filter] Restricted access to process 2000 from pid: 2848. Original desired access: 0x1fffff.
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log
Stopped On 12-05-2016 20:07:35 (Exit Code = 0x0)
************************************************************
2016-12-05T19:07:35.125Z Unloaded module#0 MpComServer.
2016-12-05T19:07:35.125Z Shutdowning WscLib, update=0, snooze=0
2016-12-05T19:07:35.141Z
****************************RTP Perf Log***************************
RTP Start:‎12‎-‎05‎-‎2016 19:18:57
Last Perf:‎12‎-‎05‎-‎2016 19:18:57
First RTP Scan:‎12‎-‎05‎-‎2016 19:18:57
Plugin States:  AV:1  AS:1  RTP:1  OA:1  BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:5
System File Cache:
  Hits:1538
  Misses:12141
BM Queue:45,632,0
  Proc:17,324,0
  File:28,390,0
Plugin Queue:0,1,0
  Threat:0,1,0
  Susp:0,1,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,3,0
  SetEngine:1,1,0
  SetState:0,1,0
  SetUser:0,0,0
  Config:0,1,0
  ProcExcl:0,1,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:17730
  Pending:0
  RegSize:134308
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:3866488
  AsyncQCurrent:0
  BMFlags:15
  ServiceMaj:0
  ServiceMin:0
  NumInstance:6
  TotalStreamCon:12788
  NTFS Cache Statistics:
  TotalMisses:26864
  TotalHits:77920
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:2ms (320/114)
  Success: 114, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-05T19:07:35.438Z
****************************RTP Perf Log***************************
RTP Start:‎12‎-‎05‎-‎2016 20:07:35
Last Perf:‎12‎-‎05‎-‎2016 20:07:35
First RTP Scan:N/A
Plugin States:  AV:1  AS:1  RTP:1  OA:1  BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:1
System File Cache:
  Hits:0
  Misses:0
BM Queue:45,0,0
  Proc:17,0,0
  File:28,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:0,1,0
  SetEngine:0,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:17730
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:3866488
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:6
  TotalStreamCon:12788
  NTFS Cache Statistics:
  TotalMisses:26864
  TotalHits:77920
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:2ms (320/114)
  Success: 114, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 20:08:51
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 19:08:51.468750000 UTC
2016-12-05T19:08:51.468Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T19:08:51.484Z Trace session started - MpWppTracing-12052016-200851-00000003-ffffffff.bin
2016-12-05T19:08:51.484Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-05T19:08:51.515Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 18321
Number of invalid entries is 0
Number of inserts issued is 49805
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 15347
Number of lookups is 82227
Number of lookup misses is 8538
Number of fast lookup misses is 62378
Number of false fast lookups is 8538
Number of invalidations is 16
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T19:08:51.578Z Verifying RTP plugin...
2016-12-05T19:08:51.578Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-05T19:08:51.656Z Loading engine...
2016-12-05T19:08:51.718Z Verifying engine and signature files (source: 1) ...
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-05T19:08:51.718Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-05T19:08:53.359Z Initializing MPUT in engine...
2016-12-05T19:08:53.359Z MPUT initialized in the engine successfully
2016-12-05T19:08:53.562Z CSignatureStatus: back to good
2016-12-05T19:08:53.562Z Initializing RTP plugin state...
2016-12-05T19:08:53.562Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1394
  NTFS Cache Statistics:
  TotalMisses:4974
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-05T19:08:53.562Z Engine loaded!
2016-12-05T19:08:53.609Z Verifying license file...
2016-12-05T19:08:53.609Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-05T19:08:53.609Z Product supports installmode: 0
2016-12-05T19:08:53.656Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T19:08:53.656Z Loaded module#0 MpComServer.
2016-12-05T19:08:53.656Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T19:08:53.656Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T19:10:12.461Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-05T19:10:12.461Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T19:10:12.618Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{A2B5A6B5-3C16-4603-BE84-978C2D187C46}
Scan Source:7
Start Time:12-05-2016 20:10:06
End Time:12-05-2016 20:10:12
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Result Count:1
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

2016-12-05T19:10:19.515Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
2016-12-05T19:10:19.515Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-05T19:12:14.765Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:14.765Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:14.796Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:14.796Z [Mini-filter] Restricted access to process 1036 from pid: 3856. Original desired access: 0x1fffff.
2016-12-05T19:12:15.296Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
2016-12-05T19:12:15.296Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3856
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 20:22:16
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 19:22:16.546875000 UTC
2016-12-05T19:22:16.546Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T19:22:16.578Z Trace session started - MpWppTracing-12052016-202216-00000003-ffffffff.bin
2016-12-05T19:22:16.578Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-05T19:22:17.140Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 18321
Number of invalid entries is 0
Number of inserts issued is 49805
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 15347
Number of lookups is 83471
Number of lookup misses is 8680
Number of fast lookup misses is 62896
Number of false fast lookups is 8680
Number of invalidations is 16
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T19:22:17.890Z Verifying RTP plugin...
2016-12-05T19:22:17.937Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-05T19:22:19.015Z Loading engine...
2016-12-05T19:22:19.640Z Verifying engine and signature files (source: 1) ...
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-05T19:22:19.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-05T19:22:34.671Z Initializing MPUT in engine...
2016-12-05T19:22:34.671Z MPUT initialized in the engine successfully
2016-12-05T19:22:37.265Z CSignatureStatus: back to good
2016-12-05T19:22:37.328Z Initializing RTP plugin state...
2016-12-05T19:22:37.328Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:742
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1420
  NTFS Cache Statistics:
  TotalMisses:4750
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

Lumis 07.12.2016 21:24
Code:
2016-12-05T19:22:37.328Z Engine loaded!
2016-12-05T19:22:38.593Z Verifying license file...
2016-12-05T19:22:38.593Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-05T19:22:38.593Z Product supports installmode: 0
2016-12-05T19:22:39.515Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T19:22:39.515Z Loaded module#0 MpComServer.
2016-12-05T19:22:39.531Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T19:22:39.531Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Begin Resource Scan
Scan ID:{80DA618D-5D34-4AFC-86CF-AD39B3D078E9}
Scan Source:7
Start Time:12-05-2016 20:23:15
End Time:12-05-2016 20:24:05
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
2016-12-05T19:25:50.790Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-05T19:25:50.915Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-05T19:26:02.258Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-05-2016 20:29:50
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/05/2016 19:29:50.359375000 UTC
2016-12-05T19:29:50.359Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-05T19:29:50.375Z Trace session started - MpWppTracing-12052016-202950-00000003-ffffffff.bin
2016-12-05T19:29:50.375Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-05T19:29:50.375Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 18338
Number of invalid entries is 0
Number of inserts issued is 49833
Number of replaces issued is 0
Number of insert failures is 2
Number of inserts with duplicate entries is 15347
Number of lookups is 93328
Number of lookup misses is 9588
Number of fast lookup misses is 66671
Number of false fast lookups is 9588
Number of invalidations is 16
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T19:29:50.390Z Verifying RTP plugin...
2016-12-05T19:29:50.390Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-05T19:29:50.390Z Loading engine...
2016-12-05T19:29:50.421Z Verifying engine and signature files (source: 1) ...
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-05T19:29:50.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-05T19:29:51.406Z Initializing MPUT in engine...
2016-12-05T19:29:51.406Z MPUT initialized in the engine successfully
2016-12-05T19:29:51.500Z CSignatureStatus: back to good
2016-12-05T19:29:51.500Z Initializing RTP plugin state...
2016-12-05T19:29:51.500Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1367
  NTFS Cache Statistics:
  TotalMisses:5027
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-05T19:29:51.500Z Engine loaded!
2016-12-05T19:29:51.531Z Verifying license file...
2016-12-05T19:29:51.531Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-05T19:29:51.531Z Product supports installmode: 0
2016-12-05T19:29:51.531Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-05T19:29:51.531Z Loaded module#0 MpComServer.
2016-12-05T19:29:51.531Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-05T19:29:51.531Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T19:30:05.110Z MAPS Report Send (hr=0xffffffff httpcode=0)
Begin Resource Scan
Scan ID:{243A6F07-59C5-4FA8-ADF1-8A44ECD5DD8D}
Scan Source:7
Start Time:12-05-2016 20:29:52
End Time:12-05-2016 20:30:06
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Result Count:1
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

2016-12-05T19:30:06.908Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-05T19:30:38.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:30:38.048Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-05T19:31:36.830Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:36.830Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:36.861Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:36.861Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.001Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:31:37.001Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:31:37.001Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5168
2016-12-05T19:31:37.017Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.017Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.017Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.017Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.033Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.033Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.033Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:31:37.033Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T19:31:37.689Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-05T19:32:49.376Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-05T19:33:48.423Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:33:48.423Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Begin Resource Scan
Scan ID:{1CFBFB12-4EA5-42B5-AAF1-45A1B684B7EA}
Scan Source:7
Start Time:12-05-2016 20:30:21
End Time:12-05-2016 20:33:54
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Result Count:6
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:6032965302403203070
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:40956872578181
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
End Scan
************************************************************

2016-12-05T19:33:57.314Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-05T19:34:57.189Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:34:57.220Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:34:57.236Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:34:57.251Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T19:35:06.048Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:35:54.845Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\CHIP DIGITAL GMBH\CHIP1CLICK\CHIP 1-CLICK INSTALLER.EXE"
2016-12-05T19:35:54.876Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
2016-12-05T19:36:54.048Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Begin Resource Scan
Scan ID:{9358F309-F248-4D43-A3DC-33DB0E10C573}
Scan Source:7
Start Time:12-05-2016 20:36:19
End Time:12-05-2016 20:36:55
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2456,ProcessStart:131254397942041015
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2456,ProcessStart:131254397942041015
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\ACSound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\AudioEnvironment.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:10
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\AudioEnvironment.exe
Extended Info:5863497417884
Unknown File
Identifier:8699507469090553854
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\ACSound.exe
Extended Info:5863497417884
Unknown File
Identifier:12594014312219017214
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2456,ProcessStart:131254397942041015
Extended Info:9223502295520413380
Unknown File
Identifier:4443369305966379006
Number of Resources:2
Resource Schema:process
Resource Path:pid:2456,ProcessStart:131254397942041015
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\1815B6FB-8655-9128-3B75-3FC34129C70D_1d24ff823a710cd"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\79879C57-4647-A6C9-EBFD-6F71ADAAA309_1d24ff825f3f5a3"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMEnc.exe"
2016-12-05T19:37:16.533Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T19:37:48.611Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{A5C04193-FD33-40F2-B26D-6995FEC81D23}
Scan Source:7
Start Time:12-05-2016 20:37:38
End Time:12-05-2016 20:37:50
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Result Count:2
Unknown File
Identifier:3340142729047834622
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\55F0389A-48B3-A357-5522-366402954F32_1d24ff840cb2ed7"
2016-12-05T19:38:02.423Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-05T19:39:51.533Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-05T19:39:51.533Z Product supports installmode: 0
2016-12-05T19:39:52.205Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-05T19:39:52.205Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 17500163(ms)
2016-12-05T19:40:15.845Z Detection State: Finished(3) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-05T19:41:17.673Z Trace buffers written: 552, events lost: 0, buffers lost: 0, days: 0
2016-12-05T19:41:17.673Z Trusted image bitmap: 0x0
2016-12-05T19:41:17.673Z Trusted image OEM name: (not found)
2016-12-05T19:41:17.673Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-05T19:41:17.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5168
2016-12-05T19:41:17.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5168
2016-12-05T19:41:17.689Z [Mini-filter] Restricted access to process 4708 from pid: 7068. Original desired access: 0x1fffff.
2016-12-05T19:42:17.830Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.830Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.830Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.845Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5168
2016-12-05T19:42:17.861Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:44:08.824Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:44:08.824Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.946Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.977Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:08.977Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.086Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.086Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.102Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.118Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.118Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:09.118Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:09.118Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.321Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1f1fff.
2016-12-05T20:45:21.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.336Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1f1fff.
2016-12-05T20:45:21.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.368Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.368Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.383Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:45:21.399Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T20:45:21.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5168
2016-12-05T20:46:03.446Z Cache Resizing**********Cache stats************
No. Of buckets -> 20000
Each Bucket has max capacity of -> 1 entries
number of Entries is 19219
Number of invalid entries is 0
Number of inserts issued is 52376
Number of replaces issued is 0
Number of insert failures is 3
Number of inserts with duplicate entries is 16146
Number of lookups is 130043
Number of lookup misses is 11572
Number of fast lookup misses is 74025
Number of false fast lookups is 11572
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 495616
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T20:52:54.336Z Cache Resizing**********Cache stats************
No. Of buckets -> 25000
Each Bucket has max capacity of -> 1 entries
number of Entries is 24222
Number of invalid entries is 0
Number of inserts issued is 80677
Number of replaces issued is 0
Number of insert failures is 4
Number of inserts with duplicate entries is 21149
Number of lookups is 145690
Number of lookup misses is 13615
Number of fast lookup misses is 85534
Number of false fast lookups is 13615
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 618496
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:02:50.493Z Cache Resizing**********Cache stats************
No. Of buckets -> 31250
Each Bucket has max capacity of -> 1 entries
number of Entries is 29851
Number of invalid entries is 0
Number of inserts issued is 113991
Number of replaces issued is 0
Number of insert failures is 5
Number of inserts with duplicate entries is 26780
Number of lookups is 163747
Number of lookup misses is 16508
Number of fast lookup misses is 98649
Number of false fast lookups is 16508
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 774144
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:14:15.336Z Cache Resizing**********Cache stats************
No. Of buckets -> 39062
Each Bucket has max capacity of -> 1 entries
number of Entries is 37449
Number of invalid entries is 0
Number of inserts issued is 156499
Number of replaces issued is 0
Number of insert failures is 6
Number of inserts with duplicate entries is 34376
Number of lookups is 187989
Number of lookup misses is 20168
Number of fast lookup misses is 115059
Number of false fast lookups is 20168
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 958464
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:24:37.121Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.152Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.183Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.199Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.329Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.351Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.380Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:37.419Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.268Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.299Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.315Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.346Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.742Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.757Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.789Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:39.804Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.137Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.153Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.184Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:24:49.216Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:25:08.552Z Cache Resizing**********Cache stats************
No. Of buckets -> 48827
Each Bucket has max capacity of -> 1 entries
number of Entries is 46393
Number of invalid entries is 0
Number of inserts issued is 207938
Number of replaces issued is 0
Number of insert failures is 7
Number of inserts with duplicate entries is 43310
Number of lookups is 210436
Number of lookup misses is 24119
Number of fast lookup misses is 132728
Number of false fast lookups is 24119
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 1200128
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:25:26.943Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:31:42.029Z Cache Resizing**********Cache stats************
No. Of buckets -> 61033
Each Bucket has max capacity of -> 1 entries
number of Entries is 57445
Number of invalid entries is 0
Number of inserts issued is 270759
Number of replaces issued is 0
Number of insert failures is 8
Number of inserts with duplicate entries is 54362
Number of lookups is 234538
Number of lookup misses is 28095
Number of fast lookup misses is 152783
Number of false fast lookups is 28095
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 1499136
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:41:01.134Z Cache Resizing**********Cache stats************
No. Of buckets -> 76291
Each Bucket has max capacity of -> 1 entries
number of Entries is 72908
Number of invalid entries is 0
Number of inserts issued is 352707
Number of replaces issued is 0
Number of insert failures is 9
Number of inserts with duplicate entries is 69825
Number of lookups is 265909
Number of lookup misses is 33526
Number of fast lookup misses is 178481
Number of false fast lookups is 33526
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 1871872
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:44:42.859Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:45.953Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:45.968Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:45.984Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:44:46.015Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:53:08.997Z Cache Resizing**********Cache stats************
No. Of buckets -> 95363
Each Bucket has max capacity of -> 1 entries
number of Entries is 86940
Number of invalid entries is 0
Number of inserts issued is 444510
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 83848
Number of lookups is 297649
Number of lookup misses is 38900
Number of fast lookup misses is 203506
Number of false fast lookups is 38900
Number of invalidations is 26
Number of maintenance invalidations is 0
Current File Size is 2334720
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-05T21:59:09.806Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:09.831Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:09.859Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:09.882Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:12.356Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T21:59:35.583Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.802Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.818Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.865Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:11.880Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.615Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.630Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.677Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:18.693Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:02:44.991Z On demand scan closed without completion. Current scan state: 1. ScanSource: 2, Scan flags:0x10002. NumberOfResources:0. bRemoveFromList:1
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe"
Begin Resource Scan
Scan ID:{1A26559F-7742-480B-899F-3B600F18EBC4}
Scan Source:7
Start Time:12-05-2016 23:02:46
End Time:12-05-2016 23:02:48
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAM FILES (X86)\Battle.net\SystemSurvey.exe
Extended Info:25773971351204
End Scan
************************************************************

Lumis 07.12.2016 21:25
Code:
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=false, resource="\\?\C:\Program Files (x86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-05T22:03:14.493Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.519Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.554Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.578Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:14.666Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.368Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.392Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.424Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:26.451Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:34.137Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.561Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.589Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.625Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:40.653Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.714Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.715Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.715Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.750Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.787Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.788Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.816Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.822Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.824Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.831Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.855Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.862Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:45.865Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:45.872Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:03:48.914Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.361Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.385Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.416Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:03:58.438Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.098Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.122Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.150Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:04:01.171Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.

BEGIN BM telemetry
GUID:{647D185A-5D8C-E9F9-9EEF-AC124585E2B9}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-05-2016 23:04:46
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
Begin Resource Scan
Scan ID:{E3E4FACD-DA57-4E33-92D8-16C2AEADD0E1}
Scan Source:7
Start Time:12-05-2016 23:05:49
End Time:12-05-2016 23:05:53
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:35875764682496
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\Device\HarddiskVolume2\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T22:22:43.873Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.873Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.874Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.924Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.973Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:43.974Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.004Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.012Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.015Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.023Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.054Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.062Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:22:44.065Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:22:44.073Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T22:29:32.118Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:29:32.145Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:29:32.179Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:29:32.207Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T22:34:43.488Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00002A78628A9626, signame=TEL:VirTool:Win32/Antihv.A!Bios, cached=true, resource="\\?\C:\Program Files (x86)\Battle.net\SystemSurvey.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Begin Resource Scan
Scan ID:{EFF059E2-7181-41B5-8AEC-C331EF0FF0FE}
Scan Source:7
Start Time:12-05-2016 23:34:43
End Time:12-05-2016 23:37:24
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Explicit resource to scan
Resource Schema:process
Resource Path:pid:4088,ProcessStart:131254489688691406
Explicit resource to scan
Resource Schema:process
Resource Path:pid:5160,ProcessStart:131254400371582031
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:5160,ProcessStart:131254400371582031
Explicit resource to scan
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Battle.net\SystemSurvey.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:17
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:1400350415148548094
Number of Resources:3
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
Unknown File
Identifier:10283933153831682046
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:5160,ProcessStart:131254400371582031
Extended Info:9223502295520413380
Unknown File
Identifier:6032965302403203070
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:40956872578181
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:4443369305966379006
Number of Resources:2
Resource Schema:process
Resource Path:pid:5160,ProcessStart:131254400371582031
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
Unknown File
Identifier:3340142729047834622
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
Unknown File
Identifier:7106473450117529598
Number of Resources:2
Resource Schema:process
Resource Path:pid:2608,ProcessStart:131254397926718750
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
Unknown File
Identifier:18181744765492527102
Number of Resources:5
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Extended Info:0
Unknown File
Identifier:9391451435192811518
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\1F4BDB6F-7E10-76A0-E7C9-C08A19E5B4ED_1d2501151a7434e"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\8BB7153F-43BD-D1B0-1CF0-FE41B57C1E5C_1d2501151667160"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-05T22:37:27.453Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{99D1BF67-8D31-4A86-989B-6D540CA8F992}
Scan Source:7
Start Time:12-05-2016 23:37:41
End Time:12-05-2016 23:37:50
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\1F4BDB6F-7E10-76A0-E7C9-C08A19E5B4ED_1d2501151a7434e
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\8BB7153F-43BD-D1B0-1CF0-FE41B57C1E5C_1d2501151667160->[EPO-V-0]
Result Count:1
Unknown File
Identifier:17711664305797070846
Number of Resources:1
Resource Schema:file
Resource Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\4A40E029-64B4-70FA-A5DD-C05C8423AD4A_1d2501150ff0760->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-05T22:37:50.955Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{6E9C5D8D-6208-4466-AA17-A03F243AF739}
Scan Source:7
Start Time:12-05-2016 23:37:24
End Time:12-05-2016 23:37:52
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:11
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:14410960021602959358
Number of Resources:6
Resource Schema:process
Resource Path:pid:5160,ProcessStart:131254400371582031
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AU11_is1
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AU11_is1
Extended Info:0
Resource Schema:file
Resource Path:C:\Windows\System32\Tasks\UninstallMonitor
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Resource Schema:taskscheduler
Resource Path:C:\Windows\System32\Tasks\UninstallMonitor
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:18181744765492527102
Number of Resources:5
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Extended Info:0
Unknown File
Identifier:9391451435192811518
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Extended Info:0
End Scan
************************************************************

2016-12-05T22:37:53.283Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"

BEGIN BM telemetry
GUID:{BB8940C8-0311-8D0F-C61E-7374DB820533}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-05-2016 23:39:53
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

Lumis 07.12.2016 21:28
Code:
2016-12-05T22:40:23.775Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-05T22:46:57.730Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.593Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.616Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.647Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:47:11.668Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.792Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.818Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.845Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:48:40.868Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=true, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T22:57:50.659Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.863Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.884Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.911Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T22:57:50.932Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.744Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.744Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.744Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.776Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.811Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.811Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.833Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.837Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.839Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.845Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.865Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.871Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:44.873Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:44.878Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5168
2016-12-05T23:00:47.485Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:47.505Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:47.533Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:00:47.554Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"

BEGIN BM telemetry
GUID:{F272CE22-C8A9-7A96-4D7C-3CDC2046CBC2}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-06-2016 00:02:28
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

2016-12-05T23:03:19.343Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:19.366Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:19.397Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:19.420Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.011Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.034Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.062Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:03:49.086Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=true, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-05T23:14:10.158Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:14:10.184Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:14:10.211Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:14:10.233Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
2016-12-05T23:17:17.149Z [Mini-filter] Restricted access to process 1040 from pid: 5168. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="process://C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"

BEGIN BM telemetry
GUID:{E7B57175-FBF2-278A-DC5C-E625B8F53E23}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3248
ProcessCreationTime:131254397951777343
SessionID:0
CreationTime:12-06-2016 00:21:45
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 10:18:05
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 09:18:05.468750000 UTC
2016-12-06T09:18:05.468Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T09:18:05.468Z Trace session started - MpWppTracing-12062016-101805-00000003-ffffffff.bin
2016-12-06T09:18:05.468Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T09:18:05.500Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94032
Number of invalid entries is 0
Number of inserts issued is 539524
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 444037
Number of lookup misses is 54680
Number of fast lookup misses is 277428
Number of false fast lookups is 54680
Number of invalidations is 34
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T09:18:05.515Z Verifying RTP plugin...
2016-12-06T09:18:05.515Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T09:18:05.531Z Loading engine...
2016-12-06T09:18:05.546Z Verifying engine and signature files (source: 1) ...
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T09:18:05.546Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T09:18:06.500Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\a926cfec24f01dd562fdf47189200a0caf50f4cd
Dynamic Signature Compilation Timestamp:12-05-2016 19:55:22
Persistence Type:Duration
Time remaining:216000000
2016-12-06T09:18:06.500Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\bf42aabbea08945f1cea20f3a72a910b81d278dc
Dynamic Signature Compilation Timestamp:12-05-2016 19:45:59
Persistence Type:Duration
Time remaining:216000000
2016-12-06T09:18:06.500Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\da60c21e21f3c1efe837e3f670a2456d88468480
Dynamic Signature Compilation Timestamp:12-05-2016 19:39:58
Persistence Type:Duration
Time remaining:216000000
2016-12-06T09:18:06.500Z Initializing MPUT in engine...
2016-12-06T09:18:06.500Z MPUT initialized in the engine successfully
2016-12-06T09:18:06.609Z CSignatureStatus: back to good
2016-12-06T09:18:06.609Z Initializing RTP plugin state...
2016-12-06T09:18:06.609Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1257
  NTFS Cache Statistics:
  TotalMisses:4902
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T09:18:06.609Z Engine loaded!
2016-12-06T09:18:06.609Z Verifying license file...
2016-12-06T09:18:06.609Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T09:18:06.609Z Product supports installmode: 0
2016-12-06T09:18:06.625Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T09:18:06.625Z Loaded module#0 MpComServer.
2016-12-06T09:18:06.625Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T09:18:06.625Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T09:18:22.602Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{39D3BB68-0816-4CB5-A495-7757601E38CD}
Scan Source:7
Start Time:12-06-2016 10:18:09
End Time:12-06-2016 10:18:22
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T09:18:23.696Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T09:18:33.696Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\420559f6c5c54978abf1ea97d7dc8a6391712593
Dynamic Signature Compilation Timestamp:12-06-2016 10:18:23
Persistence Type:Duration
Time remaining:216000000
DSS Timeout:Received results after timeout
2016-12-06T09:18:33.696Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Begin Resource Scan
Scan ID:{828046E3-3B30-489C-BA77-93DE9C12A3A5}
Scan Source:7
Start Time:12-06-2016 10:18:38
End Time:12-06-2016 10:18:38
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\users\lutz\desktop\hijackthis.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\users\lutz\desktop\hijackthis.exe:Zone.Identifier
Extended Info:35874746033117
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-06T09:18:51.899Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:18:51.899Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T09:19:05.524Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T09:19:06.977Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5396
2016-12-06T09:19:06.977Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T09:19:11.461Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T09:19:11.461Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Begin Resource Scan
Scan ID:{1703C61C-D7D5-4E1C-BB80-09AE61E1B148}
Scan Source:7
Start Time:12-06-2016 10:19:09
End Time:12-06-2016 10:19:12
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
2016-12-06T09:19:41.836Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
2016-12-06T09:19:51.915Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:19:51.915Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:19:51.915Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5396
2016-12-06T09:19:51.930Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.930Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.930Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.930Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.946Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.946Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.946Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.946Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:51.946Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5396
2016-12-06T09:19:51.993Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:52.415Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:19:52.415Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.336Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:20:07.336Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.352Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:20:07.352Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.352Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.383Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.399Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.399Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.415Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.415Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.415Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.430Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.430Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:20:07.446Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.461Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:20:07.461Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Begin Resource Scan
Scan ID:{6140F231-4C9E-4C89-9887-D416778E94E5}
Scan Source:7
Start Time:12-06-2016 10:19:27
End Time:12-06-2016 10:20:14
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:1431913279403327486
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3340,ProcessStart:131254894894453125
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-06T09:20:17.274Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T09:21:26.244Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T09:21:26.291Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T09:21:26.962Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:26.978Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.009Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.009Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.025Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:27.244Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.869Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.884Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.884Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.900Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.900Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.916Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.916Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:21:57.931Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:22:30.291Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:22:30.291Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
2016-12-06T09:23:30.369Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.369Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.369Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.400Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.431Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.431Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.447Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.462Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.462Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.462Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.478Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.478Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.494Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.494Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:23:30.494Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5396
2016-12-06T09:23:30.525Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.

