| |
| |||||||
Log-Analyse und Auswertung: Backdoor Agent kommt immer zum VorscheinWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
28.04.2016, 10:20
| #1 |
 |  Backdoor Agent kommt immer zum Vorschein Hallo, der Backdoor Agent kommt nachdem Malewarebytes durchgelaufen ist und ich alles in Quarantäne geschoben habe, nach wenigen Tagen wieder zum Vorschein. Ich habe heute wieder den Anti Malewarebytes durchlaufen lassen siehe Logfile. Es wäre super wenn mir jemand helfen könnte diesen endgültig den Gar auszumachen.  Hier der Log von heute: Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 28.04.2016 Suchlaufzeit: 10:18 Protokolldatei: Scan Malewarebytes 28_04.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.04.28.02 Rootkit-Datenbank: v2016.04.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Jürgen Werner Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 756941 Abgelaufene Zeit: 40 Min., 37 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.Privoxy, C:\Program Files (x86)\Gamma Task Menager\privoxy.exe, 6244, , [e84af9bb2e6be056c197a1a7ce3643bd] Module: 1 PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\mgwz.dll, , [a191476d8a0f94a2db4416fc63a0fa06], Registrierungsschlüssel: 1 PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE, , [e84af9bb2e6be056c197a1a7ce3643bd], Registrierungswerte: 2 PUP.Optional.Privoxy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PRIVOXYSERVICE|ImagePath, "C:\Program Files (x86)\Gamma Task Menager\privoxy.exe" --service, , [e84af9bb2e6be056c197a1a7ce3643bd] PUM.Optional.ProxyHijacker, HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, , [f83ac6ee7a1ff83eecf10e72f2122cd4] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager, , [a191476d8a0f94a2db4416fc63a0fa06], Dateien: 8 Backdoor.Agent.WD, C:\Users\Jürgen Werner\AppData\Local\Temp\GPUpd5721BD050.exe, , [6cc60ba9930694a22365c35b38c8dc24], PUP.Optional.Privoxy, C:\Program Files (x86)\Gamma Task Menager\privoxy.exe, , [e84af9bb2e6be056c197a1a7ce3643bd], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\config.txt, , [a191476d8a0f94a2db4416fc63a0fa06], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\default.action, , [a191476d8a0f94a2db4416fc63a0fa06], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\default.filter, , [a191476d8a0f94a2db4416fc63a0fa06], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\gtrsecure.exe, , [a191476d8a0f94a2db4416fc63a0fa06], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\mgwz.dll, , [a191476d8a0f94a2db4416fc63a0fa06], PUP.Optional.Privoxy.PrxySvrRST, C:\Program Files (x86)\Gamma Task Menager\privoxy.log, , [a191476d8a0f94a2db4416fc63a0fa06], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) |
|
28.04.2016, 10:37
| #2 |
| /// Malwareteam   | Backdoor Agent kommt immer zum Vorschein Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen. Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
 Schritt: 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Schritt: 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
28.04.2016, 14:48
| #3 |
| | Backdoor Agent kommt immer zum Vorschein Vielen Dank Rafael hier das Log FRST.txt
__________________FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016 durchgeführt von Jürgen Werner (Administrator) auf JÜRGENWERNER-PC (28-04-2016 15:34:02) Gestartet von C:\Users\Jürgen Werner\Desktop Geladene Profile: Jürgen Werner & (Verfügbare Profile: Jürgen Werner & Sabine & Manuela & DefaultAppPool) Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\WINDOWS\System32\atiesrxx.exe (AMD) C:\WINDOWS\System32\atieclxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\WINDOWS\splwow64.exe (Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE (Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\Calculator.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] () HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-08] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation) HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [BingSvc] => C:\Users\Jürgen Werner\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-02] (© 2015 Microsoft Corporation) HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.) HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225" HKU\S-1-5-21-4075896183-1784680247-2664955815-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-4075896183-1784680247-2664955815-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) HKU\S-1-5-21-4075896183-1784680247-2664955815-1004.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-4075896183-1784680247-2664955815-1004.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation) HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation) HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>) ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>) Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-28] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2010-08-23] ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe () Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-04-28] ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.) Startup: C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-12-11] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-29] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{cb9d73b5-0417-40cd-810e-4d2f6230a47a}: [DhcpNameServer] 192.168.178.1 ManualProxies: Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=de-de URLSearchHook: HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 - (Kein Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Keine Datei SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {7CB28F13-130A-4795-95B9-D31DD8CCF23E} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.) BHO-x32: Kein Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> Keine Datei BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies) Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - Keine Datei FireFox: ======== FF ProfilePath: C:\Users\Jürgen Werner\AppData\Roaming\Mozilla\Firefox\Profiles\m961gktu.default-1461248636567 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2010-02-04] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2010-02-04] (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei] FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei] FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4075896183-1784680247-2664955815-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Jürgen Werner\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [2012-03-19] () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-06-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-06-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-06-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-06-02] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-06-02] (Apple Inc.) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-12] [ist nicht signiert] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-04-12] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com => nicht gefunden Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=de-de CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avira Browserschutz) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-02] CHR Extension: (Skype) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-01] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-05] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-08] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-08] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG) R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287712 2015-11-11] () R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [Datei ist nicht signiert] R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [Datei ist nicht signiert] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [Datei ist nicht signiert] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] () R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X] S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.) R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-08] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-08] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-08] (Avira Operations GmbH & Co. KG) S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] () R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-28] (Malwarebytes) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U3 idsvc; kein ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-28 15:34 - 2016-04-28 15:35 - 00030369 _____ C:\Users\Jürgen Werner\Desktop\FRST.txt 2016-04-28 15:33 - 2016-04-28 15:34 - 00000000 ____D C:\FRST 2016-04-28 15:32 - 2016-04-28 15:33 - 02376704 _____ (Farbar) C:\Users\Jürgen Werner\Desktop\FRST64.exe 2016-04-28 15:26 - 2016-04-28 15:26 - 00016148 _____ C:\WINDOWS\system32\JÜRGENWERNER-PC_Jürgen Werner_HistoryPrediction.bin 2016-04-28 11:07 - 2016-04-28 11:07 - 00000000 ___HD C:\OneDriveTemp 2016-04-28 11:00 - 2016-04-28 11:00 - 00002889 _____ C:\Users\Jürgen Werner\Desktop\Scan Malewarebytes 28_04.txt 2016-04-24 11:24 - 2016-04-24 11:24 - 00016148 _____ C:\WINDOWS\system32\JÜRGENWERNER-PC_Manuela_HistoryPrediction.bin 2016-04-22 20:45 - 2016-04-22 20:45 - 00007785 _____ C:\Users\Jürgen Werner\Documents\Michaela 2 Bewerbung.odt 2016-04-22 20:44 - 2016-04-22 20:45 - 00006491 _____ C:\Users\Jürgen Werner\Documents\Michaela Bindlach 1.odt 2016-04-19 21:16 - 2016-04-19 21:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5D380244.sys 2016-04-19 20:17 - 2016-04-19 20:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4AFF5508.sys 2016-04-19 19:55 - 2016-04-19 19:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\27A0441B.sys 2016-04-19 17:59 - 2016-04-19 17:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\42F96BA4.sys 2016-04-19 16:24 - 2016-04-19 16:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\59822276.sys 2016-04-17 09:30 - 2016-04-17 09:32 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.008 2016-04-17 09:30 - 2016-04-17 09:30 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.008\AppData\Local\TileDataLayer 2016-04-17 09:22 - 2016-04-17 09:29 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.007 2016-04-17 09:22 - 2016-04-17 09:22 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.007\AppData\Local\TileDataLayer 2016-04-13 15:08 - 2016-04-13 15:54 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.006\AppData\Local\Packages 2016-04-13 15:08 - 2016-04-13 15:54 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.006 2016-04-12 18:19 - 2016-04-12 18:19 - 00003446 _____ C:\WINDOWS\System32\Tasks\Fenix Defrag Logon 2016-04-12 12:29 - 2016-04-17 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-04-07 18:31 - 2016-04-07 18:31 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-04-02 14:17 - 2016-04-02 14:17 - 00279096 _____ C:\WINDOWS\Minidump\040216-48875-01.dmp ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-04-28 15:36 - 2010-06-28 17:52 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\Skype 2016-04-28 15:31 - 2012-10-22 17:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-04-28 15:26 - 2011-06-12 07:05 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Outlook-Dateien 2016-04-28 15:14 - 2011-05-14 20:19 - 00001158 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-28 11:37 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-28 11:33 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-28 11:10 - 2014-11-08 16:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-28 11:07 - 2015-07-29 11:42 - 00000000 ___RD C:\Users\Jürgen Werner\OneDrive 2016-04-28 11:07 - 2014-06-06 21:27 - 00000000 ___RD C:\Users\Jürgen Werner\CloudStation 2016-04-28 11:04 - 2011-05-14 20:19 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-28 11:03 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-28 11:03 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Registration 2016-04-28 11:03 - 2010-06-28 16:32 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2016-04-28 11:02 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-04-28 09:37 - 2015-11-18 20:18 - 00004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC9AFB74-B68B-4B73-8EE9-23B9B03F69C7} 2016-04-25 18:54 - 2015-09-17 18:35 - 00000000 ____D C:\Users\DefaultAppPool 2016-04-25 18:54 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Sabine 2016-04-25 18:54 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Nicole 2016-04-25 18:54 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-04-25 18:19 - 2013-11-09 20:55 - 00002471 _____ C:\Users\Jürgen Werner\Desktop\Google Chrome.lnk 2016-04-25 17:12 - 2010-08-23 15:49 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\uTorrent 2016-04-25 10:00 - 2010-06-28 17:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-04-25 10:00 - 2010-06-28 17:51 - 00000000 ____D C:\ProgramData\Skype 2016-04-25 09:10 - 2015-07-29 11:42 - 00002460 _____ C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-24 18:24 - 2013-01-03 16:58 - 00000000 ____D C:\Users\Jürgen Werner\Documents\1. Sabine 2016-04-22 11:57 - 2012-03-25 12:47 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8BFD1B50-A937-4064-AB0F-D9F936811448} 2016-04-21 16:24 - 2013-12-23 21:24 - 00000000 ____D C:\Users\Jürgen Werner\Desktop\Alte Firefox-Daten 2016-04-21 16:20 - 2015-07-29 11:31 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\Packages 2016-04-21 11:19 - 2015-09-07 15:25 - 00000000 ____D C:\Users\Manuela\.oracle_jre_usage 2016-04-21 11:17 - 2015-08-21 10:51 - 00000000 ____D C:\Users\Manuela\AppData\Local\Packages 2016-04-19 19:26 - 2015-07-29 10:58 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-19 19:26 - 2015-07-10 18:34 - 00883752 _____ C:\WINDOWS\system32\perfh007.dat 2016-04-19 19:26 - 2015-07-10 18:34 - 00195886 _____ C:\WINDOWS\system32\perfc007.dat 2016-04-19 19:26 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF 2016-04-19 10:18 - 2013-08-19 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-04-19 10:17 - 2014-08-08 13:02 - 00000000 ____D C:\ProgramData\Package Cache 2016-04-18 11:47 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-17 13:46 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Manuela 2016-04-17 09:35 - 2013-03-21 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-04-15 18:01 - 2015-11-03 10:47 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Ergebnisse Tim 2016-04-13 16:03 - 2013-01-14 17:12 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Konfirmation Nicole 5.5.2013 2016-04-12 18:18 - 2015-10-29 11:17 - 00003772 _____ C:\WINDOWS\System32\Tasks\Fenix Defrag 2016-04-12 18:18 - 2015-10-29 11:17 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag 2016-04-12 12:52 - 2014-11-13 15:37 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Briefe 2016-04-10 09:08 - 2011-05-06 20:28 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\ElevatedDiagnostics 2016-04-10 08:10 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Resources 2016-04-10 07:32 - 2014-11-08 16:58 - 00001177 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-04-10 07:32 - 2014-11-08 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-04-10 07:32 - 2014-11-08 16:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-04-08 18:52 - 2015-07-19 10:36 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\JDownloader 2.0 2016-04-07 21:42 - 2013-04-21 21:31 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-04-04 18:22 - 2015-08-30 10:33 - 00000000 ____D C:\Users\Jürgen Werner\Downloads\Neu 2016-04-03 22:14 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Jürgen Werner 2016-04-02 14:29 - 2015-07-10 14:20 - 00415672 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-04-02 14:17 - 2015-08-21 23:09 - 00000000 ____D C:\WINDOWS\Minidump 2016-04-02 14:16 - 2016-03-18 15:27 - 634048721 _____ C:\WINDOWS\MEMORY.DMP 2016-03-30 17:12 - 2014-11-13 15:44 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Passwörter 2016-03-30 09:44 - 2015-06-12 13:38 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\vlc 2016-03-29 18:45 - 2010-06-29 10:49 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Schule ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2015-10-30 11:19 - 2015-10-30 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\47B.tmp 2015-11-04 11:19 - 2015-11-04 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\5792.tmp 2015-10-31 11:19 - 2015-10-31 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\5BC8.tmp 2015-11-03 11:19 - 2015-11-03 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\748B.tmp 2015-11-05 11:19 - 2015-11-05 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\DDF3.tmp 2010-07-29 10:09 - 2010-07-29 10:09 - 0021634 _____ () C:\Users\Jürgen Werner\AppData\Roaming\mdbu.bin 2010-06-28 17:56 - 2010-06-28 17:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2015-12-04 10:51 - 2015-12-04 10:51 - 0000016 _____ () C:\ProgramData\mntemp Einige Dateien in TEMP: ==================== C:\Users\Jürgen Werner\AppData\Local\Temp\avgnt.exe C:\Users\Jürgen Werner\AppData\Local\Temp\gpup_213.exe C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1021.exe C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1025.exe C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1047.exe C:\Users\Jürgen Werner\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Jürgen Werner\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\Jürgen Werner\AppData\Local\Temp\proxy_vole137087492866520834.dll C:\Users\Jürgen Werner\AppData\Local\Temp\ShFolder.Exe C:\Users\Jürgen Werner\AppData\Local\Temp\SkypeSetup.exe C:\Users\Manuela\AppData\Local\Temp\avgnt.exe C:\Users\TEMP.JürgenWerner-PC.001\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert C:\WINDOWS\explorer.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert C:\WINDOWS\system32\services.exe => Datei ist digital signiert C:\WINDOWS\system32\User32.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2016-04-28 11:45 ==================== Ende von FRST.txt ============================ [/CODE] Nun das Addition.txt Log-File Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-04-2016
durchgeführt von Jürgen Werner (2016-04-28 15:36:33)
Gestartet von C:\Users\Jürgen Werner\Desktop
Windows 10 Pro (X64) (2015-07-29 09:30:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4075896183-1784680247-2664955815-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4075896183-1784680247-2664955815-503 - Limited - Disabled)
Gast (S-1-5-21-4075896183-1784680247-2664955815-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4075896183-1784680247-2664955815-1008 - Limited - Enabled)
Jürgen Werner (S-1-5-21-4075896183-1784680247-2664955815-1000 - Administrator - Enabled) => C:\Users\Jürgen Werner
Manuela (S-1-5-21-4075896183-1784680247-2664955815-1005 - Limited - Enabled) => C:\Users\Manuela
Nicole (S-1-5-21-4075896183-1784680247-2664955815-1004 - Limited - Enabled)
Sabine (S-1-5-21-4075896183-1784680247-2664955815-1003 - Administrator - Enabled) => C:\Users\Sabine
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.3 - )
µTorrent (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX710 series Benutzerregistrierung (HKLM-x32\...\Canon MX710 series Benutzerregistrierung) (Version: - )
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version: - )