BEGIN BM telemetry
GUID:{1456B073-6866-BD17-618A-10566D1223B8}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3212
ProcessCreationTime:131254894887578125
SessionID:0
CreationTime:12-06-2016 10:23:38
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

2016-12-06T09:23:41.791Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T09:28:06.634Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-06T09:28:06.634Z Product supports installmode: 0
2016-12-06T09:28:06.666Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-06T09:28:06.666Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 55956180(ms)
2016-12-06T09:28:10.650Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-06T09:28:14.900Z Trace buffers written: 329, events lost: 0, buffers lost: 0, days: 0
2016-12-06T09:28:14.900Z Trusted image bitmap: 0x0
2016-12-06T09:28:14.900Z Trusted image OEM name: (not found)
2016-12-06T09:28:14.962Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-06T09:28:14.978Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5396
2016-12-06T09:28:14.978Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5396
2016-12-06T09:28:14.978Z [Mini-filter] Restricted access to process 6956 from pid: 6760. Original desired access: 0x1fffff.
2016-12-06T09:29:15.041Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.041Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.041Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.056Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5396
2016-12-06T09:29:15.072Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:29:15.072Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T09:34:29.009Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.009Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.009Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.009Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:34:29.025Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.041Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1f1fff.
2016-12-06T09:34:29.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.056Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.072Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.072Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.072Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.087Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.087Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.087Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.103Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.103Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
2016-12-06T09:34:29.119Z [Mini-filter] Restricted access to process 1040 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.119Z [Mini-filter] Restricted access to process 6800 from pid: 5396. Original desired access: 0x1fffff.
2016-12-06T09:34:29.119Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5396
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T09:36:49.697Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=true, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan

Lumis 07.12.2016 21:29
Code:
Scan ID:{A97EE8AA-3982-48AC-8157-E7744D84DED7}
Scan Source:7
Start Time:12-06-2016 10:36:49
End Time:12-06-2016 10:38:30
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3340,ProcessStart:131254894894453125
Explicit resource to scan
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606B-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{632B6060-BBC6-11D2-A329-006097C4E476}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:21
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
Unknown File
Identifier:14105644664979718142
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:file
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3340,ProcessStart:131254894894453125
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:12840072245577515006
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:5863487478424
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:3340142729047834622
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:6182801030435045374
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:23631359159303
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
Unknown File
Identifier:18181744765492527102
Number of Resources:5
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{E3DC6D1E-50E6-469D-818E-CD3FE8E24CF6}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{5908297F-1B90-4C81-8B9D-CAFB1808C432}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\wmex.dll
Extended Info:0
Unknown File
Identifier:9391451435192811518
Number of Resources:9
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{A5AC04E7-3E13-48CE-A43F-9FBA59DB1544}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{9571D958-9BCF-4e19-A374-FC2F321C8F61}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{632B606A-BBC6-11D2-A329-006097C4E476}
Extended Info:0
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{216D96AA-9109-472e-8CDD-821C952C4D6E}
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncEng.dll
Extended Info:0
End Scan
************************************************************

--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 19:51:40
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 18:51:40.750000000 UTC
2016-12-06T18:51:40.750Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T18:51:40.750Z Trace session started - MpWppTracing-12062016-195140-00000003-ffffffff.bin
2016-12-06T18:51:40.750Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T18:51:40.781Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94093
Number of invalid entries is 0
Number of inserts issued is 539599
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 482145
Number of lookup misses is 57948
Number of fast lookup misses is 291385
Number of false fast lookups is 57948
Number of invalidations is 40
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T18:51:40.781Z Verifying RTP plugin...
2016-12-06T18:51:40.781Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T18:51:40.796Z Loading engine...
2016-12-06T18:51:40.812Z Verifying engine and signature files (source: 1) ...
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T18:51:40.812Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T18:51:41.687Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\420559f6c5c54978abf1ea97d7dc8a6391712593
Dynamic Signature Compilation Timestamp:12-06-2016 10:18:23
Persistence Type:Duration
Time remaining:216000000
2016-12-06T18:51:41.687Z Initializing MPUT in engine...
2016-12-06T18:51:41.687Z MPUT initialized in the engine successfully
2016-12-06T18:51:41.734Z CSignatureStatus: back to good
2016-12-06T18:51:41.734Z Initializing RTP plugin state...
2016-12-06T18:51:41.734Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1567
  NTFS Cache Statistics:
  TotalMisses:5295
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T18:51:41.734Z Engine loaded!
2016-12-06T18:51:41.734Z Verifying license file...
2016-12-06T18:51:41.734Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T18:51:41.734Z Product supports installmode: 0
2016-12-06T18:51:41.750Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T18:51:41.750Z Loaded module#0 MpComServer.
2016-12-06T18:51:41.750Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T18:51:41.750Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T18:51:57.806Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{D3669ADE-C2E3-40E7-B1CF-0A01D0B664DB}
Scan Source:7
Start Time:12-06-2016 19:51:44
End Time:12-06-2016 19:51:57
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T18:51:59.416Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
2016-12-06T18:52:08.056Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:52:08.056Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\c8fe8a77c06946d9c0a3f71df84871b963d7ee97
Dynamic Signature Compilation Timestamp:12-06-2016 19:51:52
Persistence Type:Duration
Time remaining:216000000
2016-12-06T18:52:11.962Z Dynamic signature received
DSS Timeout:Received results after timeout
2016-12-06T18:52:11.962Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
Begin Resource Scan
Scan ID:{621906CD-6E0D-45CD-A6D2-9A259FC9DDA2}
Scan Source:7
Start Time:12-06-2016 19:52:14
End Time:12-06-2016 19:52:15
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\users\lutz\desktop\hijackthis.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\users\lutz\desktop\hijackthis.exe:Zone.Identifier
Extended Info:35874746033117
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T18:52:27.791Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{41C8B32F-6F5B-4D5F-A29C-EACDA0065E91}
Scan Source:7
Start Time:12-06-2016 19:52:31
End Time:12-06-2016 19:52:34
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
2016-12-06T18:52:38.752Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-06T18:52:39.456Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-06T18:52:40.824Z Process scan (poststartupscan) started.
2016-12-06T18:52:42.235Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5272
2016-12-06T18:52:42.236Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5272
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T18:52:47.231Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\audioenvironment.exe"
2016-12-06T18:52:50.808Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T18:52:50.809Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Begin Resource Scan
Scan ID:{979643CF-A74D-4152-9D61-CF29D4EBF368}
Scan Source:7
Start Time:12-06-2016 19:52:50
End Time:12-06-2016 19:52:53
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Result Count:3
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Extended Info:5863497417884
Unknown File
Identifier:8699507469090553854
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Extended Info:5863497417884
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
2016-12-06T18:52:55.608Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
2016-12-06T18:52:58.808Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\601274af351de373a3c0724cbb035b79048be501
Dynamic Signature Compilation Timestamp:12-06-2016 19:52:59
Persistence Type:Duration
Time remaining:216000000
2016-12-06T18:52:58.813Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T18:53:08.062Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:53:08.063Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:53:08.063Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5272
2016-12-06T18:53:08.075Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.076Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.078Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.078Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.094Z [Mini-filter] Restricted access to process 3804 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.099Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.100Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.102Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.103Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5272
2016-12-06T18:53:08.140Z [Mini-filter] Restricted access to process 3804 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.899Z [Mini-filter] Restricted access to process 1040 from pid: 5272. Original desired access: 0x1fffff.
2016-12-06T18:53:08.911Z [Mini-filter] Restricted access to process 3804 from pid: 5272. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:03:44
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:03:44.250000000 UTC
2016-12-06T19:03:44.250Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:03:44.250Z Trace session started - MpWppTracing-12062016-200344-00000003-ffffffff.bin
2016-12-06T19:03:44.250Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:03:44.265Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94093
Number of invalid entries is 0
Number of inserts issued is 539599
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 482145
Number of lookup misses is 57948
Number of fast lookup misses is 291385
Number of false fast lookups is 57948
Number of invalidations is 40
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:03:44.281Z Verifying RTP plugin...
2016-12-06T19:03:44.281Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:03:44.281Z Loading engine...
2016-12-06T19:03:44.296Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:03:44.296Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:03:45.296Z Initializing MPUT in engine...
2016-12-06T19:03:45.296Z MPUT initialized in the engine successfully
2016-12-06T19:03:45.328Z CSignatureStatus: back to good
2016-12-06T19:03:45.328Z Initializing RTP plugin state...
2016-12-06T19:03:45.328Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:742
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1418
  NTFS Cache Statistics:
  TotalMisses:5129
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

Lumis 07.12.2016 21:30
Code:
2016-12-06T19:03:45.328Z Engine loaded!
2016-12-06T19:03:45.343Z Verifying license file...
2016-12-06T19:03:45.343Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:03:45.343Z Product supports installmode: 0
2016-12-06T19:03:45.343Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:03:45.343Z Loaded module#0 MpComServer.
2016-12-06T19:03:45.343Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:03:45.359Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{488481F8-8673-4E1C-B2D4-2414AD7CFABE}
Scan Source:7
Start Time:12-06-2016 20:04:05
End Time:12-06-2016 20:04:43
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T19:05:04.883Z Process scan (poststartupscan) started.
2016-12-06T19:05:05.649Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:05:05.961Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:05:10.071Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:05:10.071Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:05:50.211Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:05:50.211Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.055Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.055Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.086Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.086Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
2016-12-06T19:07:52.555Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-06T19:07:56.024Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.040Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.071Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T19:08:02.461Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
2016-12-06T19:08:16.336Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T19:09:34.868Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T19:09:34.868Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Begin Resource Scan
Scan ID:{91714CA9-20CB-47A9-9573-976BF1F3E44E}
Scan Source:7
Start Time:12-06-2016 20:05:17
End Time:12-06-2016 20:09:53
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3040,ProcessStart:131255246451875000
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3040,ProcessStart:131255246451875000
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:14452099181164101630
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3040,ProcessStart:131255246451875000
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3040,ProcessStart:131255246451875000
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
2016-12-06T19:10:04.305Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\acsound.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:14:16
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:14:16.390625000 UTC
2016-12-06T19:14:16.390Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:14:16.406Z Trace session started - MpWppTracing-12062016-201416-00000003-ffffffff.bin
2016-12-06T19:14:16.406Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:14:16.421Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 494160
Number of lookup misses is 58570
Number of fast lookup misses is 295248
Number of false fast lookups is 58570
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:14:16.437Z Verifying RTP plugin...
2016-12-06T19:14:16.437Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:14:16.453Z Loading engine...
2016-12-06T19:14:16.468Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:14:17.390Z Initializing MPUT in engine...
2016-12-06T19:14:17.390Z MPUT initialized in the engine successfully
2016-12-06T19:14:17.500Z CSignatureStatus: back to good
2016-12-06T19:14:17.500Z Initializing RTP plugin state...
2016-12-06T19:14:17.500Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1321
  NTFS Cache Statistics:
  TotalMisses:4966
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T19:14:17.500Z Engine loaded!
2016-12-06T19:14:17.500Z Verifying license file...
2016-12-06T19:14:17.500Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:14:17.500Z Product supports installmode: 0
2016-12-06T19:14:17.562Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:14:17.562Z Loaded module#0 MpComServer.
2016-12-06T19:14:17.562Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:14:17.562Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:14:33.326Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{94DADB1D-8718-4338-9C2C-8DD26A182F0D}
Scan Source:7
Start Time:12-06-2016 20:14:20
End Time:12-06-2016 20:14:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T19:14:34.623Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-06T19:15:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:15:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:15:16.466Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:15:18.748Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2072
2016-12-06T19:15:18.748Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2072
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:15:22.654Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T19:15:22.654Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Begin Resource Scan
Scan ID:{A2962F25-0B15-47DE-97F6-37D0C93C8110}
Scan Source:7
Start Time:12-06-2016 20:15:21
End Time:12-06-2016 20:15:24
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
2016-12-06T19:15:38.560Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1f1fff.
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.216Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1f1fff.
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.263Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.263Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.263Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.263Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.326Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:04.029Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:04.044Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:28:38
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:28:38.984375000 UTC
2016-12-06T19:28:38.984Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:28:39.046Z Trace session started - MpWppTracing-12062016-202838-00000003-ffffffff.bin
2016-12-06T19:28:39.046Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:28:39.062Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 494160
Number of lookup misses is 58570
Number of fast lookup misses is 295248
Number of false fast lookups is 58570
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:28:39.062Z Verifying RTP plugin...
2016-12-06T19:28:39.062Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:28:39.078Z Loading engine...
2016-12-06T19:28:39.078Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:28:39.890Z Initializing MPUT in engine...
2016-12-06T19:28:39.890Z MPUT initialized in the engine successfully
2016-12-06T19:28:39.906Z CSignatureStatus: back to good
2016-12-06T19:28:39.906Z Initializing RTP plugin state...
2016-12-06T19:28:39.906Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:370
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1172
  NTFS Cache Statistics:
  TotalMisses:4593
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T19:28:39.906Z Engine loaded!
2016-12-06T19:28:39.921Z Verifying license file...
2016-12-06T19:28:39.921Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:28:39.921Z Product supports installmode: 0
2016-12-06T19:28:39.921Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:28:39.921Z Loaded module#0 MpComServer.
2016-12-06T19:28:39.921Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:28:39.921Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{B9F15BC2-6635-40FA-A2C5-6D3B8A8E1334}
Scan Source:7
Start Time:12-06-2016 20:28:53
End Time:12-06-2016 20:29:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T19:30:40.461Z Process scan (poststartupscan) started.
2016-12-06T19:30:40.493Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:30:40.711Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:30:46.993Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:30:46.993Z Process scan (poststartupscan) completed.
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:32:15
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:32:15.578125000 UTC
2016-12-06T19:32:15.578Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:32:15.578Z Trace session started - MpWppTracing-12062016-203215-00000003-ffffffff.bin
2016-12-06T19:32:15.578Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:32:15.593Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 499212
Number of lookup misses is 58794
Number of fast lookup misses is 296706
Number of false fast lookups is 58794
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-06T19:32:15.609Z Verifying RTP plugin...
2016-12-06T19:32:15.609Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:32:15.625Z Loading engine...
2016-12-06T19:32:15.640Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-06T19:32:16.515Z Initializing MPUT in engine...
2016-12-06T19:32:16.515Z MPUT initialized in the engine successfully
2016-12-06T19:32:16.531Z CSignatureStatus: back to good
2016-12-06T19:32:16.531Z Initializing RTP plugin state...
2016-12-06T19:32:16.531Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:370
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1147
  NTFS Cache Statistics:
  TotalMisses:4654
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-06T19:32:16.531Z Engine loaded!
2016-12-06T19:32:16.546Z Verifying license file...
2016-12-06T19:32:16.546Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:32:16.546Z Product supports installmode: 0
2016-12-06T19:32:16.546Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:32:16.546Z Loaded module#0 MpComServer.
2016-12-06T19:32:16.546Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:32:16.546Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:32:31.220Z MAPS Report Send (hr=0xffffffff httpcode=0)
Begin Resource Scan
Scan ID:{F742FE55-8B50-4B4D-9C2C-3F9E95FA067D}
Scan Source:7
Start Time:12-06-2016 20:32:19
End Time:12-06-2016 20:32:31
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-06T19:32:32.158Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:33:00.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:33:00.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:33:09.705Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 5488
2016-12-06T19:33:09.705Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 5488
2016-12-06T19:33:17.095Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5488
2016-12-06T19:33:17.095Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5488
2016-12-06T19:33:59.205Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.220Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.330Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:00.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.048Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.439Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.439Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.455Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.470Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.501Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.126Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.142Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.142Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.142Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.158Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.158Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.173Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.173Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.173Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.189Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.189Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:35.861Z On demand scan closed without completion. Current scan state: 1. ScanSource: 2, Scan flags:0x10001. NumberOfResources:0. bRemoveFromList:1
2016-12-06T19:35:24.705Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:35:30.626Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:35:30.626Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:36:44.673Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:36:44.689Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T19:37:27.392Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T19:39:46.783Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T19:39:46.783Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Begin Resource Scan

Lumis 07.12.2016 21:33
Code:
Begin Resource Scan
Scan ID:{222D38D9-B50A-4920-8DD0-E4078491D18B}
Scan Source:7
Start Time:12-06-2016 20:35:30
End Time:12-06-2016 20:39:55
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:5870588768083247102
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3216,ProcessStart:131255263398525390
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

2016-12-06T19:40:04.705Z MAPS Report Send (hr=0xffffffff httpcode=0)

BEGIN BM telemetry
GUID:{472D0732-B24B-00A7-FD97-952607CD9FB9}
TelemetryName:Behavior:Win32/EMSGen
SignatureID:51347397088536
ProcessID:3120
ProcessCreationTime:131255263391103515
SessionID:0
CreationTime:12-06-2016 20:40:14
ImagePath:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
END BM telemetry

Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:40:20.908Z MAPS Report Send (hr=0xffffffff httpcode=0)
Begin Resource Scan
Scan ID:{80DBC4FE-9FDC-4742-B477-BEC89354FE30}
Scan Source:7
Start Time:12-06-2016 20:40:14
End Time:12-06-2016 20:40:21
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:3
Unknown File
Identifier:467007837944414206
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\program files\john paul chacha's lab\chasys draw ies\setup.exe
Extended Info:631932727217916
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Extended Info:5863497417884
Unknown File
Identifier:8699507469090553854
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\acsound.exe
Extended Info:5863497417884
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\07D2020B-49C5-3D43-387C-D584D72B2A0C_1d250c1c056c679"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\2094E795-23A5-0E41-EDDE-E84679997ADA_1d250c1c081b0cd"
2016-12-06T19:40:23.783Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
2016-12-06T19:40:34.455Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-06T19:40:34.548Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Begin Resource Scan
Scan ID:{014A3298-F56D-4DCA-828B-F22491AC4C60}
Scan Source:7
Start Time:12-06-2016 20:40:38
End Time:12-06-2016 20:40:44
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Result Count:2
Unknown File
Identifier:3340142729047834622
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\15D3AD4A-53F4-1C38-7825-1E3AFE86FD1F_1d250c1ce3bfb01"
2016-12-06T19:40:47.658Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
2016-12-06T19:41:13.330Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe"
Begin Resource Scan
Scan ID:{FBC1B5B6-699E-4F2F-8B52-D99040B9CE0B}
Scan Source:7
Start Time:12-06-2016 20:41:16
End Time:12-06-2016 20:41:16
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAM FILES (X86)\Windows Media Components\Encoder\WMEncAgt.exe
Extended Info:35875764682496
End Scan
************************************************************

2016-12-06T19:42:16.548Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-06T19:42:16.548Z Product supports installmode: 0
2016-12-06T19:42:17.064Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-06T19:42:17.064Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 20813750(ms)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
2016-12-06T19:42:17.470Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\Creative\SHARED FILES\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Begin Resource Scan
Scan ID:{5F4B09EC-9FD8-494E-83CA-599FEDFCAC4A}
Scan Source:7
Start Time:12-06-2016 20:42:17
End Time:12-06-2016 20:42:19
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Result Count:1
Unknown File
Identifier:6182801030435045374
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAM FILES (X86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:23631359159303
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\E7972D13-24FF-EC43-B9BD-C89A4618E90A_1d250c2065fda39"
2016-12-06T19:42:20.908Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:42:23.033Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-06T19:42:32.392Z Trace buffers written: 322, events lost: 0, buffers lost: 0, days: 0
2016-12-06T19:42:32.392Z Trusted image bitmap: 0x0
2016-12-06T19:42:32.392Z Trusted image OEM name: (not found)
2016-12-06T19:42:32.486Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-06T19:42:32.486Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5488
2016-12-06T19:42:32.486Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 5488
2016-12-06T19:42:32.501Z [Mini-filter] Restricted access to process 7104 from pid: 3164. Original desired access: 0x1fffff.
2016-12-06T19:42:32.564Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched
2016-12-06T19:42:32.564Z Run lost scheduled job: SignatureUpdate -ScheduleJob -RestrictPrivileges
2016-12-06T19:42:32.580Z [Mini-filter] Restricted access to process 1164 from pid: 7012. Original desired access: 0x1fffff.
2016-12-06T19:42:32.626Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2016-12-06T19:42:32.642Z [Mini-filter] Restricted access to process 3504 from pid: 2004. Original desired access: 0x1fffff.
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.595Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.642Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.673Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.673Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.689Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.720Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.736Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.736Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.751Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T19:43:32.751Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.767Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T19:43:32.767Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.767Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.798Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.814Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.814Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.814Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.830Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.830Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.845Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.845Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.845Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.861Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.861Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.861Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.861Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.876Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.876Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.876Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.923Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.955Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.970Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:32.986Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:32.986Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:33.001Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.017Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.017Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:33.017Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.033Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:33.033Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T19:43:33.064Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.939Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.955Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.955Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.970Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.970Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:47.986Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.001Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.001Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.017Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:43:48.017Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\Device\HarddiskVolume2\Aerosoft\Launcher\aeroCrypt.dll"
2016-12-06T19:50:19.720Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Begin Resource Scan
Scan ID:{8CC6014E-B589-4C9D-ACE8-DCFEE88C1338}
Scan Source:7
Start Time:12-06-2016 20:50:19
End Time:12-06-2016 20:50:20
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Result Count:1
Unknown File
Identifier:12840072245577515006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:5863487478424
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=true, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\AD3A7507-20DF-64FF-6790-1FD620AA2C3D_1d250c3243c0d15"
2016-12-06T19:50:20.595Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\C:\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\\?\E:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T20:04:13.689Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E45736A0D, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\\?\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=true, resource="\\?\C:\Aerosoft\Launcher\aeroCrypt.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0001E7BD19839BD8, signame=TEL:Lua:RegValExclusionsPaths.A, cached=false, resource="HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{7297C4CD-26A6-4B59-A257-539AE75273CC}
Scan Source:7
Start Time:12-06-2016 21:04:13
End Time:12-06-2016 21:05:51
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:clsid
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3216,ProcessStart:131255263398525390
Explicit resource to scan
Resource Schema:queryfileregkeyvalue
Resource Path:HKLM\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths\\
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMEncAgt.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/pcswpc.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/CommonCustomActions/WMFDist11-WindowsXP-X86-ENU.exe->(WExtract)->wmfdist11.exe->(SfxCab_8ead0856)->portabledevicetypes.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Installer/InstallerServiceExec.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe->(7zSfx)->Packages/NSU/Setup/NSU.msi->Data1.cab->ta_productdata_handl.D321D6CC_DBBE_4AC3_8DBD_DFF82BB39BDC
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{B6913798-10BF-430C-A26F-E6DEE22EB9BA}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\CLSID\{C2AC89E1-DC8C-4EF9-ADFF-6B455B26787A}
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Explicit resource to scan
Resource Schema:service
Resource Path:chip1click
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Explicit resource to scan
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelib
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:typelibversion
Resource Path:HKLM\SOFTWARE\Wow6432Node\CLASSES\TYPELIB\{D9655475-53BD-431C-B22F-CC98BCE33082}\1.0
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Nokia Ovi Suite
Explicit resource to scan
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Result Count:14
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:1400350415148548094
Number of Resources:2
Resource Schema:service
Resource Path:chip1click
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:0
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3216,ProcessStart:131255263398525390
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:11554872916554285054
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Uninstall.exe
Extended Info:0
Unknown File
Identifier:14105644664979718142
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Resource Schema:file
Resource Path:C:\Aerosoft\Launcher\aeroCrypt.dll
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
Unknown File
Identifier:5129542798822866942
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:0
Unknown File
Identifier:17579776275432603646
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Xtreme FSX PC
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Console Launcher\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:2611507776458850302
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:shareddll
Resource Path:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Creative\Shared Files\CTRegSvu.exe
Extended Info:0
Unknown File
Identifier:7106473450117529598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Extended Info:40956872578181
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\Device\HarddiskVolume2\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b"
2016-12-06T20:05:51.760Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T20:05:51.760Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\\?\C:\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b"
Begin Resource Scan
Scan ID:{978BE61C-D1D1-4E7F-B306-3D14147F0492}
Scan Source:7
Start Time:12-06-2016 21:05:51
End Time:12-06-2016 21:05:51
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b
Result Count:1
Unknown File
Identifier:1400350415148548094
Number of Resources:1
Resource Schema:file
Resource Path:C:\PROGRAMDATA\Microsoft\MICROSOFT ANTIMALWARE\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b
Extended Info:0
End Scan
************************************************************

2016-12-06T20:05:52.135Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T20:06:32.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.041Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.073Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.104Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.104Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.166Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.182Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.182Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.182Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.198Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.198Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.198Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.213Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.213Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.213Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:06:32.260Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:32.260Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:34.495Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:34.510Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:06:34.510Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:11:48.628Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T20:17:04.766Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.782Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.782Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.797Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.813Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.813Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.813Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.829Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.829Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.844Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.860Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.860Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.938Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.954Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.954Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.969Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.985Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.985Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:04.985Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.000Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.000Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.016Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.032Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:05.032Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.684Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.700Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.700Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.700Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.715Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.715Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.731Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.747Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.747Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.747Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.762Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:06.762Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.271Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.287Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.287Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.302Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.318Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.318Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.318Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.333Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.333Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.349Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.365Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:07.365Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.535Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.550Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.550Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.566Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.582Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.582Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.582Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.597Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.597Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.613Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.628Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:15.628Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.766Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.779Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.781Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.788Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.808Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.808Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.829Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.841Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.843Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.850Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.863Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:30.865Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:53.803Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:53.803Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:17:53.803Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:21:17.010Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:21:17.010Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:21:17.026Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:30:18.902Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:30:18.910Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:30:18.917Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.484Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.500Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.515Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.828Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.859Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.859Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.906Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.937Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:44.937Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.421Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.437Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.437Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.484Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.500Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.515Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.578Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.593Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.609Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.656Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.671Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.687Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.734Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.750Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.765Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.812Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.828Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.828Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.953Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.984Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:45.984Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.312Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.328Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.328Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.421Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.437Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.437Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.781Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.796Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:46.796Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.109Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.125Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.125Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.171Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.187Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.187Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.253Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.284Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:47.284Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.190Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.206Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.206Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.315Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.331Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.331Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.393Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.409Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.409Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.471Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.487Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.487Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.596Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.596Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.690Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.721Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.721Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.831Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.846Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.862Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.924Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.940Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:48.940Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.706Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.721Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.721Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.737Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.737Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.737Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.737Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:32:49.752Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.752Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:32:49.752Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.752Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T20:32:49.784Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.784Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.784Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.784Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.815Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.815Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.831Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.831Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.831Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.831Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T20:32:49.877Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.893Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.940Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.956Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.971Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.971Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.987Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:49.987Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.518Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.518Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.565Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.596Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.596Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.612Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:51.612Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.487Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.487Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.534Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.549Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.565Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.565Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:57.581Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.190Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.190Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.237Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.252Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.268Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.268Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.284Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:32:59.284Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.555Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.649Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.649Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.805Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:08.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:09.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:09.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:10.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:11.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.055Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.055Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:12.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.180Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.415Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.415Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.

Lumis 07.12.2016 21:33
Code:
2016-12-06T20:33:14.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.602Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.915Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.915Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.961Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.977Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:14.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.211Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.227Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.508Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.586Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.696Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.930Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.930Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:15.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.165Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.165Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.258Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.258Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.258Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.290Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.336Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.383Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.383Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.399Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.415Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T20:33:16.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.602Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:16.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.149Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.149Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.383Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.586Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.618Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.633Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:17.961Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.211Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.290Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.290Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.446Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.461Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.633Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.665Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.665Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:18.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.336Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.336Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.508Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:19.961Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.258Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.321Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.336Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.383Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.399Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.399Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:20.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.165Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.165Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.227Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.227Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.305Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.805Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:21.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.180Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.258Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.446Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.446Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.461Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.711Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:22.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:23.696Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:23.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.102Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.290Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.290Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.368Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.633Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.696Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.946Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:24.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.180Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.383Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.383Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.446Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.555Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.555Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.555Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:25.571Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:25.586Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.586Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.633Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.649Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.665Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.665Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.665Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.680Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T20:33:25.727Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.758Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.774Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.790Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.946Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.961Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.977Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.977Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:25.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.133Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.149Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.165Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.211Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.321Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.321Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.915Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.915Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.930Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.946Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:26.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.102Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.133Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.149Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.149Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.165Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.196Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.493Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.571Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.618Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.633Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.649Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.649Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.696Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.711Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.711Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.711Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.727Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.727Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.743Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.743Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.758Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.790Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:27.805Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1f1fff.
2016-12-06T20:33:27.821Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.821Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.852Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.868Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.868Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.899Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:27.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.915Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.915Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:27.915Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T20:33:28.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.180Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.180Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.196Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.211Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.211Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.227Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.227Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.258Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.368Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.368Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.383Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.383Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.415Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.415Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.446Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.524Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.540Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.555Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.555Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.571Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.586Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.618Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.711Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.727Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.727Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.743Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.758Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.774Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.774Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.790Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.868Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.883Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.930Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.930Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.930Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:28.946Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.040Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.055Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.055Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.086Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.102Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.883Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.883Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:29.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.102Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.118Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.118Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.118Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.133Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.133Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.305Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.305Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.321Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.321Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.336Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.352Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.352Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.352Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.368Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.368Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.493Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.493Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.524Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.540Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.540Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.555Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.571Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.571Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.696Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.696Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.711Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.711Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.727Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.727Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.743Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.743Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.852Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.868Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.883Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.899Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.899Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.899Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.915Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.930Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:30.930Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.071Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.086Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.196Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.211Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.211Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.227Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.243Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.274Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.290Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.290Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.399Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.415Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.415Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.430Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.430Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.446Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.461Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.477Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.477Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.555Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.586Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.586Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.586Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.602Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.602Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.633Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.633Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.649Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.649Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.743Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.758Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.758Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.758Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.774Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.774Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.790Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.805Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.805Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.821Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.836Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.930Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.946Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.946Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.946Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.961Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.977Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:31.993Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.008Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.024Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.024Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.071Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.086Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.102Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.243Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.243Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.258Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.258Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.274Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.274Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.290Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.305Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.305Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.321Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.336Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.336Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.430Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.446Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.446Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.446Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.461Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.477Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.493Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.493Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.508Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.508Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.524Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.602Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.618Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.618Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.618Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.633Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.633Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.649Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.665Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.665Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.680Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.680Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.680Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.774Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.790Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.790Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.805Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.821Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.821Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.836Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.836Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.852Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.852Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.868Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.868Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.977Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.977Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.993Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:32.993Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.008Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.008Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.024Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.040Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.040Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.055Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.055Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:33.071Z [Mini-filter] Restricted access to process 3504 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T20:33:35.437Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpsvc.dll, pid: 5488
2016-12-06T20:33:35.453Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpsvc.dll, pid: 5488
2016-12-06T20:33:35.468Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpclient.dll, pid: 5488
2016-12-06T20:33:35.468Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpclient.dll, pid: 5488
2016-12-06T20:33:35.484Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpcommu.dll, pid: 5488
2016-12-06T20:33:35.484Z [Mini-filter] Denied access to file: \program files\microsoft security client\mpcommu.dll, pid: 5488
2016-12-06T20:33:35.531Z [Mini-filter] Denied access to file: \program files\microsoft security client\mprtp.dll, pid: 5488
2016-12-06T20:33:35.531Z [Mini-filter] Denied access to file: \program files\microsoft security client\mprtp.dll, pid: 5488
2016-12-06T20:33:43.406Z [Mini-filter] Denied access to file: \program files\microsoft security client\eppmanifest.dll, pid: 5488
2016-12-06T20:33:43.406Z [Mini-filter] Denied access to file: \program files\microsoft security client\eppmanifest.dll, pid: 5488
2016-12-06T20:33:50.757Z [Mini-filter] Denied access to file: \program files\microsoft security client\nislog.dll, pid: 5488
2016-12-06T20:33:50.757Z [Mini-filter] Denied access to file: \program files\microsoft security client\nislog.dll, pid: 5488
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon"
2016-12-06T21:23:32.685Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.685Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.687Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.702Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.719Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:23:32.736Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:23:32.749Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.749Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.750Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.750Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 5488
2016-12-06T21:23:32.767Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:23:32.781Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.362Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.375Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.385Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.399Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.428Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.437Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:34:58.451Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
2016-12-06T21:37:52.393Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\\?\D:\AudioEnvironment.exe"

Lumis 07.12.2016 21:54
Code:
Begin Resource Scan
Scan ID:{58531C0A-6081-4CA4-939A-A7D545291BF2}
Scan Source:7
Start Time:12-06-2016 22:37:52
End Time:12-06-2016 22:37:53
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\AudioEnvironment.exe
Result Count:1
Unknown File
Identifier:11224847328881934334
Number of Resources:1
Resource Schema:file
Resource Path:D:\AudioEnvironment.exe
Extended Info:0
End Scan
************************************************************

2016-12-06T21:37:53.683Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
2016-12-06T21:37:56.876Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T21:38:06.898Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\\?\D:\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Begin Resource Scan
Scan ID:{5BB8428C-112B-4D0A-A800-CBA75908FC73}
Scan Source:7
Start Time:12-06-2016 22:38:08
End Time:12-06-2016 22:38:09
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\ACSound.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Result Count:1
Unknown File
Identifier:669509434212351998
Number of Resources:1
Resource Schema:file
Resource Path:D:\ACSound.exe
Extended Info:0
End Scan
************************************************************

2016-12-06T21:38:10.017Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\PROGRAM FILES (X86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-06T21:48:55.738Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:48:55.751Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:51:34.175Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T21:51:34.190Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:40.333Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:40.347Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.142Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.156Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.165Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.178Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.194Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.208Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.217Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:05:42.232Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:39:27.951Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:39:27.965Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:50.989Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.005Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.017Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.033Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.050Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.067Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.078Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.093Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.154Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:51.170Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.194Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.210Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.222Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.237Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.255Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.270Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.282Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:49:55.295Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.416Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.431Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.445Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.461Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.479Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.499Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.509Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:01.525Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:03.415Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:03.427Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:09.943Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:09.957Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:09.969Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:09.983Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:10.000Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:10.015Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:10.026Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:10.041Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.124Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.137Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.148Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.163Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.178Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.195Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.206Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:13.220Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:20.946Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:20.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:20.976Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:20.990Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:21.006Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:21.020Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:21.032Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T22:50:21.047Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.193Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.208Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.221Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.237Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.254Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.272Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.282Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T23:49:53.298Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:14.726Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:14.740Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.263Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.277Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.287Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.299Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.315Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.329Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.338Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:11:22.351Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:57.890Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:57.905Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:58.161Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:58.174Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:58.190Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:58.204Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:58.213Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:31:58.227Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.120Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.134Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.161Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.174Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.191Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.205Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.214Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:49:53.229Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.233Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.250Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.260Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.276Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.294Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.312Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.322Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T00:54:08.336Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.200Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.213Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.485Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.498Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.506Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.521Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.537Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.551Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.560Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:13:25.575Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.590Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.604Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.615Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.629Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.646Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.660Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.669Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:49.684Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.500Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.516Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.529Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.543Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.566Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.582Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.592Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.607Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:52.995Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:53.009Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:53.022Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:53.036Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:53.053Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:53.067Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:53.080Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:17:53.093Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:18:39.206Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:18:39.219Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:22:04.519Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:22:04.533Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\3acd443411ec26fb16821cc87cd14af2ab413cbf
Dynamic Signature Compilation Timestamp:12-07-2016 02:24:34
Persistence Type:Duration
Time remaining:216000000
2016-12-07T01:24:38.891Z Dynamic signature received
2016-12-07T01:24:38.903Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-07T01:26:11.326Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:26:11.339Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
2016-12-07T01:29:09.651Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=true, resource="\Device\HarddiskVolume6\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume6\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Begin Resource Scan
Scan ID:{4CD407A9-28A7-4A89-83B7-70904C7AC00D}
Scan Source:7
Start Time:12-07-2016 02:29:05
End Time:12-07-2016 02:29:09
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)
Result Count:1
Unknown File
Identifier:3984776440678711294
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)
Extended Info:5866722478678
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=true, resource="(nsis-instdata)->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="(nsis-instdata)->(nsis-instdata)"
2016-12-07T01:29:16.837Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T01:29:53.948Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:29:53.961Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Fliegen\FRST64.exe"
2016-12-07T01:31:10.227Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Fliegen\FRST64.exe"
Begin Resource Scan
Scan ID:{6CE5031C-161C-4D6C-9163-7FCEFB5A579B}
Scan Source:7
Start Time:12-07-2016 02:31:10
End Time:12-07-2016 02:31:14
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Fliegen\FRST64.exe
Result Count:1
Unknown File
Identifier:8606372378882080766
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Fliegen\FRST64.exe
Extended Info:631932727217916
End Scan
************************************************************

2016-12-07T01:31:17.511Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000F778E199D50E, signame=PWS:MSIL/Stimilini.D, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000F778E199D50E, signame=PWS:MSIL/Stimilini.D, cached=true, resource="\Device\HarddiskVolume6\Games\Sid Meier's Civilization V - Game of the Year Edition\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000F778E199D50E, signame=PWS:MSIL/Stimilini.D, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\Setup.exe"
Begin Resource Scan
Scan ID:{1346E98B-A5F3-4ECE-9A7F-FF04069C496F}
Scan Source:7
Start Time:12-07-2016 02:31:59
End Time:12-07-2016 02:31:59
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\Setup.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\Setup.exe
Extended Info:25770400046990
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x0000157EEF201F28, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\resources\DirectX\D3D11Install.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEF201F28, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\resources\DirectX\D3D11Install.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEF201F28, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\resources\DirectX\D3D11Install.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEF201F28, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume6\Games\Sid Meier's Civilization V - Game of the Year Edition\resources\DirectX\D3D11Install.exe"
2016-12-07T01:34:02.247Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\e2c527c3d26e9bc4a648907706b2bc7957bee60a
Dynamic Signature Compilation Timestamp:12-07-2016 02:34:00
Persistence Type:Duration
Time remaining:216000000
2016-12-07T01:34:02.251Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EEF201F28, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\resources\DirectX\D3D11Install.exe"
Begin Resource Scan
Scan ID:{27753C00-32D8-4A7F-8D35-841C7F20880F}
Scan Source:7
Start Time:12-07-2016 02:34:01
End Time:12-07-2016 02:34:02
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\resources\DirectX\D3D11Install.exe
Result Count:1
Unknown File
Identifier:904414789202083838
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Lutz\Desktop\Games\Sid Meier's Civilization V - Game of the Year Edition\resources\DirectX\D3D11Install.exe
Extended Info:0
End Scan
************************************************************

2016-12-07T01:34:02.998Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T01:35:33.324Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:33.336Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:33.346Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:33.360Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:33.375Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:33.388Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:33.397Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:33.410Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.871Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.883Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.894Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.907Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.924Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.937Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.948Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:36.963Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.060Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.074Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.217Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.231Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.242Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.256Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.273Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.289Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.298Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-07T01:35:37.312Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log
Stopped On 12-07-2016 02:42:12 (Exit Code = 0x0)
************************************************************
2016-12-07T01:42:13.014Z Unloaded module#0 MpComServer.
2016-12-07T01:42:13.014Z Shutdowning WscLib, update=0, snooze=0
2016-12-07T01:42:13.045Z
****************************RTP Perf Log***************************
RTP Start:‎12‎-‎06‎-‎2016 20:32:16
Last Perf:‎12‎-‎06‎-‎2016 20:32:16
First RTP Scan:‎12‎-‎06‎-‎2016 20:32:16
Plugin States:  AV:1  AS:1  RTP:1  OA:1  BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:3
System File Cache:
  Hits:28606
  Misses:45253
BM Queue:94,1011,0
  Proc:57,1009,0
  File:37,446,0
Plugin Queue:0,1,0
  Threat:0,1,0
  Susp:0,1,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,3,0
  SetEngine:1,1,0
  SetState:0,1,0
  SetUser:0,0,0
  Config:0,1,0
  ProcExcl:0,1,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:124342
  Pending:0
  RegSize:134308
  AsyncQNotif:1
  AsyncQMissed:0
  AsyncQTotalSent:38804352
  AsyncQCurrent:80
  BMFlags:15
  ServiceMaj:0
  ServiceMin:0
  NumInstance:6
  TotalStreamCon:8540
  NTFS Cache Statistics:
  TotalMisses:79090
  TotalHits:3978225
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:2ms (4024/1604)
  Success: 1604, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-07-2016 17:21:41
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/07/2016 16:21:41.156250000 UTC
2016-12-07T16:21:41.156Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-07T16:21:41.171Z Trace session started - MpWppTracing-12072016-172141-00000003-ffffffff.bin
2016-12-07T16:21:41.171Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-07T16:21:41.187Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 97421
Number of invalid entries is 0
Number of inserts issued is 543522
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 604994
Number of lookup misses is 66213
Number of fast lookup misses is 334327
Number of false fast lookups is 66213
Number of invalidations is 169
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-07T16:21:41.203Z Verifying RTP plugin...
2016-12-07T16:21:41.203Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-07T16:21:41.203Z Loading engine...
2016-12-07T16:21:41.234Z Verifying engine and signature files (source: 1) ...
2016-12-07T16:21:41.234Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-07T16:21:41.234Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-07T16:21:41.234Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-07T16:21:41.234Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-07T16:21:41.234Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-07T16:21:42.156Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\3acd443411ec26fb16821cc87cd14af2ab413cbf
Dynamic Signature Compilation Timestamp:12-07-2016 02:24:34
Persistence Type:Duration
Time remaining:216000000
2016-12-07T16:21:42.156Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\601274af351de373a3c0724cbb035b79048be501
Dynamic Signature Compilation Timestamp:12-06-2016 19:52:59
Persistence Type:Duration
Time remaining:216000000
2016-12-07T16:21:42.156Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\c8fe8a77c06946d9c0a3f71df84871b963d7ee97
Dynamic Signature Compilation Timestamp:12-06-2016 19:51:52
Persistence Type:Duration
Time remaining:216000000
2016-12-07T16:21:42.156Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\e2c527c3d26e9bc4a648907706b2bc7957bee60a
Dynamic Signature Compilation Timestamp:12-07-2016 02:34:00
Persistence Type:Duration
Time remaining:216000000
2016-12-07T16:21:42.171Z Initializing MPUT in engine...
2016-12-07T16:21:42.171Z MPUT initialized in the engine successfully
2016-12-07T16:21:42.281Z CSignatureStatus: back to good
2016-12-07T16:21:42.281Z Initializing RTP plugin state...
2016-12-07T16:21:42.281Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States:  AV:2  AS:2  RTP:2  OA:2  BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
  AM:35
  Async:8
Cache Flushes:
  RTP:0
System File Cache:
  Hits:0
  Misses:0
BM Queue:0,1,0
  Proc:0,1,0
  File:0,0,0
Plugin Queue:0,0,0
  Threat:0,0,0
  Susp:0,0,0
  Unknown:0,0,0
  Error:0,0,0
Request Queue:1,1,0
  SetEngine:1,1,0
  SetState:0,0,0
  SetUser:0,0,0
  Config:0,0,0
  ProcExcl:0,0,0
  FilterReload:0,0,0
  FilterUnload:0,0,0
MpFilter:
  Scans:0
  Pending:0
  RegSize:0
  AsyncQNotif:0
  AsyncQMissed:0
  AsyncQTotalSent:926
  AsyncQCurrent:0
  BMFlags:8
  ServiceMaj:0
  ServiceMin:0
  NumInstance:5
  TotalStreamCon:1239
  NTFS Cache Statistics:
  TotalMisses:4884
  TotalHits:0
  InstanceCacheHits:0
  CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
  TotalMisses:0
  TotalHits:0
  InstanceCacheInserts:0
  InstanceCacheUpdates:0
  InstanceCacheDeletes:0
  InstanceCacheHits:0
  InstanceCacheMisses:0
  InstanceCacheOverflows:0
  SyncProcessCreateDuration:-1ms (0/0)
  Success: 0, failures: 0 (last code: 0x0), timeouts: 0,  baddata: 0
 
**************************END RTP Perf Log*************************

 
 

2016-12-07T16:21:42.281Z Engine loaded!
2016-12-07T16:21:42.296Z Verifying license file...
2016-12-07T16:21:42.296Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-07T16:21:42.296Z Product supports installmode: 0
2016-12-07T16:21:42.296Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-07T16:21:42.296Z Loaded module#0 MpComServer.
2016-12-07T16:21:42.296Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-07T16:21:42.296Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-07T16:21:59.101Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Begin Resource Scan
Code:
Scan ID:{5E447B43-9E18-4D2E-9B51-BF8E2327D25E}
Scan Source:7
Start Time:12-07-2016 17:21:45
End Time:12-07-2016 17:21:59
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************

2016-12-07T16:22:07.726Z MAPS Report Send (hr=0x0 httpcode=200)
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\d00cdd198c0d4069d8dbd15e11ef2e23ca8ab63c
Dynamic Signature Compilation Timestamp:12-07-2016 17:21:55
Persistence Type:Duration
Time remaining:216000000
2016-12-07T16:22:09.882Z Dynamic signature received
DSS Timeout:Received results after timeout
2016-12-07T16:22:09.898Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\users\lutz\desktop\hijackthis.exe"
2016-12-07T16:22:25.242Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 3160
2016-12-07T16:22:25.242Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 3160
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
2016-12-07T16:22:33.273Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-07T16:22:33.804Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-07T16:22:39.914Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-07T16:22:41.210Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-07T16:22:42.617Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 3160
2016-12-07T16:22:42.617Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 3160
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
Begin Resource Scan
Scan ID:{310E9B84-0DCC-4DD8-9207-3560BA3A509B}
Scan Source:7
Start Time:12-07-2016 17:22:33
End Time:12-07-2016 17:22:34
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Result Count:1
Unknown File
Identifier:16876926893444562942
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:D:\audioenvironment.exe
Extended Info:5863497417884
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-07T16:22:48.726Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-07T16:22:51.320Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T16:22:51.320Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-07T16:22:54.398Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-07T16:23:05.617Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\b986de70ff5a589cc22fc07fa25cc3bd4e9d3761
Dynamic Signature Compilation Timestamp:12-07-2016 17:23:07
Persistence Type:Duration
Time remaining:216000000
2016-12-07T16:23:05.617Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Fliegen\FRST64.exe"
2016-12-07T16:23:07.960Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Fliegen\FRST64.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-07T16:23:25.257Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 3160
2016-12-07T16:23:25.257Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 3160
2016-12-07T16:23:25.257Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 3160
2016-12-07T16:23:25.273Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:25.273Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3160
2016-12-07T16:23:25.273Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:25.273Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3160
2016-12-07T16:23:25.289Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:25.289Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:25.289Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3160
2016-12-07T16:23:25.289Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:25.289Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 3160
2016-12-07T16:23:25.335Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:26.085Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:26.085Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Begin Resource Scan
Scan ID:{C8D55566-ADC2-4926-8DCE-FD9B1405E425}
Scan Source:7
Start Time:12-07-2016 17:23:03
End Time:12-07-2016 17:23:40
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3372,ProcessStart:131256013051064453
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3372,ProcessStart:131256013051064453
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:18261741142720643070
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3372,ProcessStart:131256013051064453
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3372,ProcessStart:131256013051064453
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-07T16:23:42.789Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T16:23:42.898Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 3160
2016-12-07T16:23:42.898Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 3160
2016-12-07T16:23:42.898Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 3160
2016-12-07T16:23:42.914Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.929Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.929Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 3160
2016-12-07T16:23:42.929Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.945Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.945Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 3160
2016-12-07T16:23:42.945Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.960Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.960Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 3160
2016-12-07T16:23:42.960Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.976Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:23:42.992Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 3160
2016-12-07T16:23:50.898Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Begin Resource Scan
Scan ID:{523C7BDB-BC3F-4614-8933-B6165C2C24A5}
Scan Source:7
Start Time:12-07-2016 17:23:57
End Time:12-07-2016 17:23:58
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe
Extended Info:25772675547444
End Scan
************************************************************

Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
2016-12-07T16:24:01.867Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T16:24:01.867Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\\?\C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
2016-12-07T16:24:20.226Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{92835B9D-958A-400A-9485-55EE23FBAF36}
Scan Source:7
Start Time:12-07-2016 17:24:14
End Time:12-07-2016 17:24:20
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe
Result Count:2
Unknown File
Identifier:3340142729047834622
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]
Extended Info:5866550236419
Unknown File
Identifier:9369635509590032382
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe
Extended Info:5866550236419
End Scan
************************************************************
Code:
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO-V"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="[EPO"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\0C02537C-3ECF-B20A-1414-0D202AEBAB71_1d2516f87a8213d"
2016-12-07T16:24:21.742Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T16:25:08.914Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:25:08.929Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:25:08.945Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:25:08.945Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:25:08.960Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:25:09.117Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:27:55.534Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:27:55.549Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.428Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.442Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.447Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.459Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.469Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.483Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.488Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:05.500Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.783Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.795Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.800Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.813Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.822Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.835Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.839Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:10.853Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:31:42.296Z AutoPurgeWorker triggered with dwWork=0x3
2016-12-07T16:31:42.296Z Product supports installmode: 0
2016-12-07T16:31:42.347Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2016-12-07T16:31:42.347Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 31819686(ms)
2016-12-07T16:31:46.872Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2016-12-07T16:31:50.027Z Trace buffers written: 335, events lost: 0, buffers lost: 0, days: 0
2016-12-07T16:31:50.027Z Trusted image bitmap: 0x0
2016-12-07T16:31:50.027Z Trusted image OEM name: (not found)
2016-12-07T16:31:50.035Z Task(-UploadSQM -RestrictPrivileges) launched
2016-12-07T16:31:50.038Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 3160
2016-12-07T16:31:50.038Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MPCMDRUN.EXE, pid: 3160
2016-12-07T16:31:50.047Z [Mini-filter] Restricted access to process 8144 from pid: 7800. Original desired access: 0x1fffff.
2016-12-07T16:31:50.083Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) launched
2016-12-07T16:31:50.083Z Run lost scheduled job: SignatureUpdate -ScheduleJob -RestrictPrivileges
2016-12-07T16:31:50.090Z [Mini-filter] Restricted access to process 8188 from pid: 8180. Original desired access: 0x1fffff.
2016-12-07T16:31:50.138Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2016-12-07T16:31:50.146Z [Mini-filter] Restricted access to process 7872 from pid: 8100. Original desired access: 0x1fffff.
2016-12-07T16:32:50.090Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.091Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.091Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.103Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.121Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.134Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.137Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.143Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.144Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.144Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.153Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.166Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.167Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.184Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.197Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.200Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.202Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.214Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.217Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.220Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.224Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.238Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.241Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.243Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.255Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.257Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.283Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.287Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.288Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.288Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.288Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1f1fff.
2016-12-07T16:32:50.293Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.307Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1f1fff.
2016-12-07T16:32:50.308Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.308Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.333Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.346Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.349Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.349Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.351Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.365Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.367Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.368Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.375Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.388Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.390Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.391Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.393Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.406Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.408Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.409Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.436Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.437Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.437Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.437Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MpCmdRun.exe, pid: 3160
2016-12-07T16:32:50.455Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.467Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T16:32:50.470Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.636Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.654Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.657Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.661Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.677Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.679Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.692Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.707Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.708Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.712Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.728Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.730Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.789Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.803Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:24.805Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.186Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.204Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.207Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.210Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.226Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.228Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.240Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.254Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.256Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.260Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.275Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:31.278Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:32.944Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:32.959Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:32.961Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.820Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.833Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.835Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.841Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.860Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.861Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.873Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.888Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.890Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.896Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.911Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:36.914Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.608Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.625Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.626Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.631Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.646Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.648Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.658Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.673Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.675Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.679Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.696Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:38.698Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:39.938Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:39.953Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:39.955Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:39.958Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:39.972Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:39.975Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:39.986Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:40.001Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:40.003Z [Mini-filter] Restricted access to process 7872 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T17:30:40.008Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
So, jetzt ist der komplette Log durch. Hatte es dann selber doch gefunden.

Code:
2016-12-05T18:15:51.767Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-12-05T18:15:52.080Z Version: Product 4.10.209.0 Service 4.10.209.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0
2016-12-05T18:18:57.033Z Version: Product 4.10.209.0 Service 4.10.209.0 Engine 1.1.13303.0 AS 1.233.1429.0 AV 1.233.1429.0
2016-12-05T19:00:37.055Z DETECTION Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
2016-12-05T19:01:10.067Z DETECTION Trojan:Win32/Neurevt regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:10.067Z DETECTION Trojan:Win32/Neurevt runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:20.625Z DETECTION Trojan:Win32/MultiInjector.A!rfn containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
2016-12-05T19:01:20.625Z DETECTION Trojan:Win32/MultiInjector.A!rfn file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe
2016-12-05T19:01:20.631Z DETECTION Trojan:Win32/Neurevt file:C:\ProgramData\CPU Temp Monitor Service\aog71egk99q5m9.exe
2016-12-05T19:01:20.631Z DETECTION Trojan:Win32/Neurevt regkey:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:01:20.631Z DETECTION Trojan:Win32/Neurevt runonce:HKCU@S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\CPU Temp Monitor Service
2016-12-05T19:05:33.429Z DETECTION Trojan:Win32/Rundas.A containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
2016-12-05T19:05:33.429Z DETECTION Trojan:Win32/Rundas.A file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x64.exe
2016-12-05T19:07:35.063Z Service stopped with exit code 0x0
2016-12-05T19:29:50.359Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-12-05T19:29:51.531Z Version: Product 4.10.209.0 Service 4.10.209.0 Engine 1.1.13303.0 AS 1.233.1429.0 AV 1.233.1429.0
2016-12-06T09:18:05.468Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-12-06T09:18:06.625Z Version: Product 4.10.209.0 Service 4.10.209.0 Engine 1.1.13303.0 AS 1.233.1429.0 AV 1.233.1429.0
2016-12-06T19:32:15.578Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-12-06T19:32:16.546Z Version: Product 4.10.209.0 Service 4.10.209.0 Engine 1.1.13303.0 AS 1.233.1429.0 AV 1.233.1429.0
2016-12-07T16:21:41.156Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2016-12-07T16:21:42.296Z Version: Product 4.10.209.0 Service 4.10.209.0 Engine 1.1.13303.0 AS 1.233.1429.0 AV 1.233.1429.0

cosinus 07.12.2016 22:27
Es muss doch auch für einen Laien klar sein, dass wenn er ne Aussage zu seinem thematisierten Schädling haben will, er dann auch die ursprünglichen Logs posten muss.

Du kannst doch dann nicht irgendein beliebiges anderes Programm starten und dann sagen, dass es genau dasselbe Ergebnis wie was im Ursprung thematisiert wurde.

Meinst du nicht, dass es absolut besch... wäre, wenn es 50 AVs auf dem Markt gäbe, aber alle heißen anders, jedes hat ne andere GUI und ne andere Farbe aber trotzdem liefern alle immer zu jeder Zeit dassselbe Ergebnis? Das wäre grotesk. Also nein, verschiedene AVs arbeiten sooo unterschiedlich, da gibt es immer andere Ergebnisse.


BTT:

Zitat:
Trojan:Win32/MultiInjector.A!rfn containerfile:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip;file:C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip->Ereignisanzeige löschen_x86.exe;
Man hätte sich wohl viel Zeit sparen können wenn man immer auch den Dateinamen beachtet und nicht einfach nur in Panik verfällt wenn angeblich ein Virus gefunden wird.
Das hast du doch aus einer legimtimen Quelle oder nicht? :wtf:

Lumis 07.12.2016 22:43
Hallo,

danke, dass Du Dir die Arbeit machst!

Ich kenne die Datei nicht. Ich habe wissentlich nichts dergleichen heruntergeladen.
Da sind im Windows-Temp noch andere *.exe Dateien und *.zip mit harmlosen Namen, die mir nichts sagen und die ich auch nicht heruntergeladen habe.

Gruß,

Lumis

cosinus 07.12.2016 22:55
Zitat:
C:\Users\Lutz\Desktop\Ereignisanzeige_loeschen.zip
Die Datei ist direkt auf deinem Desktop!!!!

Sowas muss man doch sehen :wtf:

Lumis 07.12.2016 23:07
Auf meinem Desktop ist es ein wenig voll...

Aber da ist keine solche Datei, ich habe eben nachgesehen. Auf dem ganzen Laufwerk C nicht. Aber wahrscheinlich hat MSE die schon beseitigt, oder?

In Panik verfallen bin ich übrigens nicht wegen den Trojanern alleine, sondern weil mit meinem PC ohne mein Wissen bei Paypal eingekauft wurde. Das war ja auch der Grund, dass ich dem McAffee nicht mehr getraut und MSE installiert habe am Samstag.

cosinus 07.12.2016 23:25
1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Lumis 08.12.2016 02:45
Danke! Mache ich sofort!

Nur eine kurze Frage: der McAfee ist noch drauf. Soll ich alles so lassen, oder soll ich den mit einem Entfernungstool von Chip runterschmeißen?

Habe nun erst einmal alles so gelassen und den Scan mit Malwarebytes gestartet. Der geht sicherlich noch ein paar Stunden. Interessant ist, dass zwischendurch verdächtige Dateien gefunden wurden und beide Virenscanner zeitgleich angesprungen sind.