Canon MX710 series On-screen Manual (HKLM-x32\...\Canon MX710 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.48 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Duden Tipptrainer 2.0 (HKLM-x32\...\{7036A07A-FE2A-4920-A944-19B73D16F106}) (Version: 1.00.0019 - Brockhaus Duden Neue Medien GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Klett Nussknacker 1 (HKLM-x32\...\Klett Nussknacker 1) (Version: - )
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Luka und der verborgene Schatz (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Luka und der verborgene Schatz) (Version: - )
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Opera 10.63 (HKLM-x32\...\{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}) (Version: 10.63 - Opera Software ASA)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SOE Web Installer (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3479 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.0.4062 - Synology, Inc.)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.5.5 - Shark007)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Winsol 1.21 (HKLM-x32\...\Winsol_is1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {005192BB-F9C5-4D3B-A2F0-C25AC19BED92} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {00BCD157-3DF9-4C55-A447-519DA9C55DC8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {03D611F0-6B64-41E7-A11D-5F89676498DA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {04183081-B648-45F0-B19D-FB65560F6F06} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {12EBC4F0-B2D7-4CFE-9AE2-0FCEF0418767} - System32\Tasks\{81FD0B49-60B5-4BB9-8BC1-F74A5A2D544A} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.85.102/de/abandoninstall?page=tsMain
Task: {18FF1DFD-A8D1-45FD-BAF6-2E471F0478D6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1F68C40D-01EA-4D71-99FA-57EACA6DF3C3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {218D8439-DBD1-4677-A983-111705CC1006} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {2BD79C6E-F00A-4BD4-BD9F-88D39B5FCEE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {33502DA4-482E-43BD-9209-E7390EB8AE52} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3A7AD837-C57C-40E9-99A3-E40D152EF64A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {3B21856C-5241-4A43-AC92-9048E18C92C1} - System32\Tasks\{8C3B9BC9-42C8-4E8B-B690-7C0ED752735E} => pcalua.exe -a D:\SetupStarter.exe -d D:\
Task: {3BA52692-592D-4BCC-AD13-A77FA135C526} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3DA9A2AB-5549-42A9-9C43-CDF3D02FDB06} - System32\Tasks\{4203A2F5-75AB-4C8E-9EAD-6B7214E22E6D} => Firefox.exe
Task: {3F5F1837-80D2-4824-9D0C-8554BC177191} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4016516C-9684-41C4-9998-9A686FA4EF55} - System32\Tasks\{5CB1C16A-7983-4CD2-BE2A-4890F0D7871A} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "chrome"
Task: {442392D7-53E8-48F2-95E2-EDAD35CF8439} - System32\Tasks\Common Installer Worker => C:\Program Files (x86)\Common Installer\CommonInstaller.exe [2015-11-03] (Backup Updater)
Task: {44972B6F-3A71-4DE5-834D-C086361D4664} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4ADD0826-A7FA-4D54-9606-40616F55EFA5} - System32\Tasks\{6C3C35A4-33C9-4617-8C3B-337CCBA2B979} => pcalua.exe -a "C:\Users\Jürgen Werner\Downloads\avira_antivir_personal_de.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E59259B-2467-4501-B34E-D21E9586A5A7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6180FF1A-8559-4957-A156-26DF7B53F136} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {67A1A65F-271D-48B0-A6DD-ACE2CDC8CFBF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6BABFEFF-B200-4A77-9F98-A69B701DD07F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {718A2D38-79D1-4ED2-B7EF-C475C9E512E8} - System32\Tasks\{658F2182-BCD9-43D8-9EC3-0B7D8C931F56} => C:\Users\Jürgen Werner\Documents\Microsoft.Office.2010.Professional.Plus.GERMAN.x86.x64\BIE\os_x86\bie_o10install86.exe [2010-05-30] ()
Task: {71B12A1B-D9F1-468A-98F7-508F78869328} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {793EAEFF-9F5F-4E1F-8CB8-E563E01F521D} - System32\Tasks\{90515FD2-42C6-4D88-9B54-BFF02754C6CD} => Firefox.exe
Task: {79EECAA7-5AF9-47C7-8CFC-A545631F9D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {803A6E1B-7D43-4E8B-9D05-28A5A6DA75AB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {81E02735-BDD5-4EB5-9588-FC16789B605F} - System32\Tasks\{4DD48FE3-A6AF-4D91-9226-6F38FD9240D5} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\bin\cloud.exe
Task: {84D31172-764A-4DFD-BE40-F40894F1185B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88C208C8-C628-434D-8B16-CA821173EC0F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8FCADBC1-33BD-4872-8B1E-401AE095693F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {959E6674-6A10-4259-9AAD-2DDEDC85D4EE} - System32\Tasks\{C4B6BBCF-5237-45FB-A98E-2ACFB07F6325} => C:\Users\Jürgen Werner\Documents\Microsoft.Office.2010.Professional.Plus.GERMAN.x86.x64\BIE\os_x86\bie_o10install86.exe [2010-05-30] ()
Task: {980C3DE5-5B70-49F0-9772-7B4F53BF3A25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {A37C7988-9121-4512-8F93-BB1B8DA56B32} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A59A61A3-3068-4F19-9360-04B40D655681} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {A6F8BF39-29BF-4509-B7BB-96C715571DB5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {AC6DD7AF-C261-4DFC-94E3-844E63D4B094} - \Gamma Task Menager Worker -> Keine Datei <==== ACHTUNG
Task: {B04CAB88-2CED-4011-85E1-B710B7C27392} - System32\Tasks\Fenix Defrag => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe [2016-04-12] () <==== ACHTUNG
Task: {B4518264-C23C-411B-AA88-F765FD073927} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B4F8341D-E538-449B-B48A-A0289CED7E50} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B746B3D8-9694-4A29-A29C-F2174F419D86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {B96E4FB4-B6CF-4C9D-B66F-C2D78EA58173} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B9978F61-C8AB-4317-9550-6BADD4309A48} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BAA3D4B9-7A94-4C92-B982-D04075BE56DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C09B9744-E33D-4B27-88AC-AB69F4828F60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C76C7C29-050D-4470-B707-311BD480FCA5} - System32\Tasks\{3A68D0D9-42FD-4087-B861-6AADCADE9676} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-04-08] (Skype Technologies S.A.)
Task: {CC32E716-5634-496E-85A3-6CA68D11D98A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {D2E1D66D-7C23-4A41-ABCC-0B4FCC1360EA} - System32\Tasks\{4D4DB832-D542-4FBF-8A6C-E7EDBF40374E} => Firefox.exe