Code:
02:22:45.0382 0x2724  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
02:22:52.0819 0x2724  ============================================================
02:22:52.0819 0x2724  Current date / time: 2016/12/08 02:22:52.0819
02:22:52.0819 0x2724  SystemInfo:
02:22:52.0819 0x2724 
02:22:52.0819 0x2724  OS Version: 6.1.7601 ServicePack: 1.0
02:22:52.0819 0x2724  Product type: Workstation
02:22:52.0819 0x2724  ComputerName: LUTZ-PC
02:22:52.0819 0x2724  UserName: Lutz
02:22:52.0819 0x2724  Windows directory: C:\Windows
02:22:52.0819 0x2724  System windows directory: C:\Windows
02:22:52.0819 0x2724  Running under WOW64
02:22:52.0819 0x2724  Processor architecture: Intel x64
02:22:52.0819 0x2724  Number of processors: 8
02:22:52.0819 0x2724  Page size: 0x1000
02:22:52.0819 0x2724  Boot type: Normal boot
02:22:52.0819 0x2724  CodeIntegrityOptions = 0x00000001
02:22:52.0819 0x2724  ============================================================
02:22:52.0897 0x2724  KLMD registered as C:\Windows\system32\drivers\15692493.sys
02:22:52.0897 0x2724  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23418, osProperties = 0x1
02:22:53.0756 0x2724  System UUID: {E9D9001E-9896-6F0A-C52A-99320E1558CE}
02:22:54.0428 0x2724  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:22:54.0444 0x2724  ============================================================
02:22:54.0444 0x2724  \Device\Harddisk0\DR0:
02:22:54.0444 0x2724  MBR partitions:
02:22:54.0444 0x2724  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1F77C1
02:22:54.0444 0x2724  ============================================================
02:22:54.0444 0x2724  Initialize success
02:22:54.0444 0x2724  ============================================================
02:24:26.0131 0x1fdc  ============================================================
02:24:26.0131 0x1fdc  Scan started
02:24:26.0131 0x1fdc  Mode: Manual; SigCheck; TDLFS;
02:24:26.0131 0x1fdc  ============================================================
02:24:26.0131 0x1fdc  KSN ping started
02:24:26.0303 0x1fdc  KSN ping finished: true
02:24:26.0334 0x1fdc  ================ Scan system memory ========================
02:24:26.0334 0x1fdc  System memory - ok
02:24:26.0334 0x1fdc  ================ Scan services =============================
02:24:26.0334 0x1fdc  1394ohci - ok
02:24:26.0350 0x1fdc  ACDaemon - ok
02:24:26.0350 0x1fdc  ACPI - ok
02:24:26.0350 0x1fdc  AcpiPmi - ok
02:24:26.0350 0x1fdc  Adobe LM Service - ok
02:24:26.0350 0x1fdc  AdobeActiveFileMonitor11.0 - ok
02:24:26.0350 0x1fdc  AdobeARMservice - ok
02:24:26.0366 0x1fdc  AdobeFlashPlayerUpdateSvc - ok
02:24:26.0366 0x1fdc  adp94xx - ok
02:24:26.0366 0x1fdc  adpahci - ok
02:24:26.0366 0x1fdc  adpu320 - ok
02:24:26.0366 0x1fdc  AeLookupSvc - ok
02:24:26.0381 0x1fdc  Afc - ok
02:24:26.0381 0x1fdc  AFD - ok
02:24:26.0381 0x1fdc  agp440 - ok
02:24:26.0381 0x1fdc  ALG - ok
02:24:26.0381 0x1fdc  aliide - ok
02:24:26.0381 0x1fdc  amdide - ok
02:24:26.0381 0x1fdc  AmdK8 - ok
02:24:26.0397 0x1fdc  AmdPPM - ok
02:24:26.0397 0x1fdc  amdsata - ok
02:24:26.0397 0x1fdc  amdsbs - ok
02:24:26.0397 0x1fdc  amdxata - ok
02:24:26.0397 0x1fdc  AppHostSvc - ok
02:24:26.0397 0x1fdc  AppID - ok
02:24:26.0413 0x1fdc  AppIDSvc - ok
02:24:26.0413 0x1fdc  Appinfo - ok
02:24:26.0413 0x1fdc  Apple Mobile Device Service - ok
02:24:26.0413 0x1fdc  AppleCharger - ok
02:24:26.0413 0x1fdc  AppleChargerSrv - ok
02:24:26.0413 0x1fdc  arc - ok
02:24:26.0428 0x1fdc  arcsas - ok
02:24:26.0428 0x1fdc  ArcService - ok
02:24:26.0428 0x1fdc  aspnet_state - ok
02:24:26.0428 0x1fdc  AsyncMac - ok
02:24:26.0444 0x1fdc  atapi - ok
02:24:26.0444 0x1fdc  AudioEndpointBuilder - ok
02:24:26.0444 0x1fdc  AudioSrv - ok
02:24:26.0444 0x1fdc  avgsvc - ok
02:24:26.0444 0x1fdc  avmeject - ok
02:24:26.0459 0x1fdc  AxInstSV - ok
02:24:26.0459 0x1fdc  azvusb - ok
02:24:26.0459 0x1fdc  b06bdrv - ok
02:24:26.0459 0x1fdc  b57nd60a - ok
02:24:26.0459 0x1fdc  BDESVC - ok
02:24:26.0459 0x1fdc  Beep - ok
02:24:26.0475 0x1fdc  BEService - ok
02:24:26.0475 0x1fdc  BFE - ok
02:24:26.0475 0x1fdc  BITS - ok
02:24:26.0475 0x1fdc  blbdrive - ok
02:24:26.0475 0x1fdc  Bonjour Service - ok
02:24:26.0491 0x1fdc  BootDefragDriver - ok
02:24:26.0491 0x1fdc  bowser - ok
02:24:26.0491 0x1fdc  BrFiltLo - ok
02:24:26.0491 0x1fdc  BrFiltUp - ok
02:24:26.0491 0x1fdc  Browser - ok
02:24:26.0491 0x1fdc  Brserid - ok
02:24:26.0506 0x1fdc  BrSerWdm - ok
02:24:26.0506 0x1fdc  BrUsbMdm - ok
02:24:26.0506 0x1fdc  BrUsbSer - ok
02:24:26.0506 0x1fdc  BTHMODEM - ok
02:24:26.0506 0x1fdc  bthserv - ok
02:24:26.0506 0x1fdc  cdfs - ok
02:24:26.0522 0x1fdc  cdrom - ok
02:24:26.0522 0x1fdc  CertPropSvc - ok
02:24:26.0522 0x1fdc  cfwids - ok
02:24:26.0522 0x1fdc  CG6Service - ok
02:24:26.0522 0x1fdc  chip1click - ok
02:24:26.0538 0x1fdc  circlass - ok
02:24:26.0538 0x1fdc  CLFS - ok
02:24:26.0538 0x1fdc  clr_optimization_v2.0.50727_32 - ok
02:24:26.0538 0x1fdc  clr_optimization_v2.0.50727_64 - ok
02:24:26.0538 0x1fdc  clr_optimization_v4.0.30319_32 - ok
02:24:26.0553 0x1fdc  clr_optimization_v4.0.30319_64 - ok
02:24:26.0553 0x1fdc  CmBatt - ok
02:24:26.0553 0x1fdc  cmdide - ok
02:24:26.0553 0x1fdc  CNG - ok
02:24:26.0553 0x1fdc  Compbatt - ok
02:24:26.0553 0x1fdc  CompositeBus - ok
02:24:26.0553 0x1fdc  COMSysApp - ok
02:24:26.0569 0x1fdc  crcdisk - ok
02:24:26.0569 0x1fdc  Creative ALchemy AL6 Licensing Service - ok
02:24:26.0569 0x1fdc  Creative Audio Engine Licensing Service - ok
02:24:26.0569 0x1fdc  CryptSvc - ok
02:24:26.0569 0x1fdc  CT20XUT - ok
02:24:26.0569 0x1fdc  CT20XUT.SYS - ok
02:24:26.0584 0x1fdc  ctac32k - ok
02:24:26.0584 0x1fdc  ctaud2k - ok
02:24:26.0584 0x1fdc  CTAudSvcService - ok
02:24:26.0584 0x1fdc  CTEXFIFX - ok
02:24:26.0584 0x1fdc  CTEXFIFX.SYS - ok
02:24:26.0584 0x1fdc  CTHWIUT - ok
02:24:26.0584 0x1fdc  CTHWIUT.SYS - ok
02:24:26.0600 0x1fdc  ctprxy2k - ok
02:24:26.0600 0x1fdc  ctsfm2k - ok
02:24:26.0600 0x1fdc  DcomLaunch - ok
02:24:26.0600 0x1fdc  defragsvc - ok
02:24:26.0600 0x1fdc  DfsC - ok
02:24:26.0600 0x1fdc  Dhcp - ok
02:24:26.0616 0x1fdc  discache - ok
02:24:26.0616 0x1fdc  Disk - ok
02:24:26.0616 0x1fdc  Dnscache - ok
02:24:26.0616 0x1fdc  Dokan - ok
02:24:26.0616 0x1fdc  DokanMounter - ok
02:24:26.0616 0x1fdc  dot3svc - ok
02:24:26.0631 0x1fdc  Dot4 - ok
02:24:26.0631 0x1fdc  Dot4Print - ok
02:24:26.0631 0x1fdc  Dot4Scan - ok
02:24:26.0631 0x1fdc  dot4usb - ok
02:24:26.0631 0x1fdc  DPS - ok
02:24:26.0647 0x1fdc  drmkaud - ok
02:24:26.0647 0x1fdc  DXGKrnl - ok
02:24:26.0647 0x1fdc  DxVGrb - ok
02:24:26.0647 0x1fdc  EagleX64 - ok
02:24:26.0647 0x1fdc  EapHost - ok
02:24:26.0647 0x1fdc  ebdrv - ok
02:24:26.0663 0x1fdc  EFS - ok
02:24:26.0663 0x1fdc  ehRecvr - ok
02:24:26.0663 0x1fdc  ehSched - ok
02:24:26.0663 0x1fdc  elxstor - ok
02:24:26.0663 0x1fdc  emupia - ok
02:24:26.0663 0x1fdc  ErrDev - ok
02:24:26.0678 0x1fdc  EventSystem - ok
02:24:26.0678 0x1fdc  ewusbmbb - ok
02:24:26.0678 0x1fdc  ew_hwusbdev - ok
02:24:26.0678 0x1fdc  exfat - ok
02:24:26.0678 0x1fdc  Fabs - ok
02:24:26.0678 0x1fdc  fastfat - ok
02:24:26.0694 0x1fdc  Fax - ok
02:24:26.0694 0x1fdc  fdc - ok
02:24:26.0694 0x1fdc  fdPHost - ok
02:24:26.0694 0x1fdc  FDResPub - ok
02:24:26.0694 0x1fdc  FileInfo - ok
02:24:26.0694 0x1fdc  Filetrace - ok
02:24:26.0694 0x1fdc  FirebirdServerMAGIXInstance - ok
02:24:26.0709 0x1fdc  FLEXnet Licensing Service - ok
02:24:26.0709 0x1fdc  flpydisk - ok
02:24:26.0709 0x1fdc  FltMgr - ok
02:24:26.0709 0x1fdc  FLxHCIc - ok
02:24:26.0709 0x1fdc  FLxHCIh - ok
02:24:26.0725 0x1fdc  FontCache - ok
02:24:26.0725 0x1fdc  FontCache3.0.0.0 - ok
02:24:26.0725 0x1fdc  FsDepends - ok
02:24:26.0725 0x1fdc  Fs_Rec - ok
02:24:26.0725 0x1fdc  fvevol - ok
02:24:26.0725 0x1fdc  fwlanusb6 - ok
02:24:26.0741 0x1fdc  gagp30kx - ok
02:24:26.0741 0x1fdc  GEARAspiWDM - ok
02:24:26.0741 0x1fdc  GfExperienceService - ok
02:24:26.0741 0x1fdc  GMSIPCI - ok
02:24:26.0741 0x1fdc  gpsvc - ok
02:24:26.0756 0x1fdc  GUBootStartup - ok
02:24:26.0756 0x1fdc  gupdate - ok
02:24:26.0756 0x1fdc  gupdatem - ok
02:24:26.0756 0x1fdc  GUSBootStartup - ok
02:24:26.0756 0x1fdc  ha20x22k - ok
02:24:26.0756 0x1fdc  ha20x2k - ok
02:24:26.0772 0x1fdc  hcw85cir - ok
02:24:26.0772 0x1fdc  HdAudAddService - ok
02:24:26.0772 0x1fdc  HDAudBus - ok
02:24:26.0772 0x1fdc  HECIx64 - ok
02:24:26.0772 0x1fdc  HidBatt - ok
02:24:26.0772 0x1fdc  HidBth - ok
02:24:26.0788 0x1fdc  HidIr - ok
02:24:26.0788 0x1fdc  hidserv - ok
02:24:26.0788 0x1fdc  HidUsb - ok
02:24:26.0788 0x1fdc  HiPatchService - ok
02:24:26.0788 0x1fdc  HipShieldK - ok
02:24:26.0788 0x1fdc  hkmsvc - ok
02:24:26.0803 0x1fdc  HomeGroupListener - ok
02:24:26.0803 0x1fdc  HomeGroupProvider - ok
02:24:26.0803 0x1fdc  HomeNetSvc - ok
02:24:26.0803 0x1fdc  HpSAMD - ok
02:24:26.0803 0x1fdc  HPSLPSVC - ok
02:24:26.0819 0x1fdc  HTTP - ok
02:24:26.0819 0x1fdc  huawei_enumerator - ok
02:24:26.0819 0x1fdc  hwdatacard - ok
02:24:26.0819 0x1fdc  HWDeviceService64.exe - ok
02:24:26.0819 0x1fdc  hwpolicy - ok
02:24:26.0834 0x1fdc  i8042prt - ok
02:24:26.0834 0x1fdc  iaStorV - ok
02:24:26.0834 0x1fdc  IDriverT - ok
02:24:26.0834 0x1fdc  idsvc - ok
02:24:26.0834 0x1fdc  IEEtwCollectorService - ok
02:24:26.0834 0x1fdc  iirsp - ok
02:24:26.0850 0x1fdc  IKEEXT - ok
02:24:26.0850 0x1fdc  InnovativeSolutions_monitor - ok
02:24:26.0850 0x1fdc  IntcAzAudAddService - ok
02:24:26.0850 0x1fdc  intelide - ok
02:24:26.0850 0x1fdc  intelppm - ok
02:24:26.0866 0x1fdc  IPBusEnum - ok
02:24:26.0866 0x1fdc  IpFilterDriver - ok
02:24:26.0866 0x1fdc  iphlpsvc - ok
02:24:26.0866 0x1fdc  IPMIDRV - ok
02:24:26.0866 0x1fdc  IPNAT - ok
02:24:26.0866 0x1fdc  iPod Service - ok
02:24:26.0881 0x1fdc  IRENUM - ok
02:24:26.0881 0x1fdc  isapnp - ok
02:24:26.0881 0x1fdc  iScsiPrt - ok
02:24:26.0881 0x1fdc  JMB36X - ok
02:24:26.0881 0x1fdc  JRAID - ok
02:24:26.0881 0x1fdc  kbdclass - ok
02:24:26.0897 0x1fdc  kbdhid - ok
02:24:26.0897 0x1fdc  KeyIso - ok
02:24:26.0897 0x1fdc  KSecDD - ok
02:24:26.0897 0x1fdc  KSecPkg - ok
02:24:26.0897 0x1fdc  ksthunk - ok
02:24:26.0897 0x1fdc  KtmRm - ok
02:24:26.0913 0x1fdc  LanmanServer - ok
02:24:26.0913 0x1fdc  LanmanWorkstation - ok
02:24:26.0913 0x1fdc  LBTServ - ok
02:24:26.0913 0x1fdc  LGBusEnum - ok
02:24:26.0913 0x1fdc  LGCoreTemp - ok
02:24:26.0928 0x1fdc  LGJoyXlCore - ok
02:24:26.0928 0x1fdc  LGPBTDD - ok
02:24:26.0928 0x1fdc  LGSHidFilt - ok
02:24:26.0928 0x1fdc  LGVirHid - ok
02:24:26.0928 0x1fdc  LHidFilt - ok
02:24:26.0928 0x1fdc  lltdio - ok
02:24:26.0944 0x1fdc  lltdsvc - ok
02:24:26.0944 0x1fdc  lmhosts - ok
02:24:26.0944 0x1fdc  LMouFilt - ok
02:24:26.0944 0x1fdc  LMS - ok
02:24:26.0944 0x1fdc  LogiRegistryService - ok
02:24:26.0959 0x1fdc  LSI_FC - ok
02:24:26.0959 0x1fdc  LSI_SAS - ok
02:24:26.0959 0x1fdc  LSI_SAS2 - ok
02:24:26.0959 0x1fdc  LSI_SCSI - ok
02:24:26.0959 0x1fdc  luafv - ok
02:24:26.0959 0x1fdc  LUsbFilt - ok
02:24:26.0975 0x1fdc  LVRS64 - ok
02:24:26.0975 0x1fdc  LVUVC64 - ok
02:24:26.0975 0x1fdc  MarvinBus - ok
02:24:26.0975 0x1fdc  massfilter - ok
02:24:26.0975 0x1fdc  McAfee SiteAdvisor Service - ok
02:24:26.0991 0x1fdc  McAPExe - ok
02:24:26.0991 0x1fdc  McBootDelayStartSvc - ok
02:24:26.0991 0x1fdc  mccspsvc - ok
02:24:26.0991 0x1fdc  McMPFSvc - ok
02:24:26.0991 0x1fdc  McNaiAnn - ok
02:24:27.0006 0x1fdc  McODS - ok
02:24:27.0006 0x1fdc  mcpltsvc - ok
02:24:27.0006 0x1fdc  McProxy - ok
02:24:27.0006 0x1fdc  Mcx2Svc - ok
02:24:27.0006 0x1fdc  megasas - ok
02:24:27.0006 0x1fdc  MegaSR - ok
02:24:27.0022 0x1fdc  mfeaack - ok
02:24:27.0022 0x1fdc  mfeavfk - ok
02:24:27.0022 0x1fdc  mfefire - ok
02:24:27.0022 0x1fdc  mfefirek - ok
02:24:27.0038 0x1fdc  mfehidk - ok
02:24:27.0038 0x1fdc  mfemms - ok
02:24:27.0038 0x1fdc  mfencbdc - ok
02:24:27.0038 0x1fdc  mfencrk - ok
02:24:27.0038 0x1fdc  mfesapsn - ok
02:24:27.0038 0x1fdc  mfevtp - ok
02:24:27.0053 0x1fdc  mfewfpk - ok
02:24:27.0053 0x1fdc  MMCSS - ok
02:24:27.0053 0x1fdc  Mobile Partner. RunOuc - ok
02:24:27.0053 0x1fdc  Modem - ok
02:24:27.0053 0x1fdc  ModuleCoreService - ok
02:24:27.0069 0x1fdc  monitor - ok
02:24:27.0069 0x1fdc  mouclass - ok
02:24:27.0069 0x1fdc  mouhid - ok
02:24:27.0069 0x1fdc  mountmgr - ok
02:24:27.0069 0x1fdc  MozillaMaintenance - ok
02:24:27.0069 0x1fdc  MpFilter - ok
02:24:27.0084 0x1fdc  mpio - ok
02:24:27.0084 0x1fdc  mpsdrv - ok
02:24:27.0084 0x1fdc  MpsSvc - ok
02:24:27.0084 0x1fdc  MRxDAV - ok
02:24:27.0084 0x1fdc  mrxsmb - ok
02:24:27.0084 0x1fdc  mrxsmb10 - ok
02:24:27.0100 0x1fdc  mrxsmb20 - ok
02:24:27.0100 0x1fdc  msahci - ok
02:24:27.0100 0x1fdc  msdsm - ok
02:24:27.0100 0x1fdc  MSDTC - ok
02:24:27.0100 0x1fdc  Msfs - ok
02:24:27.0116 0x1fdc  mshidkmdf - ok
02:24:27.0116 0x1fdc  msisadrv - ok
02:24:27.0116 0x1fdc  MSiSCSI - ok
02:24:27.0116 0x1fdc  msiserver - ok
02:24:27.0116 0x1fdc  MSK80Service - ok
02:24:27.0116 0x1fdc  MSKSSRV - ok
02:24:27.0131 0x1fdc  MsMpSvc - ok
02:24:27.0131 0x1fdc  MSPCLOCK - ok
02:24:27.0131 0x1fdc  MSPQM - ok
02:24:27.0131 0x1fdc  MsRPC - ok
02:24:27.0131 0x1fdc  mssmbios - ok
02:24:27.0147 0x1fdc  MSTEE - ok
02:24:27.0147 0x1fdc  MTConfig - ok
02:24:27.0147 0x1fdc  Mup - ok
02:24:27.0147 0x1fdc  napagent - ok
02:24:27.0147 0x1fdc  NativeWifiP - ok
02:24:27.0147 0x1fdc  NDIS - ok
02:24:27.0163 0x1fdc  NdisCap - ok
02:24:27.0163 0x1fdc  NdisTapi - ok
02:24:27.0163 0x1fdc  Ndisuio - ok
02:24:27.0163 0x1fdc  NdisWan - ok
02:24:27.0163 0x1fdc  NDProxy - ok
02:24:27.0163 0x1fdc  Net Driver HPZ12 - ok
02:24:27.0178 0x1fdc  NetBIOS - ok
02:24:27.0178 0x1fdc  NetBT - ok
02:24:27.0178 0x1fdc  Netlogon - ok
02:24:27.0178 0x1fdc  Netman - ok
02:24:27.0178 0x1fdc  NetMsmqActivator - ok
02:24:27.0178 0x1fdc  NetPipeActivator - ok
02:24:27.0194 0x1fdc  netprofm - ok
02:24:27.0194 0x1fdc  netr28ux - ok
02:24:27.0194 0x1fdc  NetTcpActivator - ok
02:24:27.0194 0x1fdc  NetTcpPortSharing - ok
02:24:27.0194 0x1fdc  nfrd960 - ok
02:24:27.0209 0x1fdc  NisDrv - ok
02:24:27.0209 0x1fdc  NisSrv - ok
02:24:27.0209 0x1fdc  NlaSvc - ok
02:24:27.0209 0x1fdc  NPF - ok
02:24:27.0209 0x1fdc  Npfs - ok
02:24:27.0209 0x1fdc  nsi - ok
02:24:27.0225 0x1fdc  nsiproxy - ok
02:24:27.0225 0x1fdc  Ntfs - ok
02:24:27.0225 0x1fdc  Null - ok
02:24:27.0225 0x1fdc  nusb3hub - ok
02:24:27.0225 0x1fdc  nusb3xhc - ok
02:24:27.0241 0x1fdc  nvelodiskfltr - ok
02:24:27.0241 0x1fdc  nvelofsfltr - ok
02:24:27.0241 0x1fdc  nveloportfltr - ok
02:24:27.0241 0x1fdc  nveloSvc - ok
02:24:27.0241 0x1fdc  NVHDA - ok
02:24:27.0241 0x1fdc  nvlddmkm - ok
02:24:27.0256 0x1fdc  NvNetworkService - ok
02:24:27.0256 0x1fdc  nvraid - ok
02:24:27.0256 0x1fdc  nvstor - ok
02:24:27.0256 0x1fdc  NvStreamKms - ok
02:24:27.0256 0x1fdc  NvStreamNetworkSvc - ok
02:24:27.0272 0x1fdc  NvStreamSvc - ok
02:24:27.0272 0x1fdc  nvsvc - ok
02:24:27.0272 0x1fdc  nvvad_WaveExtensible - ok
02:24:27.0272 0x1fdc  nv_agp - ok
02:24:27.0272 0x1fdc  ohci1394 - ok
02:24:27.0288 0x1fdc  Origin Client Service - ok
02:24:27.0288 0x1fdc  ose - ok
02:24:27.0288 0x1fdc  osppsvc - ok
02:24:27.0288 0x1fdc  ossrv - ok
02:24:27.0288 0x1fdc  p2pimsvc - ok
02:24:27.0303 0x1fdc  p2psvc - ok
02:24:27.0303 0x1fdc  Parport - ok
02:24:27.0303 0x1fdc  partmgr - ok
02:24:27.0303 0x1fdc  PcaSvc - ok
02:24:27.0303 0x1fdc  pccsmcfd - ok
02:24:27.0303 0x1fdc  pci - ok
02:24:27.0319 0x1fdc  pciide - ok
02:24:27.0319 0x1fdc  PCloudd - ok
02:24:27.0319 0x1fdc  pcmcia - ok
02:24:27.0319 0x1fdc  pcw - ok
02:24:27.0319 0x1fdc  PEAUTH - ok
02:24:27.0334 0x1fdc  PEFService - ok
02:24:27.0334 0x1fdc  PerfHost - ok
02:24:27.0334 0x1fdc  pla - ok
02:24:27.0334 0x1fdc  PlugPlay - ok
02:24:27.0350 0x1fdc  PMBDeviceInfoProvider - ok
02:24:27.0350 0x1fdc  pmem - ok
02:24:27.0350 0x1fdc  Pml Driver HPZ12 - ok
02:24:27.0350 0x1fdc  PnkBstrA - ok
02:24:27.0366 0x1fdc  PnkBstrB - ok
02:24:27.0366 0x1fdc  PNRPAutoReg - ok
02:24:27.0366 0x1fdc  PNRPsvc - ok
02:24:27.0366 0x1fdc  PolicyAgent - ok
02:24:27.0366 0x1fdc  Power - ok
02:24:27.0366 0x1fdc  PptpMiniport - ok
02:24:27.0381 0x1fdc  Processor - ok
02:24:27.0381 0x1fdc  ProfSvc - ok
02:24:27.0381 0x1fdc  ProtectedStorage - ok
02:24:27.0381 0x1fdc  Psched - ok
02:24:27.0381 0x1fdc  PSI_SVC_2 - ok
02:24:27.0397 0x1fdc  PxHlpa64 - ok
02:24:27.0397 0x1fdc  ql2300 - ok
02:24:27.0397 0x1fdc  ql40xx - ok
02:24:27.0397 0x1fdc  QPCopyEngine - ok
02:24:27.0397 0x1fdc  QsFsFltr - ok
02:24:27.0413 0x1fdc  QWAVE - ok
02:24:27.0413 0x1fdc  QWAVEdrv - ok
02:24:27.0413 0x1fdc  RasAcd - ok
02:24:27.0413 0x1fdc  RasAgileVpn - ok
02:24:27.0413 0x1fdc  RasAuto - ok
02:24:27.0413 0x1fdc  Rasl2tp - ok
02:24:27.0428 0x1fdc  RasMan - ok
02:24:27.0428 0x1fdc  RasPppoe - ok
02:24:27.0428 0x1fdc  RasSstp - ok
02:24:27.0428 0x1fdc  rdbss - ok
02:24:27.0428 0x1fdc  rdpbus - ok
02:24:27.0428 0x1fdc  RDPCDD - ok
02:24:27.0444 0x1fdc  RDPENCDD - ok
02:24:27.0444 0x1fdc  RDPREFMP - ok
02:24:27.0444 0x1fdc  RDPWD - ok
02:24:27.0444 0x1fdc  rdyboost - ok
02:24:27.0444 0x1fdc  RealPlayerUpdateSvc - ok
02:24:27.0459 0x1fdc  RealTimes Desktop Service - ok
02:24:27.0459 0x1fdc  RemoteAccess - ok
02:24:27.0459 0x1fdc  RemoteRegistry - ok
02:24:27.0459 0x1fdc  RichVideo64 - ok
02:24:27.0475 0x1fdc  rpcapd - ok
02:24:27.0475 0x1fdc  RpcEptMapper - ok
02:24:27.0475 0x1fdc  RpcLocator - ok
02:24:27.0475 0x1fdc  RpcSs - ok
02:24:27.0475 0x1fdc  rspndr - ok
02:24:27.0475 0x1fdc  RTL2832UBDA - ok
02:24:27.0491 0x1fdc  RTL2832UUSB - ok
02:24:27.0491 0x1fdc  RTL2832U_IRHID - ok
02:24:27.0491 0x1fdc  RTL8167 - ok
02:24:27.0491 0x1fdc  SamSs - ok
02:24:27.0491 0x1fdc  SANDRA - ok
02:24:27.0506 0x1fdc  sbp2port - ok
02:24:27.0506 0x1fdc  SCardSvr - ok
02:24:27.0506 0x1fdc  scfilter - ok
02:24:27.0506 0x1fdc  Schedule - ok
02:24:27.0506 0x1fdc  SCPolicySvc - ok
02:24:27.0522 0x1fdc  SDRSVC - ok
02:24:27.0522 0x1fdc  secdrv - ok
02:24:27.0522 0x1fdc  seclogon - ok
02:24:27.0522 0x1fdc  SENS - ok
02:24:27.0522 0x1fdc  SensrSvc - ok
02:24:27.0522 0x1fdc  Serenum - ok
02:24:27.0538 0x1fdc  Serial - ok
02:24:27.0538 0x1fdc  sermouse - ok
02:24:27.0538 0x1fdc  SessionEnv - ok
02:24:27.0538 0x1fdc  sffdisk - ok
02:24:27.0538 0x1fdc  sffp_mmc - ok
02:24:27.0553 0x1fdc  sffp_sd - ok
02:24:27.0553 0x1fdc  sfloppy - ok
02:24:27.0553 0x1fdc  SharedAccess - ok
02:24:27.0553 0x1fdc  ShellHWDetection - ok
02:24:27.0553 0x1fdc  SiSRaid2 - ok
02:24:27.0553 0x1fdc  SiSRaid4 - ok
02:24:27.0569 0x1fdc  SkypeUpdate - ok
02:24:27.0569 0x1fdc  SLEE_17_DRIVER - ok
02:24:27.0569 0x1fdc  Smb - ok
02:24:27.0569 0x1fdc  SNMPTRAP - ok
02:24:27.0584 0x1fdc  spldr - ok
02:24:27.0584 0x1fdc  Spooler - ok
02:24:27.0584 0x1fdc  sppsvc - ok
02:24:27.0584 0x1fdc  sppuinotify - ok
02:24:27.0584 0x1fdc  srv - ok
02:24:27.0584 0x1fdc  srv2 - ok
02:24:27.0600 0x1fdc  srvnet - ok
02:24:27.0600 0x1fdc  SSDPSRV - ok
02:24:27.0600 0x1fdc  SSMO3v2Filter - ok
02:24:27.0600 0x1fdc  SstpSvc - ok
02:24:27.0600 0x1fdc  Steam Client Service - ok
02:24:27.0616 0x1fdc  Stereo Service - ok
02:24:27.0616 0x1fdc  stexstor - ok
02:24:27.0616 0x1fdc  stisvc - ok
02:24:27.0616 0x1fdc  swenum - ok
02:24:27.0616 0x1fdc  swprv - ok
02:24:27.0631 0x1fdc  SysMain - ok
02:24:27.0631 0x1fdc  TabletInputService - ok
02:24:27.0631 0x1fdc  tap0901 - ok
02:24:27.0631 0x1fdc  TapiSrv - ok
02:24:27.0631 0x1fdc  TBS - ok
02:24:27.0647 0x1fdc  Tcpip - ok
02:24:27.0647 0x1fdc  TCPIP6 - ok
02:24:27.0647 0x1fdc  tcpipreg - ok
02:24:27.0647 0x1fdc  TDPIPE - ok
02:24:27.0647 0x1fdc  TDTCP - ok
02:24:27.0663 0x1fdc  tdx - ok
02:24:27.0663 0x1fdc  TermDD - ok
02:24:27.0663 0x1fdc  TermService - ok
02:24:27.0663 0x1fdc  Themes - ok
02:24:27.0663 0x1fdc  THREADORDER - ok
02:24:27.0678 0x1fdc  TrkWks - ok
02:24:27.0678 0x1fdc  truecrypt - ok
02:24:27.0678 0x1fdc  TrustedInstaller - ok
02:24:27.0678 0x1fdc  tssecsrv - ok
02:24:27.0678 0x1fdc  TsUsbFlt - ok
02:24:27.0694 0x1fdc  TuneUp.UtilitiesSvc - ok
02:24:27.0694 0x1fdc  TuneUpUtilitiesDrv - ok
02:24:27.0694 0x1fdc  tunnel - ok
02:24:27.0694 0x1fdc  TwonkyMedia - ok
02:24:27.0709 0x1fdc  TwonkyWebDav - ok
02:24:27.0709 0x1fdc  uagp35 - ok
02:24:27.0709 0x1fdc  udfs - ok
02:24:27.0709 0x1fdc  UI0Detect - ok
02:24:27.0725 0x1fdc  uliagpkx - ok
02:24:27.0725 0x1fdc  umbus - ok
02:24:27.0725 0x1fdc  UmPass - ok
02:24:27.0725 0x1fdc  UMVPFSrv - ok
02:24:27.0725 0x1fdc  UnlockerDriver5 - ok
02:24:27.0741 0x1fdc  UNS - ok
02:24:27.0741 0x1fdc  upnphost - ok
02:24:27.0741 0x1fdc  USBAAPL64 - ok
02:24:27.0741 0x1fdc  usbaudio - ok
02:24:27.0756 0x1fdc  usbccgp - ok
02:24:27.0756 0x1fdc  usbcir - ok
02:24:27.0756 0x1fdc  usbehci - ok
02:24:27.0756 0x1fdc  usbhub - ok
02:24:27.0756 0x1fdc  usbohci - ok
02:24:27.0756 0x1fdc  usbprint - ok
02:24:27.0772 0x1fdc  usbscan - ok
02:24:27.0772 0x1fdc  USBSTOR - ok
02:24:27.0772 0x1fdc  usbuhci - ok
02:24:27.0772 0x1fdc  usbvideo - ok
02:24:27.0772 0x1fdc  usb_rndisx - ok
02:24:27.0788 0x1fdc  utewmzu5 - ok
02:24:27.0788 0x1fdc  UxSms - ok
02:24:27.0788 0x1fdc  UxTuneUp - ok
02:24:27.0788 0x1fdc  ValFltr - ok
02:24:27.0788 0x1fdc  VaultSvc - ok
02:24:27.0803 0x1fdc  vdrvroot - ok
02:24:27.0803 0x1fdc  vds - ok
02:24:27.0803 0x1fdc  vga - ok
02:24:27.0803 0x1fdc  VgaSave - ok
02:24:27.0803 0x1fdc  vhdmp - ok
02:24:27.0819 0x1fdc  viaide - ok
02:24:27.0819 0x1fdc  vNICdrv - ok
02:24:27.0819 0x1fdc  volmgr - ok
02:24:27.0819 0x1fdc  volmgrx - ok
02:24:27.0819 0x1fdc  volsnap - ok
02:24:27.0819 0x1fdc  vsmraid - ok
02:24:27.0834 0x1fdc  VSS - ok
02:24:27.0834 0x1fdc  vwifibus - ok
02:24:27.0834 0x1fdc  vwififlt - ok
02:24:27.0834 0x1fdc  vwifimp - ok
02:24:27.0834 0x1fdc  W32Time - ok
02:24:27.0850 0x1fdc  W3SVC - ok
02:24:27.0850 0x1fdc  WacomPen - ok
02:24:27.0850 0x1fdc  WANARP - ok
02:24:27.0850 0x1fdc  Wanarpv6 - ok
02:24:27.0850 0x1fdc  WAS - ok
02:24:27.0866 0x1fdc  WatAdminSvc - ok
02:24:27.0866 0x1fdc  wbengine - ok
02:24:27.0866 0x1fdc  WbioSrvc - ok
02:24:27.0866 0x1fdc  wcncsvc - ok
02:24:27.0866 0x1fdc  WcsPlugInService - ok
02:24:27.0881 0x1fdc  Wd - ok
02:24:27.0881 0x1fdc  WDC_SAM - ok
02:24:27.0881 0x1fdc  WDDriveService - ok
02:24:27.0881 0x1fdc  Wdf01000 - ok
02:24:27.0897 0x1fdc  WdiServiceHost - ok
02:24:27.0897 0x1fdc  WdiSystemHost - ok
02:24:27.0897 0x1fdc  wdm_usb - ok
02:24:27.0897 0x1fdc  WebClient - ok
02:24:27.0897 0x1fdc  Wecsvc - ok
02:24:27.0913 0x1fdc  wercplsupport - ok
02:24:27.0913 0x1fdc  WerSvc - ok
02:24:27.0913 0x1fdc  WfpLwf - ok
02:24:27.0913 0x1fdc  WIMMount - ok
02:24:27.0913 0x1fdc  WinDefend - ok
02:24:27.0928 0x1fdc  WinHttpAutoProxySvc - ok
02:24:27.0928 0x1fdc  Winmgmt - ok
02:24:27.0928 0x1fdc  WinRM - ok
02:24:27.0944 0x1fdc  WinUsb - ok
02:24:27.0944 0x1fdc  Wlansvc - ok
02:24:27.0944 0x1fdc  wlidsvc - ok
02:24:27.0944 0x1fdc  WmBEnum - ok
02:24:27.0944 0x1fdc  WmFilter - ok
02:24:27.0959 0x1fdc  WmHidLo - ok
02:24:27.0959 0x1fdc  WmiAcpi - ok
02:24:27.0959 0x1fdc  wmiApSrv - ok
02:24:27.0959 0x1fdc  WMPNetworkSvc - ok
02:24:27.0959 0x1fdc  WmVirHid - ok
02:24:27.0975 0x1fdc  WmXlCore - ok
02:24:27.0975 0x1fdc  WPCSvc - ok
02:24:27.0975 0x1fdc  WPDBusEnum - ok
02:24:27.0975 0x1fdc  ws2ifsl - ok
02:24:27.0975 0x1fdc  wscsvc - ok
02:24:27.0975 0x1fdc  WSearch - ok
02:24:27.0991 0x1fdc  wuauserv - ok
02:24:27.0991 0x1fdc  WudfPf - ok
02:24:27.0991 0x1fdc  WUDFRd - ok
02:24:28.0006 0x1fdc  wudfsvc - ok
02:24:28.0006 0x1fdc  WwanSvc - ok
02:24:28.0006 0x1fdc  ZTEusbmdm6k - ok
02:24:28.0006 0x1fdc  ZTEusbnet - ok
02:24:28.0006 0x1fdc  ZTEusbnmea - ok
02:24:28.0022 0x1fdc  ZTEusbser6k - ok
02:24:28.0022 0x1fdc  ZTEusbvoice - ok
02:24:28.0038 0x1fdc  ================ Scan global ===============================
02:24:28.0038 0x1fdc  [ Global ] - ok
02:24:28.0038 0x1fdc  ================ Scan MBR ==================================
02:24:28.0459 0x1fdc  [ 4FF574A9546F65C31184DFA0C4040168 ] \Device\Harddisk0\DR0
02:24:28.0459 0x1fdc  Suspicious mbr (Forged): \Device\Harddisk0\DR0
02:24:28.0553 0x1fdc  \Device\Harddisk0\DR0 - ok
02:24:28.0553 0x1fdc  ================ Scan VBR ==================================
02:24:28.0553 0x1fdc  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
02:24:28.0553 0x1fdc  \Device\Harddisk0\DR0\Partition1 - ok
02:24:28.0553 0x1fdc  ================ Scan generic autorun ======================
02:24:28.0553 0x1fdc  RTHDVCPL - ok
02:24:28.0553 0x1fdc  NvBackend - ok
02:24:28.0553 0x1fdc  EvtMgr6 - ok
02:24:28.0553 0x1fdc  ShadowPlay - ok
02:24:28.0553 0x1fdc  AVMWlanClient - ok
02:24:28.0553 0x1fdc  AvgUi - ok
02:24:28.0553 0x1fdc  mctadmin - ok
02:24:28.0553 0x1fdc  mctadmin - ok
02:24:28.0553 0x1fdc  mctadmin - ok
02:24:28.0584 0x1fdc  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.10.209.0 ), 0x61000 ( enabled : updated )
02:24:28.0584 0x1fdc  AV detected via SS2: McAfee Anti-Virus und Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe (  ), 0x51000 ( enabled : updated )
02:24:28.0584 0x1fdc  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe (  ), 0x51010 ( enabled )
02:24:28.0788 0x1fdc  ============================================================
02:24:28.0788 0x1fdc  Scan finished
02:24:28.0788 0x1fdc  ============================================================
02:24:28.0788 0x2138  Detected object count: 0
02:24:28.0788 0x2138  Actual detected object count: 0
Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.12.07.16
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18376
Lutz :: LUTZ-PC [administrator]

08.12.2016 00:05:31
mbar-log-2016-12-08 (00-05-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 432134
Time elapsed: 1 hour(s), 29 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROMESETUP.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [b0dcab39b3e73105625ccf869c67936d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [c0cc1dc7efab5adc376663f332d125db]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROMESETUP.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [76163fa5811943f3348a4312af544eb2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE (RiskWare.IFEOHijack) -> Delete on reboot. [07856183e1b9eb4b9508470feb186c94]

Registry Values Detected: 4
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROMESETUP.EXE|Debugger (RiskWare.IFEOHijack) -> Data: "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" -> Delete on reboot. [b0dcab39b3e73105625ccf869c67936d]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|Debugger (RiskWare.IFEOHijack) -> Data: "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" -> Delete on reboot. [c0cc1dc7efab5adc376663f332d125db]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROMESETUP.EXE|Debugger (RiskWare.IFEOHijack) -> Data: "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" -> Delete on reboot. [76163fa5811943f3348a4312af544eb2]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ITUNES.EXE|Debugger (RiskWare.IFEOHijack) -> Data: "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe" -> Delete on reboot. [07856183e1b9eb4b9508470feb186c94]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.12.08.01
  rootkit: v2016.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18376
Lutz :: LUTZ-PC [administrator]

08.12.2016 01:44:35
mbar-log-2016-12-08 (01-44-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 431361
Time elapsed: 35 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Die Reihenfolge mit den Programmen habe ich eingehalten, auch wenn die Log-Dateien nun in umgekehrter Reihenfolge erscheinen.

Erstmals erscheint im Online-Monitor der Fritz-Box 7490 fast überhaupt kein Traffic (Download 75 Upload 5). Am 7.12., obwohl überhaupt nichts heruntergeladen wurde, erscheinen nach 17 Uhr 2668 MB Download und 90 MB Upload.

Könnte es sein, dass das System jetzt clean ist?

Sollte das System clean sein, welchen Virenscanner soll ich installieren (kann auch ein kostenpflichtiger sein, hatte ich ja mit Livesafe bislang auch)?

cosinus 08.12.2016 14:08
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Lumis 08.12.2016 21:13
Code:
# AdwCleaner v6.040 - Bericht erstellt am 08/12/2016 um 19:36:38
# Aktualisiert am 02/12/2016 von Malwarebytes
# Datenbank : 2016-12-07.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (X64)
# Benutzername : Lutz - LUTZ-PC
# Gestartet von : C:\Users\Lutz\Desktop\AdwCleaner_6.040.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\Lutz\AppData\Local\OpenCandy
[-] Ordner gelöscht: C:\Users\Lutz\AppData\Local\StormFall
[-] Ordner gelöscht: C:\Users\Lutz\AppData\Local\YSearchUtil
[-] Ordner gelöscht: C:\Users\Lutz\AppData\Roaming\dvdvideosoftiehelpers
[-] Ordner gelöscht: C:\Users\Lutz\AppData\Roaming\OpenCandy
[-] Ordner gelöscht: C:\Users\Lutz\AppData\Roaming\0V1L2Z2Z1T1I1L1T
[-] Ordner gelöscht: C:\ProgramData\SecTaskMan
[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\SecTaskMan
[-] Ordner gelöscht: C:\Program Files (x86)\Free Video Converter
[-] Ordner gelöscht: C:\Program Files (x86)\GreenTree Applications
[-] Ordner gelöscht: C:\Program Files (x86)\vShare.tv plugin
[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\Plasmoo
[-] Ordner gelöscht: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Ordner gelöscht: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj


***** [ Dateien ] *****

[-] Datei gelöscht: C:\END
[-] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
[-] Datei gelöscht: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\11-suche.xml
[-] Datei gelöscht: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\Startsear.xml
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
[#] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****



***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\BCUService
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncher.1
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\MyNewsBarLauncher.IE5BarLauncherBHO.1
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{231047C5-F7E9-45BE-9EFD-6E9BB6D59A9F}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{82443621-A29A-473E-8335-F5C958A7A4CA}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
[-] Wert gelöscht: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
[-] Wert gelöscht: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\APN PIP
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Appscion
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Conduit
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Iminent
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Pokki
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\PRODUCTSETUP
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Softonic
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\StartSearch
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Vittalia
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\vShare.tv
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\YahooPartnerToolbar
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Packages
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\APN PIP
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Appscion
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Conduit
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Iminent
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Pokki
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\PRODUCTSETUP
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Softonic
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\StartSearch
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Vittalia
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\vShare.tv
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\YahooPartnerToolbar
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Iminent
[-] Schlüssel gelöscht: HKLM\SOFTWARE\PIP
[-] Schlüssel gelöscht: HKLM\SOFTWARE\WISECLEANER
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Packages
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare.tv plugin
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\APN PIP
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Appscion
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Conduit
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Iminent
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Pokki
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\PRODUCTSETUP
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Softonic
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\StartSearch
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Vittalia
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\vShare.tv
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\YahooPartnerToolbar
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Packages
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] Schlüssel gelöscht: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A94277E3-1076-43b3-BF3F-54D391687391}
[-] Daten  wiederhergestellt: HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A94277E3-1076-43b3-BF3F-54D391687391}
[-] Daten  wiederhergestellt: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A94277E3-1076-43b3-BF3F-54D391687391}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A94277E3-1076-43b3-BF3F-54D391687391}
[-] Daten  wiederhergestellt: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Schlüssel gelöscht: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\BCU
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj


***** [ Browser ] *****

[-] [C:\Users\Lutz\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Gelöscht: de.ask.com
[-] [C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: startsear.ch
[-] [C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Gelöscht: search provided by yahoo.com
[-] [C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default] [extension] Gelöscht: kpionmjnkbpcdpcflammlgllecmejgjj
[-] [C:\Users\Lutz\AppData\Local\Vivaldi\User Data\Default] [extension] Gelöscht: kpionmjnkbpcdpcflammlgllecmejgjj


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [20241 Bytes] - [08/12/2016 19:36:38]
C:\AdwCleaner\AdwCleaner[S0].txt - [19064 Bytes] - [08/12/2016 19:35:49]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [20389 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Lutz (Administrator) on 08.12.2016 at 19:42:59,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 35

Successfully deleted: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\user.js (File)
Successfully deleted: C:\Windows\system32\Tasks\Google Update (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\Common Files\innovative solutions (Folder)
Successfully deleted: C:\Program Files\reviversoft (Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q9L3YNC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UVH5HPY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5448ULKL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79A6V6T3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D14UPEEB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IH48CPQ2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JXZ1LKMB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTBRTL5B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RW84AVZY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU0Y65RW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Lutz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQ4WIG7X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Q9L3YNC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4UVH5HPY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5448ULKL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79A6V6T3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D14UPEEB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IH48CPQ2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JXZ1LKMB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QTBRTL5B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RW84AVZY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU0Y65RW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQ4WIG7X (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.12.2016 at 19:45:48,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mist! Plötzlich zeigt der Online-Monitor der Fritz-Box 7490 wieder Traffic ohne Ende an. Sowohl im Down- als auch im Upstream. Volle Bandbreite.

Aber der PC läuft wieder super. Fährt auch schnell hoch. Vielleicht ist ja alles gut.

cosinus 08.12.2016 21:14
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

Lumis 08.12.2016 21:21
Seit einer Weile funkt auch nichts mehr. Ist immer nur ein paar Minuten in der Stunde, dann aber volle Bandbreite in beide Richtungen.

Oh, sehe gerade, das du geantwortet hast. Du kriegst sofort die Logs.
Danke!

Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von Lutz (08-12-2016 21:18:50)
Gestartet von C:\Users\Lutz\Desktop\Fliegen
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-02 18:09:54)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3438443834-875338260-1882614465-500 - Administrator - Disabled)
ASPNET (S-1-5-21-3438443834-875338260-1882614465-1004 - Limited - Enabled)
Gast (S-1-5-21-3438443834-875338260-1882614465-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3438443834-875338260-1882614465-1002 - Limited - Enabled)
Lutz (S-1-5-21-3438443834-875338260-1882614465-1000 - Administrator - Enabled) => C:\Users\Lutz