Task: {D30CB1BB-BD76-452B-B4D0-934FFC3B579E} - System32\Tasks\Fenix Defrag Logon => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe [2016-04-12] ()
Task: {DA943567-04DC-4026-B214-E46EED4D7078} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {DBDDF84B-3696-4814-9167-C7504D0461D3} - System32\Tasks\{8C240E24-0EE7-435B-AE19-B872A71A5675} => Firefox.exe
Task: {DEE2D70C-9743-4DC8-ABDE-D56C6ECDAA3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EB8601AB-5F82-472A-BEA1-8CB2A20E526B} - \Start Registry Reviver -> Keine Datei <==== ACHTUNG
Task: {EC5FF962-1880-4831-AC74-3ACBBE6CDB5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {ED070690-BA39-4999-8303-A04F9FFCB237} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F19AB114-0E55-42D9-9185-458D1EA82142} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FEB5D27E-D4DB-4758-9C0B-D47DA4B02A6F} - System32\Tasks\{417CEE16-CAF5-48C2-9A9C-2B5184BF4554} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "iexplore"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-29 11:51 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 11:55 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-11 09:52 - 2015-11-11 09:52 - 00287712 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2013-04-21 22:36 - 2011-09-06 04:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-05-11 09:12 - 2015-05-11 09:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-10-01 15:34 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-25 09:10 - 2016-04-25 09:10 - 00959176 _____ () C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-08 12:10 - 2013-08-23 14:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2013-10-29 12:57 - 2013-10-29 12:57 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01047552 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll
2015-10-01 15:34 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 15:33 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-09 11:36 - 2015-11-25 06:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 11:36 - 2015-11-25 06:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 11:36 - 2015-11-25 06:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 15:34 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:43 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-04-10 09:30 - 2016-04-10 09:30 - 00472576 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\e8d3ef4b2e696f27353e12629143ce43\VistaBridgeLibrary.ni.dll
2015-12-08 21:25 - 2015-12-08 21:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 03:49 - 2015-11-11 03:49 - 01557160 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2016-01-21 11:37 - 2016-01-21 11:37 - 03563008 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 11:46 - 2015-12-15 11:46 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.19020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2016-04-25 09:10 - 2016-04-25 09:10 - 00679624 _____ () C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2014-06-26 18:51 - 2015-07-21 11:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2014-06-26 18:51 - 2015-07-21 11:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00123918 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01026062 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00524460 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 02949660 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01798570 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00115214 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 03095505 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 21565192 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00712704 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00031744 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00046080 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00032768 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00516608 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00243200 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00431616 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\com -> hxxp://*.Wondershare.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\sony.com -> sony.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4075896183-1784680247-2664955815-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4075896183-1784680247-2664955815-1004.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jürgen Werner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jürgen Werner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Jürgen Werner\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
MSCONFIG\startupreg: SpUninstallCleanUp => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\Run: => "AMD AVT"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ATICustomerCare"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "AMD AVT"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\StartupApproved\Run: => "BingSvc"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{95D95D86-6A2B-4506-BCAA-7FE17E80F0AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D50D9F1B-095B-4FA9-A074-4023F035E6F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AB566753-EEA6-4E86-8F6F-E6019FEB15EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8BC2761-E284-4E29-960B-40FDBE1A2C1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{8FB5921E-16FA-47E3-A02B-4C2FD874A347}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{BAD9D87E-3F95-4C73-87F1-DAA8D5A7E22A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{FB8AC5CD-D373-46FB-ACB6-FB1EB30B668A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{3CEBAFE0-783A-4821-B3EC-2EDDBB24ADCC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{2D9B1C58-BF34-49A1-84E3-19CF30DF06EA}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [TCP Query