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
6500_E709_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
6500_E709_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
A2A Wings of POWER 3 Spitfire (HKLM-x32\...\A2A Wings of POWER 3 Spitfire) (Version:  - )
Accu-Sim for the WoP3 Spitfire (HKLM-x32\...\Accu-Sim for the WoP3 Spitfire) (Version:  - )
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (HKLM\...\PremElem110) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.72.0.337 - Innovative Solutions)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Airbus X (HKLM-x32\...\{2336573C-3213-48AA-A306-8309BA9BD92C}) (Version: 1.21 - Aerosoft)
aerosoft's - Approaching Innsbruck X (HKLM-x32\...\{70864384-DD19-44CB-A999-A917F32F623D}) (Version: 1.10 - aerosoft)
aerosoft's - Balearic Islands X for FSX (HKLM-x32\...\{04B73EB2-7538-4CC4-BBD6-5463E508B69B}) (Version: 1.01 - aerosoft)
Aerosoft's - Corfu X (HKLM-x32\...\{8A073262-FB25-4224-AE36-C2725A616E05}) (Version: 1.10 - Aerosoft)
Aerosoft's - DHC-6 Twin Otter X (HKLM-x32\...\{3A8DED06-80E7-4555-AA1F-FF4A2A4D353C}) (Version: 1.11 - Aerosoft)
aerosoft's - FlightSim Commander 9 (HKLM-x32\...\{F941AABE-E868-42D9-9F38-884250F7898A}) (Version: 9.6.0.4 - aerosoft)
Aerosoft's - German Airfields 1 (HKLM-x32\...\{61C63F60-152B-4D28-B357-6DB81837FA9B}) (Version: 1.00 - Aerosoft)
Aerosoft's - German Airfields 2 (HKLM-x32\...\{1C5510F5-5452-4411-A54C-3DA055D8A793}) (Version: 1.00 - Aerosoft)
Aerosoft's - German Airfields 3 (HKLM-x32\...\{417FC1D9-A946-4638-B02C-FD9AE0E96E95}) (Version: 1.10 - Aerosoft)
aerosoft's - German Airports 2 X - FSX (HKLM-x32\...\{01C3630A-7FD2-46DF-B514-A4B829B0021A}) (Version: 1.00 - aerosoft)
aerosoft's - German Airports 3 - Bremen X (HKLM-x32\...\{C1F98ADD-81BF-45E1-A36B-515CA20B61AF}) (Version: 1.04 - aerosoft)
aerosoft's - German Airports 3 - Hamburg X (HKLM-x32\...\{EA6E7823-9E5B-4EDD-9750-C3C87FDF0460}) (Version: 1.03 - aerosoft)
Aerosoft's - HelgolandX (HKLM-x32\...\{61957FA7-34C1-4F46-871C-A0FD49848832}) (Version: 1.00 - Aerosoft)
Aerosoft's - Luxembourg Airports (HKLM-x32\...\{F293A032-EB67-4ADC-8646-F1AA7F9E0143}) (Version: 3.01 - Aerosoft)
Aerosoft's - Mallorca X Evolution - FSX (HKLM-x32\...\Mallorca X Evolution - FSX) (Version: 1.01 - Aerosoft)
aerosoft's - Mega Airport Amsterdam FSX (HKLM-x32\...\{0A297C87-BF52-43FD-AD75-EE72228E4457}) (Version: 1.04 - aerosoft)
aerosoft's - Mega Airport Barcelona X (HKLM-x32\...\{A8736347-B854-400E-A060-19321AD85B98}) (Version: 1.01 - aerosoft)
aerosoft's - Mega Airport Frankfurt X (HKLM-x32\...\{BAEE0C24-C8C2-4820-9DF4-887909F1A286}) (Version: 1.01 - aerosoft)
aerosoft's - Mega Airport London Heathrow X (HKLM-x32\...\{2F4AF40B-433A-494E-BB41-816D113F32BA}) (Version: 1.10 - aerosoft)
aerosoft's - Mega Airport Stockholm Arlanda X (HKLM-x32\...\{3B6F6E35-900C-4FE3-B2F6-067443353CD1}) (Version: 1.00 - aerosoft)
Aerosoft's - MyTraffic 2013 (HKLM-x32\...\{37F50C53-EDED-4FFE-9877-532A335C5C18}) (Version: 1.00 - Aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.03 - aerosoft)
aerosoft's - OMSI 2 - Drei Generationen (HKLM-x32\...\{C88376AA-BF64-40F4-9AD6-F8A18DA394F2}) (Version: 1.00 - aerosoft)
aerosoft's - OMSI 2 - Hamburg (HKLM-x32\...\{5BF6B590-F7F5-46B5-B5F4-B0CA93423AD6}) (Version: 2.01 - aerosoft)
aerosoft's - Venice X (HKLM-x32\...\{74F493A2-1264-4BF2-A135-0184C68BD580}) (Version: 1.00 - aerosoft)
Aerosoft's - VFR Germany 2 (HKLM-x32\...\{3BB7B4D3-C534-4700-AA1B-B01A8EA5F27C}) (Version: 1.00 - Aerosoft)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Amazon Amazon Music) (Version: 4.0.0.1205 - Amazon Services LLC)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 173 - Abelssoft)
Any Video Converter 3.1.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Appigo Sync (HKLM-x32\...\{89A060BA-6CF3-4BDB-A94C-91C9BEF21C6A}) (Version: 1.2.0.0 - Appigo, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ArcSoft MediaImpression (HKLM-x32\...\{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}) (Version: 1.2.28.567 - ArcSoft)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.63.2.50050 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.63.4 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 1.2.0.0 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour-Druckdienste (HKLM\...\{4CE925AF-6519-4FEB-BEBD-DE2BFE2944EB}) (Version: 2.0.0.36 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
C64Classix (HKLM-x32\...\C64Classix) (Version:  - )
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Carenado C208B Grand Caravan (HKLM-x32\...\Carenado C208B Grand Caravan) (Version: 1.00.00.00 - Carenado)
Carenado C208B Super Cargomaster Expansion Pack HD (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Carenado C208B Super Cargomaster Expansion Pack HD) (Version:  - )
Carenado C340 II FSX (HKLM-x32\...\Carenado C340 II FSX) (Version: 1.00.00.00 - Carenado)
Carenado CT210M Centurion II FSX (HKLM-x32\...\Carenado CT210M Centurion II FSX) (Version: 1.00.00.00 - Carenado)
Carenado SR22T HD SERIES FSX/P3D (HKLM-x32\...\Carenado SR22T HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
Carenado TBM850 HD SERIES FSX/P3D (HKLM-x32\...\Carenado TBM850 HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Chromium (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Chromium) (Version: 44.0.2386.0 - Chromium)
Conexant Polaris Unused CIR Function (HKLM\...\VID_1D19&PID_6109&MI_00) (Version: 1.0.0.0 - Conexant Systems)
Corel Paint Shop Pro Photo X2 (HKLM-x32\...\{64E72FB1-2343-4977-B4A8-262CD53D0BD3}) (Version: 12.50.0001 - Corel Corporation)
Corel VideoStudio 12 (HKLM-x32\...\InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}) (Version: 12.0.0.0000 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Curse Client (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.4930 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.4930 - Ihr Firmenname) Hidden
Dataplex (HKLM\...\{6AD0B283-6BDB-47C0-9728-C1BA7A83CB8A}) (Version: 1.3.0.0 - NVELO, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DodoSim Bell 206 FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\DodoSim Bell 206 FSX) (Version:  - )
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DORNIER 228 FSX/P3D (HKLM-x32\...\DORNIER 228 FSX/P3D) (Version: 1.0 - Carenado)
DRAGON 1.7 (HKLM-x32\...\DRAGON) (Version: 1.7 - PREPAID-USENET LIMITED)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EDEKA Foto (HKLM-x32\...\EDEKA Foto) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
EKCH Copenhagen Airport, Kastrup X (HKLM-x32\...\{9D5BFBF1-EB38-4AE1-A833-4F564B999CE3}) (Version: 2.0 - Scansim)
Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden
Elite Dangerous Launcher version 0.4.5499.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.5499.0 - Frontier Developments)
Empire: Total War (HKLM\...\Steam App 10500) (Version:  - The Creative Assembly)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
European Ship Simulator (HKLM-x32\...\Steam App 299250) (Version:  - Excalibur)
EVE Online (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\{e9a55721-260b-4e0e-99ed-977140edf3ef}) (Version: 1.0.0 - CCP)
Fahrzeit Vol.1 'Metronom Frühschicht' 1.0 (HKLM-x32\...\ABFE3B59-DCAA-4EF5-82D5-5A07FE08E789_is1) (Version: 1.0 - 3DZUG)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Flight1 ATR 72-500 for FSX (Includes SP1) (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Flight1 ATR 72-500 for FSX (Includes SP1)) (Version:  - )
Flight1 Citation Mustang (HKLM-x32\...\f1mustang_FSX) (Version: 1.01 - Flight One Software)
Flight1 Downloader (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Flight1 Downloader) (Version:  - )
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
Fokker 70-100 FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Fokker 70-100 FSX) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free Audio CD to MP3 Converter version 1.3.12.1228 (HKLM-x32\...\Free Audio CD to MP3 Converter_is1) (Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.9.37.426 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
Fresco Logic USB3.0 Host Controller (HKLM\...\{6E9E1B70-59C4-403E-ABFB-C08012BC7F8A}) (Version: 3.0.89.14 - Fresco Logic Inc.)
FSXFollow 1.1 (HKLM-x32\...\FSXFollow) (Version: 1.1 - PositionGames)
Fw190A (HKLM-x32\...\Fw190A) (Version:  - )
Glary Utilities 5.6 (HKLM-x32\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoogleClean (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C08EF142}_is1) (Version: 5.0.000 - Abelssoft)
Grob SPn ---  rel. 3.00 (HKLM-x32\...\Grob SPn ---  rel. 3.00) (Version:  - )
Grob SPn --- UPDATE to rel. 3.1.1 (HKLM-x32\...\Grob SPn --- UPDATE to rel. 3.1.1) (Version:  - )
Guardian Of Data v2.2 (HKLM-x32\...\Guardian Of Data_is1) (Version:  - ASCOMP Software GmbH)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.6.4 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HP Officejet 6500 E709 Series (HKLM\...\{4C8C6D37-CA3C-4EF6-A1E5-0D188E7B6021}) (Version: 14.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iFunbox (v1.95.901.639), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v1.95.901.639 - )
Inkscape 0.48.1  (HKLM-x32\...\Inkscape) (Version: 0.48.1 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Interaktive Sprachreise - Español Sprachkurs 1 (HKLM-x32\...\ISRS1_15_676867) (Version:  - digital publishing AG)
Iomega QuikProtect (HKLM\...\Iomega QuikProtect) (Version: 1.3.4.19745 - EMC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
JFritz 0.7.5 Rev. 1 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version:  - JFritz Team)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.63.1 - JMicron Technology Corp.)
Just Flight - Phenom 100 for FSX (HKLM-x32\...\{C6A0A43F-EBBA-4A32-BFE2-01BA3CFCD26C}) (Version: 1.00.0000 - Just Flight)
JustFlight DC-3 Legends of Flight (HKLM-x32\...\JustFlight DC-3 Legends of Flight) (Version:  - )
Kernel Outlook PST Viewer ver 10.09.01 (HKLM-x32\...\Kernel Outlook PST Viewer_is1) (Version:  - Nucleus Data Recovery .com)
Lanikai (64-bit) (3.1.1) (HKLM-x32\...\Lanikai (64-bit) (3.1.1)) (Version: 3.1.1 (en-US) - Mozilla)
LenovoEMC Storage Manager (HKLM\...\LenovoEMC Storage Manager) (Version: 1.4.3.9580 - EMC)
LFKJ Ajaccio Napoleon Bonaparte (HKLM-x32\...\LFKJ_AJACCIO_NAPOLEON_BONAPARTE_is1) (Version: 1.0.0.0 - SimMarket)
Live 8.2.6 (HKLM-x32\...\Live 8.2.6) (Version:  - )
Live Lite 4 for M-Audio 4.0.4 (HKLM-x32\...\Live Lite 4 for M-Audio 4.0.4) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.79 (HKLM\...\Logitech Gaming Software) (Version: 8.79.77 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
MAGIX 3D Maker (embedded MSI) (HKLM-x32\...\{2D266DB5-0C7E-45D3-939E-79DD342EC081}) (Version: 6.0.0.10 - MAGIX AG)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Fotos auf CD & DVD 9 (HKLM-x32\...\MAGIX_MSI_Fotos_auf_CD_DVD_9) (Version: 9.0.4.4 - MAGIX AG)
MAGIX Fotos auf CD & DVD 9 (x32 Version: 9.0.4.4 - MAGIX AG) Hidden
MAGIX Online Druck Service (HKLM-x32\...\{9BA2456A-EBDD-4B22-B379-80785D465517}) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX_{341D13B7-3C84-4D68-90B7-1F4B6C2BCB21}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{9BB8F86C-A246-4D3E-9EF5-1117CE67C6F4}) (Version: 6.0.1.4 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{DA6B1FF0-27E8-4272-8D06-37C53FCFD507}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe MX Plus Sonderedition (HKLM-x32\...\MAGIX_{E41712A1-DEEB-4D10-BCF1-046BA0611F94}) (Version: 11.0.5.0 - MAGIX AG)
MAGIX Video deluxe MX Plus Sonderedition (x32 Version: 11.0.5.0 - MAGIX AG) Hidden
MAGIX Web Designer 6 (HKLM-x32\...\MAGIX_MSI_Web_Designer_6) (Version: 6.0.1.14443 - MAGIX AG)
MAGIX Web Designer 6 (x32 Version: 6.0.1.14443 - MAGIX AG) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.164 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.6 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft Flight Simulator SimConnect Client v10.0.61242.0 (HKLM-x32\...\{85DF6786-66AA-42EE-8616-AE456B07BD99}) (Version: 10.0.61242.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MilViz - Northrop T-38 Talon (HKLM-x32\...\MilViz - Northrop T-38 Talon1.1 Full) (Version: 1.1 Full - The SW)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 21.005.15.00.705 - Huawei Technologies Co.,Ltd)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
My Net View (HKLM-x32\...\{7F9C9908-69E3-4474-A081-256F27995A18}) (Version: 1.0.12.0 - Western Digital)
MyKeyFinder (HKLM-x32\...\MyKeyFinder_is1) (Version: 2014 - Abelssoft)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
NeoSetup Updater (HKLM-x32\...\RPD_is1) (Version: 3.9.0.0 - Innovative Solutions)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
Nokia Connectivity Cable Driver (HKLM-x32\...\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}) (Version: 7.1.45.0 - Nokia)
Nokia Ovi Suite (HKLM-x32\...\Nokia Ovi Suite) (Version: 3.1.1.78 - Nokia)
Nokia Ovi Suite (x32 Version: 3.1.1.78 - Nokia) Hidden
Nokia Ovi Suite Software Updater (HKLM-x32\...\{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}) (Version: 02.07.004.45780 - Nokia Corporation)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OMSI 2 (HKLM-x32\...\Steam App 252530) (Version:  - MR-Software GbR)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.2 (HKLM-x32\...\{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}) (Version: 3.2.9502 - OpenOffice.org)
Orbiter 2010-P1 (HKLM-x32\...\{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}) (Version: 1.1.0.0 - Martin Schweiger)
Ovi Desktop Sync Engine (x32 Version: 1.5.266.0 - Nokia) Hidden
OviMPlatform (x32 Version: 2.7.72.0 - Nokia) Hidden
PA-28-181 ARCHER II FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\PA-28-181 ARCHER II FSX) (Version:  - )
PA28RT ARROW IV FSX (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\PA28RT ARROW IV FSX) (Version:  - )
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Paladins (HKLM\...\Steam App 444090) (Version:  - Hi-Rez Studios)
Phoenix R/C® (HKLM-x32\...\PhoenixRC) (Version: 5.0.v - Runtime Games Ltd)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.2 - Nikon)
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.6.0.118 - Pinnacle Systems)
Pinnacle Studio 12 (HKLM-x32\...\{D041EB9E-890A-4098-8F94-51DA194AC72A}) (Version: 12.1.3.6605 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
PMB-Aktualisierungsprogramm (HKLM-x32\...\{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}) (Version: 5.6.01.03300 - Sony Corporation)
PMDG 737 6700 NGX RTM (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.00.3219 - PMDG Simulations, LLC.)
PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)
PMDG 777-200LR/F Base Package FSX (HKLM-x32\...\{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}) (Version: 1.10.6155 - PMDG Simulations, LLC.)
PMDG744X_GE_AF (HKLM-x32\...\{70D78DCD-8369-4857-BFEF-021C9899DA75}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_GE_BR2 (HKLM-x32\...\{4A7EA2A2-221D-437C-8727-B033E6679124}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_GE_LH (HKLM-x32\...\{20372FAA-3AF4-4B3D-9B1D-564CDEA5957C}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_GE_OZ2 (HKLM-x32\...\{4DA93734-2293-4016-B8B9-720BDEBFCD80}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_PW_FJ2 (HKLM-x32\...\{F66D065A-162C-4539-84BB-9A8B51BAEAD9}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_PW_IB (HKLM-x32\...\{1D67FB28-58DA-4425-B426-99E894468197}) (Version: 1.00.0000 - Precision Manuals Development Group)
PMDG744X_PW_KA (HKLM-x32\...\{1681B05D-683B-422B-9565-98B1DBF29713}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744X_RR_QF (HKLM-x32\...\{EC65FAF7-F12F-4C81-9E9D-2FE1115CFBA9}) (Version: 1.10.0000 - Precision Manuals Development Group)
PMDG744XF_GE_BRF (HKLM-x32\...\{1AF39B3E-954C-4ADB-BD31-D29F653D4B22}) (Version: 1.00.0000 - Precision Manuals Development Group)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Pro Evolution Soccer 2015 (HKLM\...\Steam App 287680) (Version:  - KONAMI Digital Entertainment)
Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - Slightly Mad Studios)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Quick Startup 5.3.1.96 (HKLM-x32\...\Quick Startup) (Version: 5.3.1.96 - Glarysoft Ltd)
Real Environment Xtreme + Overdrive (HKLM-x32\...\{256FA569-AAAA-43D5-B1D8-57406A9D3A9A}) (Version: 2.5.2010.1027 - Real Environment Simulations, Inc.)
RealDownloader (x32 Version: 18.1.3.103 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.58.411.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
RollerCoaster Tycoon World (HKLM\...\Steam App 282560) (Version:  - Nvizzio Creations)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samplitude Music Studio 17 (HKLM-x32\...\MAGIX_MSI_ms17dlx) (Version: 17.0.0.0 - MAGIX AG)
Samplitude Music Studio 17 (x32 Version: 17.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2013 (HKLM-x32\...\MAGIX_{C02AB3DD-D476-4EF0-B59B-D4D58A71A5F9}) (Version: 19.0.0.10 - MAGIX AG)
Samplitude Music Studio 2013 (Version: 19.0.0.10 - MAGIX AG) Hidden
Samplitude Music Studio 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.0 - Samsung)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Screenshot Captor 3.03.01 (HKLM-x32\...\ScreenshotCaptor_is1) (Version:  - )
Secure Eraser v4.0 (HKLM-x32\...\Secure Eraser_is1) (Version:  - ASCOMP Software GmbH)
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.0.1 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.0.1 - Shark007)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization IV Colonization (HKLM-x32\...\{EF36A836-BF89-4A4F-B079-057B0C68C1E0}) (Version: 1.00 - Firaxis Games)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis Games)
SiSoftware Sandra Lite 2012.SP5c (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 18.74.2012.10 - SiSoftware)
Skype Toolbars (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Soccer Manager 2016 (HKLM-x32\...\Steam App 407120) (Version:  - Soccer Manager Ltd)
Sound Blaster X-Fi (HKLM-x32\...\{20288888-A7AF-4B24-8AEB-398D20CD563C}) (Version: 1.0 - Creative Technology Limited)
Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Spotify (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SRWare Iron Version SRWare Iron 21.0.1200.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 21.0.1200.0 - SRWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
supra IPCam (HKLM-x32\...\{B0024EE6-6018-4FD6-BC5C-DFE6F0375A95}) (Version: 1.8.4.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version:  - Nadeo)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version:  - Ubisoft)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Train Fever (HKLM-x32\...\Steam App 304730) (Version:  - Urban Games)
Train Simulator 2015 (HKLM-x32\...\Steam App 24010) (Version:  - Dovetail Games)
TransOcean - The Shipping Company (HKLM-x32\...\Steam App 289930) (Version:  - Deck 13 Hamburg)
Treiber-Studio 2013 (HKLM\...\{7BD95F83-10BC-43FB-9654-D1702EC2B555}) (Version: 8.0.415 - Publish Data)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4500.45 - TuneUp Software) Hidden
TVCenter (HKLM\...\{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}) (Version: 6.4.2.880 - PCTV Systems)
TwonkyMedia (HKLM-x32\...\TwonkyMediaTwonkyMedia) (Version: 6.0.39.0 - PacketVideo)
UK2000 Gatwick Xtreme FSX  (HKLM-x32\...\UK2000 Gatwick Xtreme FSX) (Version: 3.00 - UK2000 Scenery)
Ultimate Terrain X - Europe (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Ultimate Terrain X - Europe) (Version:  - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
USB Media Adaptor for Microsoft Windows (HKLM-x32\...\USB Media Adaptor) (Version:  - )
Vasco da Gama 5 HDPro (HKLM-x32\...\{067D2172-F8F3-477D-B4EE-0B0AA967D544}) (Version: 5.20.0000 - MotionStudios)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden
Video Grabber (HKLM\...\VID_1D19&PID_6109&MI_01) (Version: 1.0.0.0 - Conexant Systems)
VideoStudio (x32 Version: 12.0.0.0000 - Corel Corporation) Hidden
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.2 - Nikon)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Rock Drums (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
Vivaldi (HKLM-x32\...\Vivaldi) (Version: 1.5.658.56 - Vivaldi)
Vivaldi (HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Vivaldi) (Version: 1.1.453.52 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Watermark Image software version 1.9.9.3 (HKLM-x32\...\Watermark Image_is1) (Version:  - )
WD Link (HKLM-x32\...\WD Link) (Version: 1.00.03 - Western Digital)
WD Quick View (HKLM-x32\...\{19A2103A-A588-421C-B4CD-30E02FA401A3}) (Version: 1.6.3.4 - Western Digital)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireshark 1.6.1 (HKLM-x32\...\Wireshark) (Version: 1.6.1 - The Wireshark developer community, hxxp://www.wireshark.org)
Wise Folder Hider 1.53 (HKLM-x32\...\Wise Folder Hider_is1) (Version: 1.53 - WiseCleaner.com, Inc.)
WoLoSoft SuperEdi 4.3.1 (HKLM-x32\...\SuperEdi_is1) (Version: 4.3.1 - WoLoSoft International)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xtreme FSX PC 2.8.0.0 (HKLM-x32\...\Xtreme FSX PC) (Version: 2.8.0.0 - FSPS)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{04d81769-8002-4b11-b48d-3e6c2c21a025}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{05bc9a36-21d8-486e-a2dc-b4f063a56008}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{084ab9bc-d32b-4c22-b969-60e2a16868e7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{09a35d61-ec85-4aa1-8b3e-b392a5966344}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1185dfb4-b03c-42ab-93e9-5006faf85fea}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{191fb2f6-c15d-4a75-ad24-e87d987f6b72}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{19d01be8-cdd7-47e9-81cc-ca4e868b59ee}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1aaf5769-b4d7-4e4a-9178-a1b2ee412d05}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{1d47af89-1345-463f-b6f7-fc7bf23b754e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{214ace60-285c-4524-b7aa-c699e724b8d2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{21760e92-8a0f-4f01-ba84-e745e9d34115}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{24d6a94c-110d-43c3-8c8b-441aa3cae286}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{26f62c12-38d0-4cb3-88d2-c774961c6704}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{2787ee41-647c-4ed9-95f5-fb01f7ca5098}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{4274700d-5697-4158-87a0-915d3583633e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{447b5088-476d-4e17-a031-d982064588c6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{4bdfd52a-c9cc-4eca-a472-529b8beed1c9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{503b8954-030c-4c02-8b7b-d22bebc05f38}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{503dfae7-19b8-4963-a9a0-2acd3598d571}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{522eb9c7-d1a2-43c7-8623-125312449816}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{62f6f3f3-39bf-4339-b385-3faa8c0859fc}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{64dcd37c-6014-4dc0-9c69-02295abb2890}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6595589b-261d-4dd5-ba63-68a553e40b51}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6ac3ae6d-eb71-481d-a89d-899f46acdb0d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6ae5ef15-470d-48a2-900e-0189cdf8ffbf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6b0cdc28-f7f0-4a4f-bb2e-0176a49a06bd}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{6c62dc8b-dcec-40e4-8a0f-9dd350e77d7b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{70226c5a-ae82-4905-b186-01ada693a175}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{79bd353f-6e09-4e70-9a97-4c71711033b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{79c83bfb-366f-4baf-b017-454cf8dff90a}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c3d3156-bd5c-445f-bac2-4756e374c11b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c55d38c-f135-43bc-aa33-459c3086755e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{7c8c38d6-5814-4d2a-a012-eb989e2efb37}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{8d179a5a-3950-4e8f-a9e8-2149b702fcf1}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{8fe16fc5-40dc-487b-bb9a-d3b66acc0cf3}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{908cc787-3106-48d6-8921-a09b6ef98166}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{97df3c16-9ed8-47e0-a4ef-95ac48bcb88f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{9b6c38cb-cd0d-4bcc-b5b3-9d5bcc7cbfe9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a06038cd-518a-4760-aba3-5235ecd95b1d}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a1ac59fb-a02d-4649-aa82-a2bc488699ce}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a2e43181-a9e6-400e-97dc-82e244c18f85}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{a761a701-af33-4805-970d-a17db83d6535}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ab6c9590-0341-4941-bd9e-83baa685cf1f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ad7a45fc-f682-44a4-82e0-d6d8a728a016}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b60e8a40-e50b-4830-bbda-94e237749874}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b618d331-3a28-426b-be3e-9a2c04a8d2b7}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b8e490ae-be4e-487d-9339-d78d6d7f3739}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b997f64d-91ca-4cf2-a128-dafaba1dacf2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{b9ef413a-5682-4f47-a938-75d8b52c4595}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ba7f4f0b-a36b-4b15-b3a1-3bb6c8da4390}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ba9284d1-4dff-4065-8f31-0dc741a720ce}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{bd37d3c7-fcd6-40fc-936a-341ea3a36357}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{be989282-1c1e-4515-868a-317f33eda17f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{c6765c7b-394f-4b94-8774-5a2ab413856f}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{cc2029a1-a1ba-43a1-97eb-8c4791053181}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{cc6dff49-7a5d-4e6c-a742-2f0d0e4504d2}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{dcd01d5c-81ce-4f2f-9eee-c625a5d3a70b}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e22e6d55-df7d-430c-9a6e-a521877d9e63}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e3e74351-b8bb-4a14-bfe3-9cd2ce280618}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{e92f2613-fd44-4bf2-88b9-aa488cd881bb}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{ef715f28-ee88-452a-9bef-566124e936cf}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{f3a433b0-9802-4841-93ae-5e578b1673d0}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3438443834-875338260-1882614465-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07996DB4-129C-4F75-8158-B9DD98DFB6F1} - System32\Tasks\{1FEE1EFD-5BE9-480F-AF0C-C2C0344A1630} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {09AFD1CB-746B-4985-922F-D35A1B9E6BF8} - System32\Tasks\{22C953FD-90E9-4CE8-B2B3-82E6D793B2AB} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-05-17] (Skype Technologies S.A.)
Task: {09D74595-A61D-461B-9B6F-59BBC7160D58} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {1940FF79-2C54-4203-AEA4-AF07AE78A871} - System32\Tasks\{3EE7C121-4A7B-49B0-9D74-44D92D444EA4} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {233C5B3D-EE00-46E3-B5C0-3B0D10D1D996} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-13] (Adobe Systems Incorporated)
Task: {24721D18-852B-4F33-B2E5-D6AE4315700A} - System32\Tasks\{467E043D-D2B3-489B-B92A-9F0CB6FEDD64} => pcalua.exe -a "C:\Program Files (x86)\OkayFreedom\setuptool.exe" -d "C:\Program Files (x86)\OkayFreedom"
Task: {2890947D-296B-4C10-B39C-06038784272F} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-08-18] (Glarysoft Ltd)
Task: {2E03AD65-6C75-416C-AF13-B819AC01C819} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {300C1EA2-E9FE-40F2-A858-2FCD59C8D95A} - System32\Tasks\{75A6B6D7-647D-42F5-A293-5D4420F57EF7} => pcalua.exe -a C:\Users\Lutz\Downloads\vcredist_x64(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3E0BA044-717C-44CA-A230-C0A0E9608558} - System32\Tasks\{E8789EBD-96FE-4E00-9384-33F050458B82} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\uncommonvalor.exe
Task: {414D97F2-E33D-4B2F-91C7-9D2337326F5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {460FB276-EBCC-4B2A-9F06-DFB8741E6DEE} - System32\Tasks\{037ED4FC-AEDC-4B7F-8659-7E4E99BB364E} => pcalua.exe -a C:\Users\Lutz\Downloads\Fokker70-100-SP2.exe -d C:\Users\Lutz\Downloads
Task: {4A9A0799-E4E3-4231-B666-8BBC87ABD1D8} - System32\Tasks\{2191C3FC-2D8A-4319-B8E3-6E81637CB2F4} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\uncommonvalor.exe
Task: {4BCC6BD6-C99A-4544-9757-C9CEEE48F0CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {4EAB6E52-8128-49B4-BF0C-C378A0C28527} - System32\Tasks\{38597039-AE79-46D8-925F-8E2B6093EEF8} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {5013F281-F998-4854-BC2D-6E164B066060} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {53C06319-69AF-4FBA-95AE-9066890ACEF1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {591975F3-49FE-4E98-8748-54E977FE5BBD} - System32\Tasks\NeoSetup Updater => C:\Program Files (x86)\Innovative Solutions\NeoSetup Updater\NeoSetup_Updater.exe [2015-06-26] (Innovative Solutions)
Task: {6147FA48-9E89-41B3-852E-511278DE3F1A} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-08-18] (Glarysoft Ltd)
Task: {631FD255-E27C-4C81-8C6E-9CFCF9D7A13F} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {6B3E7727-BF5E-4A6F-97FB-C9027C2AA286} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18] (ArcSoft Inc.)
Task: {6DDA85FF-A476-4586-856D-EDEDBBD7E173} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-03] (Google Inc.)
Task: {71A76E68-95C5-4547-82C6-AF23D822412E} - System32\Tasks\{6121CC0B-6581-489E-908C-3F0450821362} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {7A2F978F-3368-4426-BF80-F531EC961C83} - System32\Tasks\InstallShield Update Service => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-02-17] (InstallShield Software Corporation)
Task: {7F772FB4-E2D6-4737-B856-5E26516A7991} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {837D85D4-21E4-4F2D-8D11-B9ED717BD77B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {8F74DB31-DA82-4889-BCF7-B08E5DD2705A} - System32\Tasks\{434EC527-19D8-4152-AAE0-EAADDABFA758} => pcalua.exe -a C:\Users\Lutz\Downloads\setup.exe -d C:\Users\Lutz\Downloads
Task: {8FBAD392-F023-4AD8-8256-06BA4AC4D2E8} - System32\Tasks\{41D0D454-F664-4B57-927A-8D7434112D05} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\Temp1_um304x86.zip\um304x86\setup.exe <==== ACHTUNG
Task: {940424C1-22E3-4D2C-AE92-DCCF1EDEBC96} - System32\Tasks\{0DF8895D-E20F-4191-9EA0-500C282D8D76} => E:\Program Files (x86)\Matrix Games\Uncommon Valor\start.exe
Task: {97294692-DF92-4376-91AB-73DC9957A794} - System32\Tasks\{AC696D6F-E62F-448A-BE83-794BD22DDB39} => Chrome.exe hxxp://ui.skype.com/ui/0/5.8.0.158/en/abandoninstall?page=tsMain
Task: {97DC5329-4509-4BEB-A8DF-1E2CB824EDE8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {990B475B-9764-4149-9510-9FF97D2A6A4F} - System32\Tasks\{96C8B12C-FED4-4877-9404-AED55A581635} => pcalua.exe -a "C:\Users\Lutz\Documents\downloads\complete\carenado\PA-28-181 ARCHER II.exe" -d C:\Users\Lutz\Documents\downloads\complete\carenado
Task: {9E9E5679-73F1-41F1-ACD5-0A94CC77FDDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {A91127AF-E844-43EF-8C95-BCEC6438FBBA} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {A9CDBCC2-49B3-41A2-BBDA-2A893398008B} - System32\Tasks\{5795B20E-DE83-4FF0-8002-72B0D065C0F4} => pcalua.exe -a F:\setup.exe -d F:\
Task: {BD49F3FF-4CE2-4708-8187-9E3968755C34} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {C1935ADB-EEDA-4DA8-913E-BD1A221A54D4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-11-25] (AVG Technologies CZ, s.r.o.)
Task: {C1F5A065-F7E5-41FD-97D8-1F2151064B79} - System32\Tasks\{E91865F8-96CE-4304-94E8-B1368CACDDD0} => pcalua.exe -a C:\Users\Lutz\Documents\downloads\complete\1330271862\wop3_p40.EXE -d C:\Users\Lutz\Documents\downloads\complete\1330271862
Task: {C9C21059-BB15-4997-80E2-A1CB1B0A9B9B} - System32\Tasks\UninstallMonitor => C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe [2016-04-11] (Innovative Solutions)
Task: {CAF77BA2-94DF-4D2A-BCE5-854BFBA01A06} - System32\Tasks\AdobeAAMUpdater-1.0-Lutz-PC-Lutz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {CC4A0E94-5BBD-4059-8DD9-6B5709721650} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {CE12364A-0D3C-4FE1-9AA3-079D066618AA} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2016-02-03] (RealNetworks, Inc.)
Task: {D78CF1C2-B8A5-4D00-A1FC-A3858E6E9B24} - System32\Tasks\{80B6C8F2-C1FA-49FC-9E3D-C7BDA86F1B30} => pcalua.exe -a "H:\FSX - 747-400X v2.10.0040 - PMDG\FSX - 747-400X v2.10.0040 - PMDG\PMDG747_400_FSX.exe" -d "H:\FSX - 747-400X v2.10.0040 - PMDG\FSX - 747-400X v2.10.0040 - PMDG"
Task: {D82E5F2D-32D1-42E7-8D36-F15C0FABAE65} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01] (Oracle Corporation)
Task: {E1AECECA-8F96-41AC-9E7B-A17247B595CC} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E53062DD-C8D1-4B82-B0BA-5982FAFEE707} - System32\Tasks\{0FE70729-25B3-4A5D-BFE2-55976F8FA017} => pcalua.exe -a F:\setup.exe -d F:\
Task: {E651F558-3D82-42FC-9A97-06C91B999198} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {ECE1E9F5-6992-431C-8A6F-D4C7BEC96619} - System32\Tasks\{574CE011-1F26-48FB-836C-A9F5EDF8BF1B} => pcalua.exe -a C:\Users\Lutz\Downloads\Diablo-III-Setup-deDE.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FB4E00C8-BC32-4129-ADD6-C99C72ED3DA4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2016-02-03] (RealNetworks, Inc.)
Task: {FBB7D511-4945-4143-9889-EAC1F3ACAA79} - System32\Tasks\{0C6B6228-F57E-42EC-A95D-E3AD20AD688C} => pcalua.exe -a "C:\Users\Lutz\Desktop\World of Warcraft Beta Setup(4).exe" -d C:\Users\Lutz\Desktop

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Lutz\Desktop\Dateien\WEB.DE.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.web.de/tb/ie_desktop_portal
ShortcutWithArgument: C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1691702640"
ShortcutWithArgument: C:\Users\Lutz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> -user-agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1691702640"

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-07-05 13:44 - 2011-05-28 06:52 - 00557280 _____ () C:\Program Files (x86)\ASCOMP Software\Secure Eraser\SecEraser64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-29 18:28 - 2013-10-29 18:28 - 00246112 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2016-03-01 17:53 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-01 17:53 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-21 18:50 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2011-05-11 18:21 - 2015-12-30 16:27 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-05-11 18:21 - 2015-12-30 16:27 - 00107832 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2016-02-03 18:49 - 2016-02-03 18:49 - 00032544 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-09-26 16:23 - 2013-03-06 13:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-03-29 20:27 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-19 21:41 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-29 20:27 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-11-30 20:39 - 2016-11-30 20:39 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net Helper.exe
2013-10-29 18:28 - 2013-10-29 18:28 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00384512 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-29 18:28 - 2013-10-29 18:28 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00037688 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2016-02-03 18:48 - 2016-02-03 18:48 - 00039224 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2016-02-03 18:49 - 2016-02-03 18:49 - 00037192 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-03-31 16:29 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-28 17:42 - 2016-11-28 17:42 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-11-30 20:40 - 2016-11-30 20:40 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\ortp.dll
2016-11-30 20:39 - 2016-11-30 20:40 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libcef.dll
2016-11-30 20:39 - 2016-11-30 20:39 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\battle.net.dll
2016-11-30 20:40 - 2016-11-30 20:40 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libEGL.dll
2016-11-30 20:40 - 2016-11-30 20:40 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libGLESv2.dll
2016-11-30 20:40 - 2016-11-30 20:40 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libglesv2.dll
2016-11-30 20:40 - 2016-11-30 20:40 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\libegl.dll
2016-11-30 20:39 - 2016-11-30 20:39 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8180\ffmpegsumo.dll
2015-12-02 17:58 - 2015-11-16 19:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData:gs5sys [2560]
AlternateDataStreams: C:\Users\All Users:gs5sys [2560]
AlternateDataStreams: C:\Users\Lutz:gs5sys [3074]
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\TEMP:05EE1EEF [268]
AlternateDataStreams: C:\Users\Lutz\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Lokale Einstellungen:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\Vorlagen:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Roaming:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local\Anwendungsdaten:gs5sys [3074]
AlternateDataStreams: C:\Users\Lutz\AppData\Local\Verlauf:gs5sys [1792]
AlternateDataStreams: C:\Users\Lutz\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys [3074]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2016-11-23 20:54 - 00000895 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 google-analytics.com
127.0.0.1 www.google-analytics.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: Adobe LM Service => 3
MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: AudioSrv => 2
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: Creative ALchemy AL6 Licensing Service => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: DokanMounter => 2
MSCONFIG\Services: FirebirdServerMAGIXInstance => 3
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: JMB36X => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: QPCopyEngine => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VMCService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LenovoEMC Storage Manager.lnk => C:\Windows\pss\LenovoEMC Storage Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nach Updates suchen.lnk => C:\Windows\pss\Nach Updates suchen.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPointII.lnk => C:\Windows\pss\SetPointII.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Twonky Tray Control.lnk => C:\Windows\pss\Twonky Tray Control.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Lutz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk => C:\Windows\pss\simplicheck.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AntiBrowserSpy - BrowserMask => C:\Program Files (x86)\AntiBrowserSpy\BrowserMask.exe
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AvgUi => "C:\Program Files (x86)\AVG\Framework\Common\avguix.exe" /fmw.trayonly
MSCONFIG\startupreg: Badoo Desktop => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
MSCONFIG\startupreg: Bing Bar => "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
MSCONFIG\startupreg: BrowserMask => "C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" -delayed
MSCONFIG\startupreg: Corel File Shell Monitor => D:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSCONFIG\startupreg: Corel Photo Downloader => "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart /min
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\Lutz\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: MobileConnect => %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: QuiKProtect => C:\Program Files\Iomega\Quikprotect\StartQuikProtect.exe
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SOS Browser Monitor => "C:\Program Files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SOS_Agent => "C:\Program Files (x86)\Steganos Online Shield\OnlineShieldClient.exe" -agent
MSCONFIG\startupreg: Spotify => "C:\Users\Lutz\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Lutz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SSS2009 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SSS2009 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 11\fredirstarter.exe"
MSCONFIG\startupreg: SSS2009 HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosHotKeyService.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TrayServer => C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Sonderedition\TrayServer_de.exe
MSCONFIG\startupreg: UVS12 Preload => D:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe
MSCONFIG\startupreg: VolPanel => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{183864FC-C601-49A7-B3CF-E19CBB897891}] => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{39FAD13A-7155-4FF0-88C1-D4E33FDEBAD5}] => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FEFBB719-A62B-46B6-854D-98635D7CF1CA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BBBAC07C-2D00-4C57-9322-EFE8E10106B2}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{94F934D9-74E5-454F-9A8A-6DDA88262FC9}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\RM.exe
FirewallRules: [{78B041CD-E5E4-4056-97AE-EC9C6CBDC169}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{A4DCB407-4515-45BA-965B-0F696629E64D}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\Studio.exe
FirewallRules: [{E90C2F03-5C6F-4E30-82B7-5ABBA5CA6E20}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{7EED8958-3B7F-4D8B-9974-A5BF2EF2C901}] => E:\Program Files (x86)\Pinnacle\Studio 12\Programs\umi.exe
FirewallRules: [{5AC85760-EDED-4BF5-B3E5-4C836A06506C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7D30EF9B-FB83-4A9E-82A3-543B1B6DDFE9}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{DF658F46-35DE-49CC-A982-6769A212CE87}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{ACF2607B-1C7D-4E88-ACE9-2880F6F8AEF5}] => C:\Program Files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [{991DD234-82CB-49D9-B3FE-D8051B990A4A}] => C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [{F5922D62-93B5-47AF-AFE6-167F8F607A6D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CE206D9-6FD9-4584-B90D-59462403F013}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F0BF4541-FB32-4102-9E94-C6218647E6DB}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DD14BB2-8B00-412A-9A8B-27E441327A3C}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EA54779E-8533-4AB0-BF36-9CC287D4D141}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{00018741-BA45-488E-9D25-06A3F7ECDD3E}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B92FC33C-6682-4077-A98F-BE1DDAFBD5FA}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{7AD07F50-745C-491D-B028-358EADCAC731}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{18F0F321-702D-4525-BA4A-C644067D541D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F731816-12B5-488E-BCA1-E2B09576ED28}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E2A9D55-9537-4B19-9F24-D742F5CF8B11}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B3616504-B0D7-48D9-88A1-795EFD78F744}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6E57D672-708B-4411-8952-78533B7BB23A}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{16BEBC66-AE36-4BCC-9AB7-628CBC6AD0E8}] => D:\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{C77CCC54-01A8-44DA-B553-AFCC99DC5D38}] => D:\Steam\SteamApps\common\pCars\pCARS64.exe
FirewallRules: [{A26471DB-0259-4BFA-9F4E-39DB0E5C708C}] => D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE119BB2-CEF2-422F-BAA2-8830EE795E51}] => D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5A443AD9-A50B-4FA0-BD59-AAF38AC17188}] => D:\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{8B698DAD-D2CC-4B49-8E1A-FF755DD521AF}] => D:\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{78F72C60-F084-41C5-AB3E-F5F9EF0F6918}] => D:\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{44B7D166-C59E-4B93-A847-FCCD27613D6B}] => D:\Steam\SteamApps\common\Spintires\SpinTires.exe
FirewallRules: [{AAE69F65-F1B4-4A87-BA8E-EC0010DE00A0}] => E:\CIV 5\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{D040F1EF-374E-4CE1-9051-A8264B7CFE97}] => E:\CIV 5\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{EDF1C4A2-D1F8-46F1-92D5-435C1FD5F80F}] => D:\Steam\SteamApps\common\OMSI 2\Omsi.exe
FirewallRules: [{01E3360E-15E4-42DB-A96D-38A8E0CE23E8}] => D:\Steam\SteamApps\common\OMSI 2\Omsi.exe
FirewallRules: [{12195342-7516-44F1-AF40-36E2102986AC}] => D:\Steam\SteamApps\common\Train Fever\TrainFever.exe
FirewallRules: [{58C09F16-6775-4581-AB7C-8128EC00D8DD}] => D:\Steam\SteamApps\common\Train Fever\TrainFever.exe
FirewallRules: [{DEC04915-1CCB-4B98-90D7-9A479F8872AB}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{47C0ABC3-9B4A-417C-B10B-CABA10CA62B9}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{667CACB5-0730-4A52-851F-F250150943BF}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8C40FE4A-4266-476C-BDEC-72FD05A59718}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{182A7BE0-41D6-4DC0-B203-08FD063D2FE1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7A7B4AC7-8030-48D0-99A7-968C9884207B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A34FF7BA-1432-47AE-A1D7-33E8F49AFD53}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4ADC216-086B-43A7-9495-4C4AE28D0268}] => D:\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{D72AB6A4-F503-49FE-9C99-044D408349EB}] => D:\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{31E0A09C-AE74-4CF6-8DBD-72BE48A320B0}] => E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{7905E67F-8364-4418-91DC-255299987E1D}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{410765E6-CC8B-47AB-84E6-1725BD42C5CF}] => D:\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{0D901DAE-9977-4093-B1CE-00A444CB914B}] => D:\Steam\SteamApps\common\RollerCoaster Tycoon World\RollerCoaster Tycoon World.exe
FirewallRules: [{693B1927-12F7-439F-A6DB-7F2D10989BAD}] => D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{A8F1D02B-7609-4F35-B1AC-C982CAEB5B4C}] => D:\Steam\SteamApps\common\assettocorsa\AssettoCorsa.exe
FirewallRules: [{0FD2DEA8-49E9-4AEA-9475-6E874CC9A403}] => D:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{1EDAC775-C4DD-49C0-B98E-C4535DB512E6}] => D:\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{741C7860-05F0-4DB0-B32F-3A9A2C1ABE7E}] => C:\Program Files\Vivaldi\Application\vivaldi.exe
FirewallRules: [{CE173514-206B-497A-A31B-AFE5E5D87B22}] => D:\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{EB0A216E-194E-458F-9EEB-8E4BC0A49CA9}] => D:\Steam\SteamApps\common\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{507AFCCA-B48B-47D9-82C5-F197A4052843}] => D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{335DA974-A73A-4094-BADF-C888AA52A1CE}] => D:\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{63272A13-0FFB-45A3-A46C-F994C4DD7A00}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B4685677-8E59-424D-9BF3-133CD1265A3D}] => D:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{4608D19C-EB00-4DD7-874E-C76B7B16033E}] => D:\Steam\SteamApps\common\Paladins\Binaries\Win32\HirezBridge.exe
FirewallRules: [{84F51808-9DE4-4292-ACB5-15BBB37CB3A7}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{4E93BACC-0494-4AAD-BCFF-A6808C947F45}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{C2C0A577-FED6-4D96-933F-EC4005B7CBA9}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{389E12B1-10FC-4310-82FD-EDEBAE5CEF3C}] => D:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{CB72CD40-85F8-4EF9-896B-C251911AB396}] => C:\Program Files\Vivaldi\Application\vivaldi.exe

==================== Wiederherstellungspunkte =========================

05-12-2016 19:18:36 Windows Update
08-12-2016 00:21:24 Microsoft Antimalware Checkpoint
08-12-2016 01:35:32 Malwarebytes Anti-Rootkit Restore Point
08-12-2016 19:43:01 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: AppleCharger
Description: AppleCharger
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AppleCharger
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (12/08/2016 07:45:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/08/2016 07:45:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/08/2016 07:45:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/08/2016 06:46:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a7e4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c54f
ID des fehlerhaften Prozesses: 0x1ae4
Startzeit der fehlerhaften Anwendung: 0x01d2517b12c9029a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung: 507a5328-bd6e-11e6-8d21-000000740200

Error: (12/08/2016 06:46:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/08/2016 06:46:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/08/2016 06:46:54 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (12/08/2016 06:46:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MobileMeServices.exe, Version: 1.6.65.0, Zeitstempel: 0x4cafa71a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a7e4
Ausnahmecode: 0xc06d007e
Fehleroffset: 0x0000c54f
ID des fehlerhaften Prozesses: 0x194c
Startzeit der fehlerhaften Anwendung: 0x01d2517affbfbc02
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll
Berichtskennung: 3dbfba2a-bd6e-11e6-8d21-000000740200

Error: (12/08/2016 01:44:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (12/08/2016 01:44:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


Systemfehler:
=============
Error: (12/08/2016 07:38:31 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AppleCharger
nvelofsfltr

Error: (12/08/2016 07:38:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (12/08/2016 07:38:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.

Error: (12/08/2016 07:37:19 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von Microsoft-Antischadsoftware ein Fehler festgestellt.

        Neue Signaturversion:

        Vorherige Signaturversion: 1.233.1746.0

        Aktualisierungsquelle: Microsoft Update Server

        Aktualisierungsphase: Suchen

        Quellpfad: hxxp://www.microsoft.com

        Signaturtyp: AntiVirus

        Aktualisierungstyp: Vollständig

        Benutzer: NT-AUTORITÄT\SYSTEM

        Aktuelle Modulversion:

        Vorherige Modulversion: 1.1.13303.0

        Fehlercode: 0x8024001e

        Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".

Error: (12/08/2016 07:36:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Office Software Protection Platform" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/08/2016 07:36:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "McAfee SiteAdvisor Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/08/2016 07:36:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/08/2016 07:36:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/08/2016 07:36:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 250 Millisekunden durchgeführt: Neustart des Diensts.

Error: (12/08/2016 07:36:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Cyberlink RichVideo64 Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 16343.05 MB
Verfügbarer physikalischer RAM: 12003.09 MB
Summe virtueller Speicher: 32684.29 MB
Verfügbarer virtueller Speicher: 27997.56 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:204.98 GB) (Free:15.44 GB) NTFS
Drive d: (Volume) (Fixed) (Total:363.18 GB) (Free:16.01 GB) NTFS
Drive e: (Volume) (Fixed) (Total:363.25 GB) (Free:9.94 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5889D043)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=363.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=363.3 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

Lumis 08.12.2016 21:22
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
durchgeführt von Lutz (Administrator) auf LUTZ-PC (08-12-2016 21:17:47)
Gestartet von C:\Users\Lutz\Desktop\Fliegen
Geladene Profile: Lutz & DefaultAppPool (Verfügbare Profile: Lutz & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\Dataplex\NveloSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5296\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8180\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [nveloApp] => C:\Program Files\Dataplex\CacheFilter\nveloApp.exe [117952 2015-01-16] (Windows (R) Win 7 DDK provider)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15112312 2016-02-09] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2013-06-14] (AVM Berlin)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [] => [X]
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [GUSDelayStartup] => C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe [37152 2014-08-20] (Glarysoft Ltd)
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [Amazon Music] => C:\Users\Lutz\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-15] ()
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: L - L:\LaunchU3.exe -a
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {011ac20a-306a-11e0-af04-1c6f654b6b74} - G:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {41c17a89-40af-11e3-b040-000000360200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {41c17a9a-40af-11e3-b040-000000360200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {56da7206-883a-11e3-aa2d-000000880200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {81f25f56-ff05-11df-bc06-1c6f654b6b74} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {85f8dda4-400b-11e3-8dbc-000000210200} - G:\AutoRun.exe
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {ad4bb9f3-7a56-11e0-93ff-1c6f654b6b74} - L:\LaunchU3.exe -a
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\MountPoints2: {ba47202e-d852-11e3-95a1-000000520200} - G:\pushinst.exe
IFEO\acrun.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\acstart.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\arcrepair.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cyberghost.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\cyberghost_6.0.3.2124.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\fileencrypt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\filesplitter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hirezgamesdiagandsupport.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\integrator.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lenovoemcstoragemanager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mediaimpression.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\neosetup_updater.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\originer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoviewer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realconverter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realplay.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\realtrimmer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rnxproc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rpsystray.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sidebar.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\slideshowplayer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\steam.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\unins000.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\wddmstatus.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lutz\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
BootExecute: autocheck autochk *  BootDefrag.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1B090B5E-27DB-4D25-9137-02111A82FE0C}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{B95865FF-C877-44B8-8779-DE6FB2B89925}: [NameServer] 193.189.244.206 193.189.244.225
Tcpip\..\Interfaces\{DF0F7ED1-4D85-4830-BFF3-E2526D9175AB}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E102E7EA-629C-438B-9D5C-E9260B75A44E}: [NameServer] 193.189.244.225 193.189.244.206
Tcpip\..\Interfaces\{F750D2D5-FD48-465B-A44E-C52A3A23968B}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{FD661E04-31D3-47C1-9D98-FFDDC4CED1F5}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {FD6E7837-A203-4098-9FF7-1488A50FF4EB} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151106&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {FD6E7837-A203-4098-9FF7-1488A50FF4EB} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=C011DE0D20151106&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {0048620A-CF1A-4D69-A9C5-5DA83311764F} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {13DA3995-D9D0-4C53-9412-47ECD9BFC808} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {46ACC4B2-2869-44B6-94CA-4A3F5BEE9C04} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {CDF501C7-DA57-4305-B098-33C851941150} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3438443834-875338260-1882614465-1000 -> {E5006287-6B48-45FF-AE9A-99C3E5BED4EE} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-25] (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll [2015-09-15] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxp://dominosrv02.wm-fahrzeugteile.de/dwa85W.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-05-24] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: t3851jul.default
FF ProfilePath: C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3438443834-875338260-1882614465-1000\FireFox [nicht gefunden]
FF ProfilePath: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default [2016-12-08]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\t3851jul.default -> Sichere Suche
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\t3851jul.default -> Sichere Suche
FF Homepage: Mozilla\Firefox\Profiles\t3851jul.default -> hxxp://heise.de/
FF Keyword.URL: Mozilla\Firefox\Profiles\t3851jul.default -> hxxp://badoo.com/startpage/?source=bsb&q=
FF Extension: (ADB Helper) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\adbhelper@mozilla.org [2016-11-03]
FF Extension: (Ghostery) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\firefox@ghostery.com.xpi [2016-11-29]
FF Extension: (Valence) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\fxdevtools-adapters@mozilla.org [2016-05-07]
FF Extension: (HTTPS Everywhere) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\https-everywhere-eff@eff.org.xpi [2016-12-02]
FF Extension: (Mailvelope) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\jid1-AQqSMBYb0a8ADg@jetpack.xpi [2016-12-03]
FF Extension: (Garmin Communicator) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-04-28]
FF Extension: (Google Analytics Opt-out Browser Add-on) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2016-07-29]
FF Extension: (Adblock Plus) - C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-11-10]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\badoo.xml [2012-12-08]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\duckduckgo.xml [2013-08-26]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\englische-ergebnisse.xml [2011-12-19]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\google-images.xml [2014-08-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\google-maps.xml [2014-08-11]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF SearchPlugin: C:\Users\Lutz\AppData\Roaming\Mozilla\Firefox\Profiles\t3851jul.default\searchplugins\webde-suche.xml [2011-12-19]
FF Extension: (Skype extension) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-07-05] [ist nicht signiert]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-10-01] [ist nicht signiert]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 11\pfplugin => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 11\spmplugin3 => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-15] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-08-01] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: (Thunderbird Address Book Synchronisation Extension) - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-07-21] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-05-28] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-13] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-08-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-08-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [Keine Datei]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Keine Datei]
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> D:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2015-09-15] (Perfect World Entertainment Inc)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-03-18] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-07-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.660 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-07-21] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-03-18] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3438443834-875338260-1882614465-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3438443834-875338260-1882614465-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-11-17] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2015-11-20] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2015-11-20] (RealPlayer)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://heise.de/
CHR StartupUrls: Default -> "hxxp://heise.de/"
CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR DefaultSuggestURL: Default -> hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => Keine Datei
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll => Keine Datei
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll => Keine Datei
CHR Plugin: (vShare.tv plug-in) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll => Keine Datei
CHR Plugin: (vShare.tv plug-in) - C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll => Keine Datei
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Keine Datei
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll => Keine Datei
CHR Plugin: (RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => Keine Datei
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => Keine Datei
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll => Keine Datei
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll => Keine Datei
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll => Keine Datei
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll => Keine Datei
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Keine Datei
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Lutz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Keine Datei
CHR Profile: C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default [2016-12-08]
CHR Extension: (OkayFreedom) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd [2015-05-09]
CHR Extension: (YouTube) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google-Suche) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Logitech SetPoint) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2012-12-01]
CHR Extension: (Booking.com for Chrome™) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2015-09-17]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-04]
CHR Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-11-10]
CHR Extension: (AdBlock) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-28]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2016-03-19]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Better Pop Up Blocker) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2012-03-10]
CHR Extension: (Google Mail) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Lutz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-11-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-21]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe -user-agent=Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.22 anonymized by Abelssoft 1449098014

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-19] (Adobe Systems) [Datei ist nicht signiert]
S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S4 ArcService; D:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-09-15] (Perfect World Entertainment Inc)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1863688 2016-05-15] ()
S4 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [76336 2016-11-28] (CyberGhost S.R.L)
S4 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-12-02] (Creative Labs) [Datei ist nicht signiert]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-12-02] (Creative Labs) [Datei ist nicht signiert]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [Datei ist nicht signiert]
S4 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [Datei ist nicht signiert]
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-11-15] (Hi-Rez Studios) [Datei ist nicht signiert]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [Datei ist nicht signiert]
S4 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] ()
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-02-09] (Logitech Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [246112 2013-10-29] ()
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 nveloSvc; C:\Windows\System32\Dataplex\nveloSvc.exe [33984 2015-01-16] (Windows (R) Win 7 DDK provider)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2057736 2015-09-13] (Electronic Arts)
S4 PCloudd; C:\Program Files (x86)\LenovoEMC Storage Manager\pCloudd.exe [221536 2013-03-27] (LenovoEMC Ltd.)
S4 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2015-12-30] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [107832 2015-12-30] ()
S4 QPCopyEngine; C:\Program Files\Iomega\Quikprotect\QpMonitor.exe [458240 2012-09-07] () [Datei ist nicht signiert]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
S4 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-18] (RealNetworks, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] ()
S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4788496 2016-11-25] (AVG Technologies CZ, s.r.o.)
S4 TwonkyMedia; C:\Program Files (x86)\TwonkyMedia\twonkymediaserverwatchdog.exe [512840 2012-02-03] (PacketVideo)
S4 TwonkyWebDav; C:\Program Files (x86)\TwonkyMedia\twonkywebdav.exe [250696 2012-02-03] ()
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [56080 2016-11-25] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [48912 2016-11-25] (AVG Technologies CZ, s.r.o.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-08-23] (Western Digital)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-06-10] (AVM Berlin)
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
S3 DxVGrb; C:\Windows\System32\drivers\DxVGrb.sys [227456 2014-04-08] (Dexetek )
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [44544 2010-04-17] (Fresco Logic)
S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1330656 2013-09-13] (AVM GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-08-08] (Glarysoft Ltd)
R1 GUSBootStartup; C:\Windows\System32\drivers\GUSBootStartup.sys [20672 2014-08-26] (Glarysoft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R0 nvelodiskfltr; C:\Windows\System32\DRIVERS\nvelodiskfltr.sys [299712 2015-01-16] (Windows (R) Win 7 DDK provider)
S0 nvelofsfltr; C:\Windows\System32\DRIVERS\nvelofsfltr.sys [111296 2015-01-16] (Windows (R) Win 7 DDK provider)
R0 nveloportfltr; C:\Windows\System32\DRIVERS\nveloportfltr.sys [25280 2015-01-16] (Windows (R) Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 QsFsFltr; C:\Windows\System32\DRIVERS\QsFsFltr.sys [22584 2012-08-20] (Windows (R) Win 7 DDK provider)
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
S3 SSMO3v2Filter; C:\Windows\System32\drivers\MO3v2Driver.sys [23040 2010-11-22] (Sagatek Co. Ltd.) [Datei ist nicht signiert]
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 utewmzu5; C:\Windows\SysWOW64\Drivers\utewmzu5.sys [7168 2015-11-26] () [Datei ist nicht signiert]
S3 ValFltr; C:\Windows\System32\drivers\ValoFltr.sys [14720 2009-04-10] (ROCCAT Development, Inc.)
R3 vNICdrv; C:\Windows\System32\DRIVERS\vNICdrv.sys [20048 2012-09-09] (Iomega Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 pmem; \??\C:\Users\Lutz\AppData\Local\Temp\_MEI74002\drivers\winpmem64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-08 19:45 - 2016-12-08 19:45 - 00005846 _____ C:\Users\Lutz\Desktop\JRT.txt
2016-12-08 19:41 - 2016-12-08 19:41 - 01631928 _____ (Malwarebytes) C:\Users\Lutz\Desktop\JRT.exe
2016-12-08 19:29 - 2016-12-08 19:36 - 00000000 ____D C:\AdwCleaner
2016-12-08 19:29 - 2016-12-08 19:29 - 03968464 _____ C:\Users\Lutz\Desktop\AdwCleaner_6.040.exe
2016-12-08 19:24 - 2016-12-08 19:24 - 01496584 _____ C:\Users\Lutz\Desktop\McAfee Consumer Product Removal Tool - CHIP-Installer.exe
2016-12-08 02:22 - 2016-12-08 02:27 - 00052004 _____ C:\TDSSKiller.3.1.0.12_08.12.2016_02.22.45_log.txt
2016-12-08 00:05 - 2016-12-08 18:39 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-08 00:05 - 2016-12-08 01:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-08 00:05 - 2016-12-08 00:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-08 00:04 - 2016-12-08 02:20 - 00000000 ____D C:\Users\Lutz\Desktop\mbar
2016-12-08 00:04 - 2016-12-08 01:43 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-07 23:41 - 2016-12-07 23:41 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Lutz\Desktop\tdsskiller.exe
2016-12-07 23:30 - 2016-12-07 23:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Lutz\Desktop\mbar-1.09.3.1001.exe
2016-12-06 22:34 - 2016-12-08 21:17 - 00000000 ____D C:\FRST
2016-12-06 00:51 - 2016-12-06 00:51 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\QuickScan
2016-12-05 19:15 - 2016-12-05 19:15 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-12-05 19:15 - 2016-12-05 19:15 - 00001912 _____ C:\Windows\epplauncher.mif
2016-12-05 19:15 - 2016-12-05 19:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-12-05 19:15 - 2016-12-05 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-12-05 19:14 - 2016-12-05 19:14 - 00000000 ____D C:\Program Files (x86)\Chip Digital GmbH
2016-12-05 19:07 - 2016-12-05 19:09 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\McAfee TechCheck
2016-12-05 19:07 - 2016-12-05 19:09 - 00000000 _____ C:\Users\Lutz\Desktop\iphist.dat
2016-12-05 19:05 - 2016-12-05 19:05 - 03408408 _____ C:\Users\Lutz\Desktop\McAfee_TechCheck.exe
2016-12-05 19:02 - 2016-12-05 19:02 - 01496584 _____ C:\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe
2016-12-02 20:32 - 2016-12-05 20:08 - 00000000 __SHD C:\ProgramData\CPU Temp Monitor Service
2016-12-02 18:33 - 2016-12-02 18:33 - 11451644 _____ C:\Users\Lutz\Desktop\CE2300X.zip
2016-11-30 20:52 - 2016-11-30 20:52 - 00433419 ____N C:\Users\Lutz\Documents\Scan 30.11.2016, 19.14.pdf
2016-11-27 16:19 - 2016-11-27 16:19 - 00417599 _____ C:\Users\Lutz\Desktop\aktuelle-zahlen-zu-asyl-oktober-2016.pdf
2016-11-23 20:53 - 2016-11-23 20:53 - 00001079 _____ C:\Users\Public\Desktop\AntiBrowserSpy.lnk
2016-11-23 20:53 - 2016-11-23 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy
2016-11-23 20:53 - 2016-11-23 20:53 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2016-11-20 11:57 - 2016-11-20 11:57 - 00000222 _____ C:\Users\Lutz\Desktop\Paladins.url
2016-11-19 12:20 - 2016-11-19 13:12 - 00000000 ____D C:\Users\Lutz\Documents\Overwatch
2016-11-19 10:55 - 2016-12-08 20:17 - 00000000 ____D C:\Users\Lutz\AppData\LocalLow\Mozilla
2016-11-13 23:50 - 2016-11-13 23:50 - 00000000 ____D C:\Users\Lutz\.QtWebEngineProcess
2016-11-13 23:50 - 2016-11-13 23:50 - 00000000 ____D C:\Users\Lutz\.EVE
2016-11-13 23:49 - 2016-11-13 23:49 - 00000641 _____ C:\Users\Lutz\Desktop\EVE Launcher.lnk
2016-11-13 23:49 - 2016-11-13 23:49 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE Launcher
2016-11-13 20:28 - 2016-11-13 20:28 - 08974809 _____ C:\Users\Lutz\Desktop\EVE-Online-Einsteiger-Kompendium.pdf

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-12-08 21:17 - 2015-06-08 18:10 - 00000000 ____D C:\Users\Lutz\Desktop\Fliegen
2016-12-08 21:13 - 2014-01-27 18:42 - 00000000 ____D C:\Users\Lutz\AppData\Local\Battle.net
2016-12-08 21:03 - 2014-10-14 15:44 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-08 21:02 - 2012-04-06 09:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-08 19:46 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-08 19:46 - 2009-07-14 05:45 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-08 19:45 - 2009-07-14 18:58 - 32652226 _____ C:\Windows\system32\perfh007.dat
2016-12-08 19:45 - 2009-07-14 18:58 - 10279762 _____ C:\Windows\system32\perfc007.dat
2016-12-08 19:45 - 2009-07-14 06:13 - 00007312 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-08 19:38 - 2010-12-02 19:24 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-08 19:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-08 19:16 - 2016-10-27 18:38 - 00000000 ____D C:\Users\Lutz\Desktop\Planung 2017
2016-12-08 19:16 - 2011-05-13 12:13 - 00000000 ____D C:\Users\Lutz\Documents\Outlook-Dateien
2016-12-08 18:46 - 2015-12-22 20:02 - 00000000 ____D C:\Users\Lutz\AppData\Local\CrashDumps
2016-12-08 18:46 - 2013-11-10 09:41 - 00000000 ____D C:\Users\Lutz\AppData\Local\F87799D3-C920-4E93-B73C-2721F6CBD519.aplzod
2016-12-08 02:33 - 2016-10-30 09:16 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-08 02:22 - 2012-09-18 16:35 - 00000000 ____D C:\Users\Lutz\Desktop\Dateien
2016-12-08 02:01 - 2014-08-16 13:46 - 00000000 ____D C:\Users\Lutz\AppData\Local\Adobe
2016-12-08 01:37 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME
2016-12-08 01:07 - 2011-06-22 14:52 - 00003694 _____ C:\Windows\System32\Tasks\Adobe-Online-Aktualisierungsprogramm
2016-12-08 01:06 - 2014-12-25 10:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-12-07 23:34 - 2015-12-09 17:18 - 00000000 ____D C:\Users\Lutz\Desktop\Planung 2016
2016-12-07 22:29 - 2016-09-20 18:00 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-12-07 20:13 - 2016-04-27 00:12 - 00002209 _____ C:\Users\Lutz\Desktop\Vivaldi.lnk
2016-12-06 11:13 - 2012-04-11 23:27 - 00000058 _____ C:\Users\Lutz\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2016-12-06 10:18 - 2014-08-08 22:27 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize 5.job
2016-12-06 00:59 - 2014-08-08 22:27 - 00002970 _____ C:\Windows\System32\Tasks\GU5SkipUAC
2016-12-06 00:59 - 2014-08-08 22:27 - 00002624 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2016-12-05 22:58 - 2014-08-08 22:27 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-12-05 20:32 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-05 19:56 - 2015-12-30 19:13 - 00002106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-12-05 19:56 - 2015-12-30 19:13 - 00002094 _____ C:\Users\Public\Desktop\Vivaldi.lnk
2016-12-05 19:56 - 2015-12-30 19:13 - 00000000 ____D C:\Program Files\Vivaldi
2016-12-05 19:54 - 2015-12-30 19:13 - 00000000 ____D C:\Users\Lutz\AppData\Local\Vivaldi
2016-12-05 19:14 - 2011-01-31 22:59 - 00000000 ____D C:\Users\Lutz\AppData\Local\Downloaded Installations
2016-12-05 19:08 - 2011-03-23 12:04 - 00000000 ____D C:\Users\Lutz\AppData\Local\Corel
2016-12-05 19:07 - 2011-03-23 12:01 - 00000000 ____D C:\Users\Lutz\Documents\My PSP Files
2016-12-04 21:17 - 2016-03-19 11:59 - 00003380 _____ C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 21:17 - 2016-03-18 22:11 - 00003422 _____ C:\Windows\System32\Tasks\RealDownloader Update Check
2016-12-04 21:17 - 2016-03-18 17:49 - 00003360 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 21:17 - 2016-03-18 17:49 - 00003224 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3438443834-875338260-1882614465-1000
2016-12-04 18:15 - 2011-04-13 00:50 - 00000000 ____D C:\Users\Lutz\.smplayer
2016-12-04 16:12 - 2010-12-02 21:52 - 00000000 ____D C:\Users\Lutz\Documents\Flight Simulator X-Dateien
2016-12-04 12:28 - 2016-09-27 21:29 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-12-04 11:30 - 2016-10-28 23:55 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-12-04 11:18 - 2013-06-08 13:22 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-03 14:02 - 2016-04-14 22:25 - 00003432 _____ C:\Windows\System32\Tasks\NeoSetup Updater
2016-12-02 20:33 - 2012-05-02 20:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-02 20:33 - 2010-12-02 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-02 20:19 - 2016-10-28 23:55 - 00001732 _____ C:\Users\Lutz\Desktop\CyberGhost 6.lnk
2016-12-01 20:01 - 2014-08-08 22:27 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\DiskDefrag
2016-11-30 19:54 - 2012-01-25 12:00 - 00002579 _____ C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-25 13:45 - 2016-02-08 00:48 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\TURegOpt.exe
2016-11-25 13:39 - 2016-02-16 21:39 - 00056080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\uxtuneup.dll
2016-11-25 13:39 - 2016-02-16 21:39 - 00048912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\uxtuneup.dll
2016-11-25 13:39 - 2016-02-08 00:48 - 00044304 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\authuitu.dll
2016-11-25 13:39 - 2016-02-08 00:48 - 00042256 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\SysWOW64\authuitu.dll
2016-11-24 11:10 - 2016-05-03 21:10 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-24 11:10 - 2016-05-03 21:10 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-24 01:21 - 2013-06-30 15:48 - 00000000 ____D C:\Users\Lutz\AppData\Local\Ubisoft Game Launcher
2016-11-23 20:54 - 2016-05-03 21:10 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-23 20:54 - 2016-05-03 21:10 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-23 20:53 - 2014-08-11 15:54 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Abelssoft
2016-11-23 20:53 - 2010-12-03 12:39 - 00000000 ____D C:\Users\Lutz\AppData\Local\Abelssoft
2016-11-23 20:30 - 2016-10-28 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2016-11-20 11:57 - 2012-10-27 23:45 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-17 01:58 - 2010-12-03 18:39 - 00000000 ____D C:\Users\Lutz\AppData\Local\Deployment
2016-11-15 16:29 - 2016-05-03 21:11 - 00002187 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 16:29 - 2016-05-03 21:11 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 23:50 - 2010-12-02 19:09 - 00000000 ____D C:\Users\Lutz
2016-11-13 15:46 - 2013-07-30 22:22 - 00000000 ____D C:\Users\Lutz\AppData\Roaming\vlc
2016-11-13 12:47 - 2012-04-06 09:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-13 12:47 - 2012-04-06 09:32 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-13 12:47 - 2011-11-06 22:32 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-13 12:47 - 2011-05-16 16:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-13 12:47 - 2010-12-02 21:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-10 18:13 - 2015-11-06 16:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-09 20:00 - 2015-12-07 17:10 - 00000000 ____D C:\Program Files\McAfee

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\Clips
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\Cocoa
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\Users\Lutz\AppData\Roaming\ColorSync
2014-12-25 11:12 - 2014-12-25 11:21 - 0000012 ____T () C:\Users\Lutz\AppData\Roaming\Samsung Magician Installer.lockfile
2012-09-11 14:31 - 2012-09-11 15:59 - 11624448 _____ () C:\Users\Lutz\AppData\Roaming\Sandra.mdb
2012-09-11 15:05 - 2012-09-11 15:05 - 0186077 _____ () C:\Users\Lutz\AppData\Local\ars.cache
2012-09-11 15:06 - 2012-09-11 15:06 - 0915999 _____ () C:\Users\Lutz\AppData\Local\census.cache
2012-04-11 23:27 - 2016-12-06 11:13 - 0000058 _____ () C:\Users\Lutz\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2011-06-13 08:00 - 2011-06-13 08:00 - 0000092 _____ () C:\Users\Lutz\AppData\Local\fusioncache.dat
2012-09-11 14:53 - 2012-09-11 14:53 - 0000036 _____ () C:\Users\Lutz\AppData\Local\housecall.guid.cache
2011-07-27 18:45 - 2013-04-07 23:06 - 0007593 _____ () C:\Users\Lutz\AppData\Local\Resmon.ResmonCfg
2013-02-22 15:28 - 2013-02-22 15:28 - 0000011 _____ () C:\ProgramData\.tv6
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Colors
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Comedy Noises
2012-11-28 20:41 - 2012-11-28 20:41 - 0000268 ___RH () C:\ProgramData\Command Line Utility
2011-02-26 19:51 - 2011-02-26 19:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-03-23 12:03 - 2012-08-16 19:01 - 0000900 ___SH () C:\ProgramData\KGyGaAvL.sys
2012-11-28 20:41 - 2012-11-28 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2012-11-28 20:41 - 2012-11-28 20:45 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2012-11-28 20:41 - 2012-11-28 20:41 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Lutz\CGWebInstall (1).exe
C:\Users\Lutz\CGWebInstall.exe


Einige Dateien in TEMP:
====================
C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe
C:\Users\Lutz\AppData\Local\Temp\libeay32.dll
C:\Users\Lutz\AppData\Local\Temp\msvcr120.dll
C:\Users\Lutz\AppData\Local\Temp\ScanBy.dll
C:\Users\Lutz\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-09-19 17:29