User{DB71C5CD-6FA0-4CE9-BBCA-EC9C02386F1D}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [{14C7C674-040E-4949-83D6-479678DA47D5}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{E85DF57E-310C-4991-974D-6FE14ADD6573}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{63314D4E-424A-4E0C-BD0F-D8A31571548E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{162B55F8-AD72-468A-9A7D-80D473B2970B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{437D7CC4-8FF0-4589-BC42-4A69875E0590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0A3D4BE9-0D95-4180-96EF-34D26D378719}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC1B1600-5950-4C93-A47B-3A627486369A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AFCF48DE-5BBF-4D6C-80C8-F77E3E9FDD96}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{0099945C-85C2-4625-8F33-C3E6D15B6F87}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{ED449D4B-E0B6-45AA-B594-7A183CC823C2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{81CF9183-58B5-4B3B-BCCF-3BB07C73B538}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3937E7F0-9973-4799-9B81-B8A8E69135D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7583698B-CA63-4917-82E6-91EE379D95BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D156535-CD2E-4DB8-A394-2235C61E5803}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A21CED51-8C40-4172-B71A-6DFF2AC5DA61}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{04E793FE-903C-4AA3-A78B-B874EFD677E3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D508BCE7-136E-4DAB-8D8F-695DE6989D77}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
28-04-2016 13:02:24 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/28/2016 01:02:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/28/2016 01:02:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-4075896183-1784680247-2664955815-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {e15b0720-e3a4-40fd-b3b1-b2bdc53db549}
Error: (04/28/2016 11:07:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JürgenWerner-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/28/2016 11:03:46 AM) (Source: MSMQ) (EventID: 2078) (User: )
Description: Der Message Queuing-Dienst kann nicht gestartet werden. Die Prüfpunktdateien können nicht wiederhergestellt werden. Um den Message Queuing-Dienst ohne Konsistenzverlust zu starten, müssen Sie die beschädigten Prüfpunkt- und Protokolldateien korrigieren oder wiederherstellen. Löschen Sie zum Starten des Dienstes für die Notfallverwendung (mit potenziellen Verlusten der Datenkonsistenz) die Dateien "QMLog", "MQTrans.lg1", "MQTrans.lg2", "MQInSeqs.lg1" und "MQInSeqs.lg2" aus dem Ordner "Msmq\Storage", und fügen Sie den DWORD-Registrierungsschlüssel "HKLM\Software\Microsoft\MSMQ\Parameters\LogDataCreated" mit einem Wert von 0 hinzu. Fehler 0xc00e03f1:
Error: (04/28/2016 11:03:46 AM) (Source: MSMQ) (EventID: 2053) (User: )
Description: Die eingehende Prüfpunktdatei für Sequenzen konnte nicht initialisiert werden. Die Datei "MQInSeqs.lg1" oder "MQInSeqs.lg2" im Ordner "Msmq\Storage" ist beschädigt oder fehlt. Fehler 0xc00e03f1:
Error: (04/28/2016 11:03:46 AM) (Source: MSMQ) (EventID: 2053) (User: )
Description: Die eingehende Prüfpunktdatei für Sequenzen konnte nicht initialisiert werden. Die Datei "MQInSeqs.lg1" oder "MQInSeqs.lg2" im Ordner "Msmq\Storage" ist beschädigt oder fehlt. Fehler 0xc00e03f1:
Error: (04/28/2016 11:03:46 AM) (Source: MSMQ) (EventID: 2053) (User: )
Description: Die eingehende Prüfpunktdatei für Sequenzen konnte nicht initialisiert werden. Die Datei "MQInSeqs.lg1" oder "MQInSeqs.lg2" im Ordner "Msmq\Storage" ist beschädigt oder fehlt. Fehler 0xc00e03f1:
Error: (04/28/2016 09:44:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 10.0.10240.16384, Zeitstempel: 0x559f3a8d
Name des fehlerhaften Moduls: MBAPO64.dll, Version: 1.0.9.0, Zeitstempel: 0x4a0a6138
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000fdf2
ID des fehlerhaften Prozesses: 0xed4
Startzeit der fehlerhaften Anwendung: 0xAUDIODG.EXE0
Pfad der fehlerhaften Anwendung: AUDIODG.EXE1
Pfad des fehlerhaften Moduls: AUDIODG.EXE2
Berichtskennung: AUDIODG.EXE3
Vollständiger Name des fehlerhaften Pakets: AUDIODG.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AUDIODG.EXE5
Error: (04/26/2016 06:44:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_MapsBroker, Version: 10.0.10240.16384, Zeitstempel: 0x559f38cb
Name des fehlerhaften Moduls: MosHostCore.dll, Version: 10.0.10240.16384, Zeitstempel: 0x559f3908
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000096f2
ID des fehlerhaften Prozesses: 0x199c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_MapsBroker0
Pfad der fehlerhaften Anwendung: svchost.exe_MapsBroker1
Pfad des fehlerhaften Moduls: svchost.exe_MapsBroker2
Berichtskennung: svchost.exe_MapsBroker3
Vollständiger Name des fehlerhaften Pakets: svchost.exe_MapsBroker4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe_MapsBroker5
Error: (04/25/2016 10:16:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15313
Systemfehler:
=============
Error: (04/28/2016 11:36:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Get Started
Error: (04/28/2016 11:36:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/28/2016 11:35:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/28/2016 11:35:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/28/2016 11:35:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/28/2016 11:35:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/28/2016 11:35:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/28/2016 11:35:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Xbox
Error: (04/28/2016 11:35:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: Xbox
Error: (04/28/2016 11:35:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Xbox
CodeIntegrity:
===================================
Date: 2016-03-08 08:24:36.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:36.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:36.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:29.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:29.234
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.245
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.109
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:39.336
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:38.963
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) II X4 630 Processor
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 4094.97 MB
Verfügbarer physikalischer RAM: 1747.4 MB
Summe virtueller Speicher: 8190.97 MB
Verfügbarer virtueller Speicher: 5295.89 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:920.43 GB) (Free:602.53 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Warentest) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=920.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
28.04.2016, 15:02
| #4 |
| | Backdoor Agent kommt immer zum Vorschein Hier das LogFile von TDSS 1.Teil Code:
ATTFilter