==================== Ende von FRST.txt ============================

cosinus 08.12.2016 21:40
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
Task: {1940FF79-2C54-4203-AEA4-AF07AE78A871} - System32\Tasks\{3EE7C121-4A7B-49B0-9D74-44D92D444EA4} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {71A76E68-95C5-4547-82C6-AF23D822412E} - System32\Tasks\{6121CC0B-6581-489E-908C-3F0450821362} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {8FBAD392-F023-4AD8-8256-06BA4AC4D2E8} - System32\Tasks\{41D0D454-F664-4B57-927A-8D7434112D05} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\Temp1_um304x86.zip\um304x86\setup.exe <==== ACHTUNG
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [] => [X]
S4 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
C:\Program Files (x86)\Chip Digital GmbH
C:\Users\Lutz\CGWebInstall (1).exe
C:\Users\Lutz\CGWebInstall.exe
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Lumis 08.12.2016 21:50
Code:
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 07-12-2016
durchgeführt von Lutz (08-12-2016 21:44:40) Run:1
Gestartet von C:\Users\Lutz\Desktop\Fliegen
Geladene Profile: Lutz & DefaultAppPool (Verfügbare Profile: Lutz & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Task: {1940FF79-2C54-4203-AEA4-AF07AE78A871} - System32\Tasks\{3EE7C121-4A7B-49B0-9D74-44D92D444EA4} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {71A76E68-95C5-4547-82C6-AF23D822412E} - System32\Tasks\{6121CC0B-6581-489E-908C-3F0450821362} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\jre-8u111-windows-au.exe -d "C:\Program Files (x86)\Common Files\Java\Java Update" -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {8FBAD392-F023-4AD8-8256-06BA4AC4D2E8} - System32\Tasks\{41D0D454-F664-4B57-927A-8D7434112D05} => pcalua.exe -a C:\Users\Lutz\AppData\Local\Temp\Temp1_um304x86.zip\um304x86\setup.exe <==== ACHTUNG
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\...\Run: [] => [X]
S4 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
C:\Program Files (x86)\Chip Digital GmbH
C:\Users\Lutz\CGWebInstall (1).exe
C:\Users\Lutz\CGWebInstall.exe
emptytemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1940FF79-2C54-4203-AEA4-AF07AE78A871}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1940FF79-2C54-4203-AEA4-AF07AE78A871}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{3EE7C121-4A7B-49B0-9D74-44D92D444EA4} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3EE7C121-4A7B-49B0-9D74-44D92D444EA4}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71A76E68-95C5-4547-82C6-AF23D822412E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A76E68-95C5-4547-82C6-AF23D822412E}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{6121CC0B-6581-489E-908C-3F0450821362} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6121CC0B-6581-489E-908C-3F0450821362}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FBAD392-F023-4AD8-8256-06BA4AC4D2E8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FBAD392-F023-4AD8-8256-06BA4AC4D2E8}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{41D0D454-F664-4B57-927A-8D7434112D05} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{41D0D454-F664-4B57-927A-8D7434112D05}" => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3438443834-875338260-1882614465-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
chip1click => Dienst erfolgreich entfernt
C:\Program Files (x86)\Chip Digital GmbH => erfolgreich verschoben
C:\Users\Lutz\CGWebInstall (1).exe => erfolgreich verschoben
C:\Users\Lutz\CGWebInstall.exe => erfolgreich verschoben

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30713667 B
Java, Flash, Steam htmlcache => 256496405 B
Windows/system/drivers => 2384734 B
Edge => 0 B
Chrome => 41386203 B
Firefox => 442875496 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 88492 B
Public => 0 B
ProgramData => 0 B
systemprofile => 45187056 B
systemprofile32 => 1824169 B
LocalService => 0 B
NetworkService => 6535427 B
Lutz => 122938149 B
UpdatusUser.Lutz-PC => 0 B
UpdatusUser.Lutz-PC => 0 B
DefaultAppPool => 66228 B

RecycleBin => 131565188 B
EmptyTemp: => 1 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:45:03 ====

cosinus 08.12.2016 21:52
Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Lumis 08.12.2016 23:15
Läuft. Danke, dass Du Dir die Zeit nimmst, mir zu helfen, cosinus!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 08.12.2016
Suchlaufzeit: 22:05
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.12.08.14
Rootkit-Datenbank: v2016.11.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lutz

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 426053
Abgelaufene Zeit: 23 Min., 28 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 9
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [935b91532d6ddd59bb555105c2409d63],
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [c72711d3bedc52e47b9af95d778b1ce4],
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE, In Quarantäne, [dc12f2f2bfdb49edc930d676a95a41bf],
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE, In Quarantäne, [e80617cda1f99a9ce69b80b4cf340000],
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, In Quarantäne, [9856677d6634a492e79cef454ab9a957],
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE, In Quarantäne, [b5397f65178355e1df1a490317ec07f9],
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE, In Quarantäne, [16d839abc6d459dd334e45ef7a89a858],
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE, In Quarantäne, [5b93f2f2ddbd58de8cf70d27d1329070],
PUP.Optional.DownloadGuide, HKU\S-1-5-21-3438443834-875338260-1882614465-1000\SOFTWARE\J3S\COMPUTER BILD Account-Alarm, In Quarantäne, [6d8127bd85153df95469670639cab947],

Registrierungswerte: 6
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [dc12f2f2bfdb49edc930d676a95a41bf]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [e80617cda1f99a9ce69b80b4cf340000]
PUP.Optional.IFEO, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [9856677d6634a492e79cef454ab9a957]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CCLEANER64.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [b5397f65178355e1df1a490317ec07f9]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SKYPE.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [16d839abc6d459dd334e45ef7a89a858]
PUP.Optional.IFEO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\STEAM.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", In Quarantäne, [5b93f2f2ddbd58de8cf70d27d1329070]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 3
PUP.Optional.DownloadSponsor, C:\Users\Lutz\Desktop\McAfee Consumer Product Removal Tool - CHIP-Installer.exe, In Quarantäne, [747a1aca5c3e59dde29d029e28d82ed2],
PUP.Optional.DownloadSponsor, C:\$Recycle.Bin\S-1-5-21-3438443834-875338260-1882614465-1000\$R2RIV59.exe, In Quarantäne, [8965d410aaf0ee483847ecb439c72ad6],
PUP.Optional.WinYahoo, C:\Users\Lutz\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, In Quarantäne, [6b836e767327d561f17b88c7c73cf808],

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Nach dem Scan mit MBAM war der PC nicht mehr ansprechbar. Nach dem Neustart, der ewig dauerte, auch nicht. Ich habe irgendwann resettet und dann lief er einigermaßen normal.

cosinus 08.12.2016 23:28
Da wurde aber nur PUP entfernt...:wtf:...mach einfach den Durchgang mit MBAM nochmal

Lumis 08.12.2016 23:53
Bin gerade beim ESET, ich mache den MBAM auch gerne noch einmal. Ich poste aber erst den ESET, wenn er fertig ist. Falls ich das heute noch erlebe. Der ist erst bei 31%.

cosinus 08.12.2016 23:57
ja so isses richtig :daumenhoc

Lumis 09.12.2016 00:27
Und ist immer noch bei 31%...

Danke ;-) Erwarte Ergebnisse bitte erst morgen.

Danke für Deine Arbeit!

Immer noch 31%.

00:28h 09.12.2016

cosinus 09.12.2016 01:24
ESET kann dauern :balla: bitte einfach abwarten :daumenhoc

Lumis 09.12.2016 14:02
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=964a021c94951e41aac77c122e5dd039
# end=init
# utc_time=2016-12-08 10:18:55
# local_time=2016-12-08 11:18:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 31673
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=964a021c94951e41aac77c122e5dd039
# end=updated
# utc_time=2016-12-08 10:23:04
# local_time=2016-12-08 11:23:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=964a021c94951e41aac77c122e5dd039
# end=restart
# utc_time=2016-12-08 11:31:06
# local_time=2016-12-09 12:31:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=freeze
# scanned=110362
# found=0
# cleaned=0
# scan_time=4081
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=964a021c94951e41aac77c122e5dd039
# end=init
# utc_time=2016-12-08 11:39:17
# local_time=2016-12-09 12:39:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 31675
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=964a021c94951e41aac77c122e5dd039
# end=updated
# utc_time=2016-12-08 11:41:09
# local_time=2016-12-09 12:41:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=964a021c94951e41aac77c122e5dd039
# engine=31675
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-12-09 09:58:09
# local_time=2016-12-09 10:58:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=freeze
# scanned=1131258
# found=3
# cleaned=0
# scan_time=37020
sh=70CDF7F103EA90A9E624FD8F26999E66BDCB0999 ft=0 fh=0000000000000000 vn="Variante von Win32/FusionCore.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lutz\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\stub_data\stubinst_pkg_de.cab"
sh=4BB28A5E8D129F015959CE88E99F3917A663C18F ft=1 fh=d62a0000a626a5b5 vn="JS/Adware.OkayFreedom.A Anwendung" ac=I fn="C:\Users\Lutz\AppData\Roaming\Steganos Updates\okayfreedom.exe"
sh=1D51DAAA29BD22A8FD6EA9A8983C35357561099A ft=1 fh=2891040364831c36 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"

cosinus 09.12.2016 14:08
Zitat:
C:\Users\Lutz\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.04\agent\stub_data\stubinst_pkg_de.cab

C:\Users\Lutz\AppData\Roaming\Steganos Updates\okayfreedom.exe
Das brauchst du wofür?


Zitat:
C:\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe
In Zukunft keine Downloads mehr von chip.de!!!

Von chip lädst du in Zukunft besser nix mehr. Die verarschen ihre Kunden aus reiner Profitgier. Siehe auch http://www.trojaner-board.de/168364-...mpfehlung.html und CHIP-Installer - was ist das? - Anleitungen

Lumis 09.12.2016 15:12
Keine Ahnung. Ich brauche das nicht.
Das man bei Chip.de Schädlinge mit runterlädt, ist eine Riesensauerei. Ich dachte, das einzige Ärgernis ist, dass man sich Toolbars einfängt, wenn man nicht dran denkt, die Häkchen zu entfernen.

Mich wundert, dass das Entfernungstool von McAffee nicht auch auftaucht. Das habe ich auch von dort.

Ich werde Chip.de in Zukunft meiden und schon gar nichts runterladen!

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 09.12.2016
Suchlaufzeit: 14:07
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.12.09.14
Rootkit-Datenbank: v2016.11.20.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Lutz

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 426170
Abgelaufene Zeit: 46 Min., 15 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
MBAM sollte ich ja noch einmal durchlaufen lassen. Ist nur seltsam, dass das jetzt mehr als doppelt so lange gedauert hat, wobei der Suchlauf 1/3 kürzer war.

Moin übrigens, Cosinus ;-)

Code:
Results of screen317's Security Check version 1.009 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials       
McAfee Anti-Virus und Anti-Spyware 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 AntiBrowserSpy   
 AVG PC TuneUp 
 TuneUp Utilities Language Pack (de-DE)
 AVG PC TuneUp 
 Java 8 Update 91 
 Java version 32-bit out of Date!
 Adobe Flash Player 23.0.0.207 
 Mozilla Firefox (50.0.2)
 Google Chrome (54.0.2840.87)
 Google Chrome (54.0.2840.99)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Mobile Partner OnlineUpdate ouc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

cosinus 09.12.2016 15:15
Ohje, da ist noch Blödsinn drauf:


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    AntiBrowserSpy
    AVG PC TuneUp
    TuneUp Utilities Language Pack (de-DE)
    AVG PC TuneUp
    Java 8 Update 91

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

cosinus 09.12.2016 15:20
Dann wären wir durch! :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Abschließend müssen wir noch ein paar Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

http://deeprybka.trojaner-board.de/b...ast/schild.png
Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen - sofern benötigt, wenn nicht benötigt natürlich sinnigerweise deinstallieren oder Alternativen verwenden (und diese aktuell halten).
  • Browser (Internet Explorer, Edge, Firefox, Chrome, ...)
  • Java (bitte wirklich nur installieren/installiert lassen wenn unbedingt nötig!)
  • Flash-Player (nach Möglichkeit deinstallieren und HTML5 verwenden siehe zB https://www.youtube.com/html5 )
  • PDF-Reader (nach Möglichkeit nicht den Adobe Reader verwenden)

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE entschieden hast, brauchst du nicht extra MSE zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und/oder mit dem ESET Online Scanner scannen.

Optional:

http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. NoScript kann gerade bei technisch nicht allzu versierten Nutzern beim Surfen zum Nervfaktor werden; ob das Tool geeignet ist, muss jeder selbst mal ausprobieren und dann für sich entscheiden. Alternativen zu NoScript (wenn um das das Verhindern von Usertracking und Werbung auf Webseiten) geht wären da Ghostery oder uBlock. Ghostery ist eine sehr bekannte Erweiterung, die aber auch in Kritik geraten ist, vgl. dazu bitte diesen Thread => Ghostery schleift Werbung durch

http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Lumis 09.12.2016 21:03
Vielen vielen Dank, cosinus für Deine Arbeit und Deine Geduld!

Dir alles Gute,

viele Grüße,

Lumis

Hallo cosinus,

danke für Deine Hinweise hinsichtlich des "Blödsinn", der noch auf meinem System ist.

Was ist denn gegen AVG TuneUp einzuwenden? Ich schätze das sehr, weil ich z.B. Prozesse, die im Zusammenhang mit Programmen auftreten, mit denen derart verknüpfen kann, dass diese mit dem entsprechenden Programm gestartet und auch wieder beendet werden. So habe ich diese nicht ständig in Standby mitlaufen (und mitfunken!), obwohl das Programm gar nicht läuft. Bestes Beispiel: Google Chrome!

Das ein Experte wie Du sich auch anders zu helfen weiß, ist mir klar. Ich aber nicht ;-)

Kann ich TuneUp nicht drauf lassen?

Noch etwas: MSE zeigte mir gerade für 8.12.16 um 0:12h einen erneuten Fund von Neurevt an. Kann ich das ignorieren?
Oder soll ich nochmal das Log posten?

Code:
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\BarLcher.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\MyNewsBar.dll"
2016-12-07T23:10:24.164Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:10:24.182Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:08.876Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{3D4B7F20-CE61-453B-B9F6-BC3ABFDE9F8F}
Scan Source:3
Start Time:12-08-2016 00:19:08
End Time:12-08-2016 00:19:08
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\ii5u9sa5.exe
Result Count:1
Threat Name:VirTool:MSIL/Subti.C
ID:2147696131
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\ii5u9sa5.exe
Extended Info:24632052060652
End Scan
************************************************************

2016-12-07T23:19:08.916Z DETECTIONEVENT VirTool:MSIL/Subti.C file:C:\Users\Lutz\AppData\Local\Temp\ii5u9sa5.exe;
2016-12-07T23:19:08.919Z DETECTION_ADD VirTool:MSIL/Subti.C file:C:\Users\Lutz\AppData\Local\Temp\ii5u9sa5.exe
2016-12-07T23:19:09.514Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:09.868Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1f1fff.
2016-12-07T23:19:10.457Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1f1fff.
2016-12-07T23:19:10.737Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:10.747Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:10.758Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:10.766Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:10.942Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:10.970Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:19:14.349Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T23:19:15.915Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:19:15.918Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:19:17.925Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:19:17.929Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{6D824496-1828-48BE-993B-6355CA510EE7}
Scan Source:3
Start Time:12-08-2016 00:20:42
End Time:12-08-2016 00:20:44
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Extended Info:24631940408518
End Scan
************************************************************

2016-12-07T23:20:44.016Z DETECTIONEVENT Trojan:Win32/Neurevt file:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe;
2016-12-07T23:20:44.017Z DETECTION_ADD Trojan:Win32/Neurevt file:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Begin Resource Scan
Scan ID:{05E66031-2FA2-472A-8947-16099A56AAD8}
Scan Source:6
Start Time:12-08-2016 00:20:47
End Time:12-08-2016 00:20:48
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Extended Info:24631940408518
End Scan
************************************************************

2016-12-07T23:20:50.971Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:20:50.975Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{05429BD2-5887-4697-A677-0237026AB3B8}
Scan Source:6
Start Time:12-08-2016 00:20:48
End Time:12-08-2016 00:21:21
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Result Count:1
Threat Name:Trojan:Win32/Neurevt
ID:2147681664
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Extended Info:24631940408518
End Scan
************************************************************

FileName:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
SHA1:a3210589830de8701c4cbde58828b1f1be9033da
Beginning threat actions
Start time:12-08-2016 00:21:40
Threat Name:Trojan:Win32/Neurevt
Threat ID:2147681664
Action:quarantine
Resource action complete:Quarantine
Schema:file
Path:\\?\C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Threat ID:2147681664
Resource refcount:1
Result:0
File owner:Lutz-PC\Lutz
File cleaned/removed successfully
File Name:C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Lutz\AppData\Local\Temp\aog71egk99q5m9_1.exe
Threat ID:2147681664
Resource refcount:1
Result:0
Finished threat ID:2147681664
Threat result:0
Threat status flags:0
Finished threat actions
End time:12-08-2016 00:21:42
Result:0
2016-12-07T23:21:42.958Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T23:21:44.649Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:21:44.654Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{36D7786E-A495-4373-A56E-949C0A1D3494}
Scan Source:10
Start Time:12-08-2016 00:22:12
End Time:12-08-2016 00:22:12
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:5453167AD695BDDC315F1ECEC73E064F
Result Count:1
Unknown File
Identifier:12927054855264010238
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:5453167AD695BDDC315F1ECEC73E064F
Extended Info:0
End Scan
************************************************************

2016-12-07T23:22:12.846Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:22:13.291Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1f1fff.
2016-12-07T23:22:13.919Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1f1fff.
2016-12-07T23:22:14.208Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:22:15.203Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:22:15.385Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:22:15.405Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:22:15.672Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:22:15.703Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
Begin Resource Scan
Scan ID:{6C420734-151C-496E-B67D-B1BF22F20956}
Scan Source:3
Start Time:12-08-2016 00:22:12
End Time:12-08-2016 00:22:16
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\1e1u1yk7ea.exe
Result Count:1
Threat Name:VirTool:MSIL/Subti.C
ID:2147696131
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Lutz\AppData\Local\Temp\1e1u1yk7ea.exe
Extended Info:24632052060652
End Scan
************************************************************

2016-12-07T23:22:16.063Z DETECTIONEVENT VirTool:MSIL/Subti.C file:C:\Users\Lutz\AppData\Local\Temp\1e1u1yk7ea.exe;
2016-12-07T23:22:16.064Z DETECTION_ADD VirTool:MSIL/Subti.C file:C:\Users\Lutz\AppData\Local\Temp\1e1u1yk7ea.exe
2016-12-07T23:22:16.124Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
Begin Resource Scan
Scan ID:{76B61801-3CC6-4491-B97D-7885D651D36A}
Scan Source:7
Start Time:12-08-2016 00:22:12
End Time:12-08-2016 00:22:12
Explicit resource to scan
Resource Schema:samplefileremediationcheckpoint
Resource Path:5453167AD695BDDC315F1ECEC73E064F
Result Count:1
Unknown File
Identifier:12927054855264010238
Number of Resources:1
Resource Schema:samplefileremediationcheckpoint
Resource Path:5453167AD695BDDC315F1ECEC73E064F
Extended Info:0
End Scan
************************************************************

2016-12-07T23:22:17.280Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T23:22:18.173Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T23:22:19.695Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:22:19.699Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:22:21.705Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-07T23:22:21.708Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\AppData\Local\Temp\DMR\dmr_72.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\detekt.exe"
2016-12-07T23:22:58.214Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\detekt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Pictures\detekt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\LFKJ_AJACCIO_NAPOLEON_BONAPARTE.exe"
Begin Resource Scan
Scan ID:{7CDE184F-1388-452F-8957-EC029444F1BB}
Scan Source:7
Start Time:12-08-2016 00:22:58
End Time:12-08-2016 00:23:03
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Pictures\detekt.exe
Result Count:1
Unknown File
Identifier:18363280350056022014
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Pictures\detekt.exe
Extended Info:631932727217916
End Scan
************************************************************

2016-12-07T23:23:09.764Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T23:23:11.252Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\USERS\LUTZ\Pictures\LFKJ_AJACCIO_NAPOLEON_BONAPARTE.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\i2pinstall_0.9.22_windows.exe"
2016-12-07T23:23:23.822Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\i2pinstall_0.9.22_windows.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Pictures\i2pinstall_0.9.22_windows.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\STANDARD_Codecs_v301.exe"
2016-12-07T23:23:29.915Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\STANDARD_Codecs_v301.exe->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Pictures\STANDARD_Codecs_v301.exe->(nsis-instdata)"
2016-12-07T23:23:30.277Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\USERS\LUTZ\Pictures\STANDARD_Codecs_v301.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=true, resource="\Device\HarddiskVolume2\USERS\LUTZ\Pictures\STANDARD_Codecs_v301.exe->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume2\USERS\LUTZ\Pictures\STANDARD_Codecs_v301.exe->(nsis-instdata)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Pictures\LFKJ_AJACCIO_NAPOLEON_BONAPARTE.exe"
Begin Resource Scan
Scan ID:{E0AA4269-A39A-445A-9DB7-CC1F17D30122}
Scan Source:7
Start Time:12-08-2016 00:23:24
End Time:12-08-2016 00:23:51
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Pictures\i2pinstall_0.9.22_windows.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Pictures\LFKJ_AJACCIO_NAPOLEON_BONAPARTE.exe
Result Count:2
Unknown File
Identifier:1878641916011085822
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Pictures\LFKJ_AJACCIO_NAPOLEON_BONAPARTE.exe
Extended Info:631932727217916
Unknown File
Identifier:2888047006817714174
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Pictures\i2pinstall_0.9.22_windows.exe
Extended Info:631932727217916
End Scan
************************************************************

2016-12-07T23:24:06.640Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T23:30:28.913Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:30:28.928Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:30:28.934Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:30:28.949Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:30:28.967Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:30:28.983Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:30:28.988Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:30:29.003Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon"
Begin Resource Scan
Scan ID:{3F8BA592-29AD-4B0D-8037-3C4B0CD85E6D}
Scan Source:7
Start Time:12-08-2016 00:31:24
End Time:12-08-2016 00:31:45
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon
Extended Info:35872862754823
End Scan
************************************************************

2016-12-07T23:40:22.076Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\bde8cf25c6b3908123b244624d118d2874f6a779
Dynamic Signature Compilation Timestamp:12-08-2016 00:31:18
Persistence Type:Duration
Time remaining:216000000
DSS Timeout:Received results after timeout
2016-12-07T23:40:22.082Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Windows\Installer\{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}\ARPIcon"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DAA37A9A, signame=#Lowfi:RPF:ApiCallsClassifier:90, cached=false, resource="\Device\HarddiskVolume2\ProgramData\MAGIX\Video_deluxe_MX_Plus_Sonderedition\DVD\Wmv_disc\licgen.exe"
2016-12-07T23:42:49.832Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\b1ec522ce82e5561d085b5e36093fa381645c850
Dynamic Signature Compilation Timestamp:12-08-2016 00:42:53
Persistence Type:Duration
Time remaining:216000000
2016-12-07T23:42:49.836Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533169A98, signame=#Lowfi:HSTR:MSIL/Malicious.Decryption.A, cached=false, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\AD3A7507-20DF-64FF-6790-1FD620AA2C3D_1d250c3243c0d15"
2016-12-07T23:46:35.528Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\0f7eb3c15bf4de94cc1a7957b1e34dd24e4420ae
Dynamic Signature Compilation Timestamp:12-08-2016 00:46:38
Persistence Type:Duration
Time remaining:216000000
2016-12-07T23:46:35.533Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=true, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\C7EDD317-BFBE-571D-47FA-CE21D47AB5AF_1d250c54f408f6b"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E1AC4AC07, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\ProgramData\Microsoft\Microsoft Antimalware\Scans\FilesStash\E7972D13-24FF-EC43-B9BD-C89A4618E90A_1d250c2065fda39"
2016-12-07T23:46:36.040Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\56533b1efa5de56e4500f3698a9e480c25af2240
Dynamic Signature Compilation Timestamp:12-08-2016 00:46:39
Persistence Type:Duration
Time remaining:216000000
2016-12-07T23:46:36.043Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-07T23:46:37.199Z [Mini-filter] Restricted access to process 268 from pid: 3160. Original desired access: 0x1fffff.
2016-12-07T23:46:37.212Z [Mini-filter] Restricted access to process 6644 from pid: 3160. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\AppData\Roaming\OpenCandy\OpenCandy_AD5582642C1844999B55681584527910\RealPlayer_p1v2.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\MediathekView__Start.exe"
2016-12-08T00:25:26.220Z Dynamic signature received
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\f344101fa9236331bdd54d6daa24b948cae1aa33
Dynamic Signature Compilation Timestamp:12-08-2016 01:25:28
Persistence Type:Duration
Time remaining:216000000
2016-12-08T00:25:26.225Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\bin\ffmpeg.exe"
2016-12-08T00:25:31.038Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\USERS\LUTZ\DESKTOP\Politik\mediathekview_12\bin\ffmpeg.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\bin\flvstreamer_win32_latest.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Politik\mediathekview_12\bin\ffmpeg.exe"
Dynamic Signature has been received
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\4e2d5551df498610ecc265034b74a2c7bc1cd831
Dynamic Signature Compilation Timestamp:12-08-2016 01:25:36
Persistence Type:Duration
Time remaining:216000000
2016-12-08T00:25:33.854Z Dynamic signature received
2016-12-08T00:25:33.858Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{30C85EC2-FFF3-4FB0-A3F0-5DABF99B47C9}
Scan Source:7
Start Time:12-08-2016 01:25:31
End Time:12-08-2016 01:25:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\bin\ffmpeg.exe
Result Count:1
Unknown File
Identifier:11280041266408062974
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\bin\ffmpeg.exe
Extended Info:631932727217916
End Scan
************************************************************

Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\Portable\MediathekView__Portable.exe"
2016-12-08T00:25:36.461Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\Portable\MediathekView__Portable.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ipv4__Start.exe"
2016-12-08T00:25:37.131Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ipv4__Start.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ohne_Speicher__Start.exe"
2016-12-08T00:25:37.799Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ohne_Speicher__Start.exe"
2016-12-08T00:25:38.135Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00000555F3E8CA56, signame=#Lowfi:AGGR:SoftwareBundler:Win32/Somoto.A, cached=true, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Persist, sigseq=0x000005552753FAB4, signame=#PERSIST:AGGR:SoftwareBundler:Win32/Somoto.A, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Dateien\STANDARD_Codecs_v301.exe.part->(nsis-instdata)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Politik\mediathekview_12\Portable\MediathekView__Portable.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ipv4__Start.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\C:\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ohne_Speicher__Start.exe"
Begin Resource Scan
Scan ID:{6E5164DC-9758-4177-8279-6A9682812486}
Scan Source:7
Start Time:12-08-2016 01:25:52
End Time:12-08-2016 01:25:53
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\Portable\MediathekView__Portable.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ipv4__Start.exe
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ohne_Speicher__Start.exe
Result Count:3
Unknown File
Identifier:2392880450600173566
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ohne_Speicher__Start.exe
Extended Info:631932727217916
Unknown File
Identifier:8880565470470602750
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\Windows\MediathekView__ipv4__Start.exe
Extended Info:631932727217916
Unknown File
Identifier:1394491182108639230
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Lutz\Desktop\Politik\mediathekview_12\Portable\MediathekView__Portable.exe
Extended Info:631932727217916
End Scan
************************************************************

--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-08-2016 01:37:38
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/08/2016 00:37:38.125000000 UTC
2016-12-08T00:37:38.125Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-08T00:37:38.140Z Trace session started - MpWppTracing-12082016-013738-00000003-ffffffff.bin
2016-12-08T00:37:38.140Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-08T00:37:38.234Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 98643
Number of invalid entries is 0
Number of inserts issued is 545184
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 704698
Number of lookup misses is 75796
Number of fast lookup misses is 387301
Number of false fast lookups is 75796
Number of invalidations is 360
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0

2016-12-08T00:37:38.312Z Verifying RTP plugin...
2016-12-08T00:37:38.328Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-08T00:37:38.375Z Loading engine...
2016-12-08T00:37:38.421Z Verifying engine and signature files (source: 1) ...
2016-12-08T00:37:38.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-08T00:37:38.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-08T00:37:38.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-08T00:37:38.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-08T00:37:38.421Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)

2016-12-08T00:37:39.859Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\b986de70ff5a589cc22fc07fa25cc3bd4e9d3761
Dynamic Signature Compilation Timestamp:12-07-2016 17:23:07
Persistence Type:Duration
Time remaining:216000000
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\d00cdd198c0d4069d8dbd15e11ef2e23ca8ab63c
Dynamic Signature Compilation Timestamp:12-07-2016 17:21:55
Persistence Type:Duration
Time remaining:216000000
2016-12-08T00:37:39.875Z Dynamic signature dropped
2016-12-08T00:37:39.890Z Initializing MPUT in engine...
2016-12-08T00:37:39.890Z MPUT initialized in the engine successfully
2016-12-08T00:37:40.156Z CSignatureStatus: back to good
2016-12-08T00:37:40.171Z Initializing RTP plugin state...
2016-12-08T00:37:40.171Z
****************************RTP Perf Log********
Das dürfte der relevante Bereich sein.

Bist Du noch einmal so nett, cosinus?

cosinus 10.12.2016 14:10
Zitat:
Kann ich TuneUp nicht drauf lassen?
TuneUp Software hat sich bisher immer als gefährliches, unnötiges Schlangenöl erwiesen. Siehe http://www.trojaner-board.de/98711-t...utilities.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:32 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129