15:52:54.0961 0x03e4 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
15:53:12.0923 0x03e4 ============================================================
15:53:12.0923 0x03e4 Current date / time: 2016/04/28 15:53:12.0923
15:53:12.0924 0x03e4 SystemInfo:
15:53:12.0924 0x03e4
15:53:12.0924 0x03e4 OS Version: 10.0.10240 ServicePack: 0.0
15:53:12.0924 0x03e4 Product type: Workstation
15:53:12.0924 0x03e4 ComputerName: JÜRGENWERNER-PC
15:53:12.0924 0x03e4 UserName: Jürgen Werner
15:53:12.0924 0x03e4 Windows directory: C:\WINDOWS
15:53:12.0924 0x03e4 System windows directory: C:\WINDOWS
15:53:12.0924 0x03e4 Running under WOW64
15:53:12.0925 0x03e4 Processor architecture: Intel x64
15:53:12.0925 0x03e4 Number of processors: 4
15:53:12.0925 0x03e4 Page size: 0x1000
15:53:12.0925 0x03e4 Boot type: Normal boot
15:53:12.0925 0x03e4 ============================================================
15:53:13.0876 0x03e4 KLMD registered as C:\WINDOWS\system32\drivers\28641302.sys
15:53:14.0126 0x03e4 System UUID: {B18C8593-ABC8-E207-3811-E6037ABACC63}
15:53:15.0231 0x03e4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:53:15.0269 0x03e4 ============================================================
15:53:15.0269 0x03e4 \Device\Harddisk0\DR0:
15:53:15.0269 0x03e4 MBR partitions:
15:53:15.0269 0x03e4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x15F5000
15:53:15.0269 0x03e4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x162C000, BlocksNum 0x730DA5B0
15:53:15.0269 0x03e4 ============================================================
15:53:15.0305 0x03e4 C: <-> \Device\Harddisk0\DR0\Partition2
15:53:15.0305 0x03e4 ============================================================
15:53:15.0306 0x03e4 Initialize success
15:53:15.0306 0x03e4 ============================================================
15:53:54.0360 0x1228 ============================================================
15:53:54.0360 0x1228 Scan started
15:53:54.0360 0x1228 Mode: Manual; SigCheck; TDLFS;
15:53:54.0360 0x1228 ============================================================
15:53:54.0360 0x1228 KSN ping started
15:53:56.0758 0x1228 KSN ping finished: true
15:54:08.0065 0x1228 ================ Scan system memory ========================
15:54:08.0065 0x1228 System memory - ok
15:54:08.0066 0x1228 ================ Scan services =============================
15:54:08.0279 0x1228 [ 22CE801AD25C51E2553F41A076BB0CB2, 0520216417F1619FB642734EC937C59D5E79A24306C1E9B793C82FAE077851E6 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
15:54:08.0470 0x1228 1394ohci - ok
15:54:08.0516 0x1228 [ 2C49A2441EBB24C6ACFB524C1459115F, 0ABACB6F21C41C0297994E61F1BFABB3905AF6B569D0446FE8E174EB9225B8EF ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
15:54:08.0569 0x1228 3ware - ok
15:54:08.0630 0x1228 [ B87D3D07FE6F15328C6860D542F0E2BD, 46CF069EDD7DBFB4DB800BABA3081DAB363DD2CFD724AFF5916D3419F62A3574 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
15:54:08.0723 0x1228 ACPI - ok
15:54:08.0768 0x1228 [ 1E3C4EDBB7F3F668B7205E351010BB79, A3CA12F72836C4F77B671264828B370B9EBA9CD71110E2C0514994760B6B12FF ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
15:54:08.0819 0x1228 acpiex - ok
15:54:08.0839 0x1228 [ 13B1C26AEDCB40082CDD97506F968129, 883442206B4C60AA493E84CC3037B6C1568441E1F43D2B1FCBFD8D87D135D511 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
15:54:08.0883 0x1228 acpipagr - ok
15:54:08.0925 0x1228 [ B3D64FF927D611721DA73A61BF3A18B3, 96B51AFDC3078B5088AAF66F0CF3E07D2FCBBC84A19D309A25DF0A5C6CECB958 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
15:54:08.0979 0x1228 AcpiPmi - ok
15:54:08.0994 0x1228 [ 19F793B2203D94AC1F8AEDB08B494E2E, DC98CCF9935E1F1C32FA88575A9A678B74916EFF48E39A64CF1FF92232F64A52 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
15:54:09.0038 0x1228 acpitime - ok
15:54:09.0148 0x1228 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:54:09.0189 0x1228 AdobeARMservice - ok
15:54:09.0347 0x1228 [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:54:09.0389 0x1228 AdobeFlashPlayerUpdateSvc - ok
15:54:09.0505 0x1228 [ 2A24E10C1A1DE0E0035E353EED494A1C, CBBFA86578BE74CAADDCA923D65E3BFFC57BC17B887936ADE5C6952530546A22 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
15:54:09.0646 0x1228 ADP80XX - ok
15:54:09.0714 0x1228 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2, BBB1FB1A80D9641CB7965A75B8CB8094F0876E9631A93E6BDCC53A016EB48D05 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:54:09.0812 0x1228 AERTFilters - ok
15:54:09.0896 0x1228 [ A3D96563BF46FC8A0E5756B796127D14, BAD3C30714F6514D2AF725077A79FF671CC022E415786E1666C0B7C24CE3670A ] AFD C:\WINDOWS\system32\drivers\afd.sys
15:54:09.0992 0x1228 AFD - ok
15:54:10.0022 0x1228 [ EF09D07626820F7F89519514C17FE768, C3EC1DC163CD5946270ED876CD414889BBF2C586A8AF5DC7825FA5D77001E827 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
15:54:10.0063 0x1228 agp440 - ok
15:54:10.0101 0x1228 [ 8A289EF0721F95267BF2404BABEE146D, E263D258F03DF3BB405D49AE7230C37E7EB8F392FDEE48059C7C1E3709520D35 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
15:54:10.0170 0x1228 ahcache - ok
15:54:10.0212 0x1228 [ C301499987AF909258774AE9DC5778BB, 3ED539C999847116AE9DB9C8C5A34AB09703BAE3018E1EAF6DBC779BB6736F32 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
15:54:10.0263 0x1228 AJRouter - ok
15:54:10.0307 0x1228 [ DD69535D379F9E40AD0D6002887AAA99, 579DD18CE2B264B4058C6069B8AEE6FD9FE6A882B7DA19E300DFE40B37A4E5BE ] ALG C:\WINDOWS\System32\alg.exe
15:54:10.0371 0x1228 ALG - ok
15:54:10.0420 0x1228 [ BBADD85854BFB5D43C60B7AC8EEA3DBA, 968C043ABEA46F5C79525863B3FE2681AC0FA4202036C9EFD20B408DECF407E2 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
15:54:10.0482 0x1228 AMD External Events Utility - ok
15:54:10.0524 0x1228 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\WINDOWS\system32\DRIVERS\amdiox64.sys
15:54:10.0566 0x1228 amdiox64 - ok
15:54:10.0593 0x1228 [ 6763084E8322A4876D1613854640F914, 89EEEB47517A9964FA799821E5E45BDD6009EBDC628D6DADE6A7F03DE7CDA6CD ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
15:54:10.0652 0x1228 AmdK8 - ok
15:54:10.0685 0x1228 [ BE258C17CFD09F4210602105432E784A, FD38B50785206D6E5EADE65396030E18C8B9D993D7225057B0C24F3256BCE2E3 ] amdkmafd C:\WINDOWS\system32\drivers\amdkmafd.sys
15:54:10.0711 0x1228 amdkmafd - ok
15:54:10.0733 0x1228 amdkmdag - ok
15:54:10.0807 0x1228 [ 17BA5C907E14947574CBB788F4CEB85F, EAA3DBF436637C58666A91905E388287FC54334EBB2589A00727EB09AC4870E3 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
15:54:10.0907 0x1228 amdkmdap - ok
15:54:10.0945 0x1228 [ DE29D8AB57AD67D4940CAB4A48B3E230, 4E92AFCD9107573DAB8E65AC6318E4B8851DCCBE17E135DFF8CF5733210B52E6 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
15:54:11.0000 0x1228 AmdPPM - ok
15:54:11.0029 0x1228 [ 4C1F9BBAF5CCD76D4642F3B92B97B454, 514CCAA8B586B1019658BE101046386EB727AD48D7913AEF9A168763E91F0DE5 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
15:54:11.0072 0x1228 amdsata - ok
15:54:11.0113 0x1228 [ F8195C1A15955180DD663E7FF4C2F6DD, F3C0C6B38FB9478217EE25EBDBDF7A18F01B97655BC38373E70E71171705D5E9 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
15:54:11.0172 0x1228 amdsbs - ok
15:54:11.0193 0x1228 [ DD2F5BBCFAC4D8E48DB1A95A7EEBFF08, 619E3106072C6F785144D785C4AFB4C607CAF7ED29AAA4A1411BE262E62B7ADE ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
15:54:11.0231 0x1228 amdxata - ok
15:54:11.0382 0x1228 [ 37CD9EB03B36D8329F96BA921470DB54, 0CD3BFBA51F84D83E3B208D2BED7CE8E91B447B2037014663EC7CB8E5A925201 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:54:11.0485 0x1228 AntiVirMailService - ok
15:54:11.0563 0x1228 [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:54:11.0638 0x1228 AntiVirSchedulerService - ok
15:54:11.0707 0x1228 [ 98C06275DB53A1E70AB8CB94013B20D4, 5DE48C829A66B0F4C8119E75D985D63C1020FA318696BD19E44E0A07CD6F1ED0 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:54:11.0763 0x1228 AntiVirService - ok
15:54:11.0899 0x1228 [ 1F5CC3C23E10290A3FF9CAA74AA30D07, A4F1F3465A5E0A914EE5A4FEF4A6B639956BA04B7145EF68820BC2A15DEE4162 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:54:12.0035 0x1228 AntiVirWebService - ok
15:54:12.0101 0x1228 [ E4AFE476D9F758514A8A571DF6A24372, A37055A2CDB577CC8B76D4B020924A6C68D94166C1C9A64F7C0E9E16692709FC ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
15:54:12.0150 0x1228 AppHostSvc - ok
15:54:12.0180 0x1228 [ 46AAF119090573A80D603745582229ED, 8D7C4AED66DD32A104965DC23D17C0815CD1BE2E3D52375C1A63863664EE174F ] AppID C:\WINDOWS\system32\drivers\appid.sys
15:54:12.0231 0x1228 AppID - ok
15:54:12.0246 0x1228 [ 24315B385F515D6D5476757EAFD62633, CE645397BF43CC54B864A0E4FCB86F76C10B9C2D2482E85DBBE15EF7BF045F17 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
15:54:12.0316 0x1228 AppIDSvc - ok
15:54:12.0340 0x1228 [ 2CE396457D5C18F034D243EC7E159010, DDF588A568DF5EAE058DF315535BD746760363E2242EF8C705F8DCBA2D5DA4A7 ] Appinfo C:\WINDOWS\System32\appinfo.dll
15:54:12.0406 0x1228 Appinfo - ok
15:54:12.0486 0x1228 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:54:12.0510 0x1228 Apple Mobile Device - ok
15:54:12.0536 0x1228 [ 68AF553066C4DAE7D8698322526BDA86, 806A5228D204B18B3B9F88AB87B5918046BE96D1B3AEFEC9331CA7A483547486 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
15:54:12.0608 0x1228 AppMgmt - ok
15:54:12.0672 0x1228 [ A8AC0B8ED134888731D1A1BCEF930FA1, 917D2C99CB28C5F20BA386148B6A93541AEF900A9A99D310D732B501322945E5 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
15:54:12.0811 0x1228 AppReadiness - ok
15:54:12.0990 0x1228 [ D6D96E20079D902243690DCBB007F997, 4E3FAED92F6434D689CCC7AE3A077819BCD2E99D7D2C293563B2E0DCF08CC42F ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
15:54:13.0332 0x1228 AppXSvc - ok
15:54:13.0368 0x1228 [ 0756EECAC010BE449D07502DF27E7701, 6A895CA80050D021DB5E130102F626027339A22673B7C15C51A375C0401F03D2 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
15:54:13.0416 0x1228 arcsas - ok
15:54:13.0553 0x1228 [ BD63768F58666341BE007DAA21B3A063, 1D6112E97042E19E4D916AA22F8AEB7FCC2F36CA45F55049D77042DAF3B8847C ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:54:13.0598 0x1228 aspnet_state - ok
15:54:13.0619 0x1228 [ A5792F971EFE86B7F56EE7299ED1082B, 82DCD15E2C9D8A3EA663941C9CE73020FEEF2F91354D0BB51E8A142AA1E30217 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
15:54:13.0673 0x1228 AsyncMac - ok
15:54:13.0697 0x1228 [ 8921DF6060DB5C7700AA48CB12E9EA08, 8F18841B454CDE4926C50B23F818D00ECE0AE884DB198E396445CB44CB39B2C4 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
15:54:13.0736 0x1228 atapi - ok
15:54:13.0780 0x1228 [ ED3A041014FBBFDC23D6C04F9C7A5D79, A039D8F4C0EA2101898A253E13DFED5FA8500C412ACC47835415E27C9BD068FF ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdW76.sys
15:54:13.0840 0x1228 AtiHDAudioService - ok
15:54:13.0887 0x1228 [ 2D648572BA9A610952FCAFBA1E119C2D, 4CD7E7D3C878DEF8CC18A925EAB1E0E8E8893BE99DA1E1F78FE9AD12EF1C48BC ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
15:54:13.0916 0x1228 AtiHdmiService - ok
15:54:13.0950 0x1228 [ 7C5D273E29DCC5505469B299C6F29163, 206CAB85CE12A3953F0861C811575DC7FD000147436219EEE334584A33370B3A ] AtiPcie C:\WINDOWS\system32\drivers\AtiPcie.sys
15:54:13.0968 0x1228 AtiPcie - ok
15:54:14.0028 0x1228 [ 240FF83DD79546B26F187FAB20F83864, C4DC0159016B4A4630357131E614814C068D07BEA94AAF6393E882A78C9FCA1E ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
15:54:14.0116 0x1228 AudioEndpointBuilder - ok
15:54:14.0227 0x1228 [ 6300722E8527EC54D426FD00EE5196B2, 71376BE797E8F3E2E671167DA400239D5289DE7EE56CF29564C98715B9DB1D09 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
15:54:14.0419 0x1228 Audiosrv - ok
15:54:14.0472 0x1228 [ A692B4E9773CD0BDCE99DEEB0AB5D3AC, 7DE2D61857E98D319D6BF66B12C6450E6C5F299EEB781AFA29473471E9ED504C ] avchv C:\WINDOWS\system32\DRIVERS\avchv.sys
15:54:14.0488 0x1434 Object required for P2P: [ 37CD9EB03B36D8329F96BA921470DB54 ] AntiVirMailService
15:54:14.0524 0x1228 avchv - ok
15:54:14.0558 0x1228 [ 5CF5E80616F74B769AABCF76FEA791D1, CA56643D41DB4E139FE85098DCD67187AAC126CE2414276364A97334E15F9F53 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
15:54:14.0589 0x1228 avgntflt - ok
15:54:14.0617 0x1228 [ 8AC3D6C2E2B0B22E918817A96DA4875E, AE6FB86A09373918DD7FA7E19DA9B2915AAAE6DDF5939245F44B5512E3710E1B ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
15:54:14.0649 0x1228 avipbb - ok
15:54:14.0741 0x1228 [ 8B86696A7030DDBD85B64621BD5B9C44, 9C22C8C5AC39A7138A669A6C4CA9753A6D2F21CFDFB8A1F1A34CB0AFC9DA9F0D ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
15:54:14.0783 0x1228 Avira.ServiceHost - ok
15:54:14.0813 0x1228 [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
15:54:14.0842 0x1228 avkmgr - ok
15:54:14.0866 0x1228 [ 02488D56FE0DB002CE3B1E120A0ED889, 487067731C2CA1BA8A1CF1C403C2342C153E6BE0CE9B003D914D9647059EFDBD ] avnetflt C:\WINDOWS\system32\DRIVERS\avnetflt.sys
15:54:14.0892 0x1228 avnetflt - ok
15:54:14.0941 0x1228 [ 2F7F80543129210CA75995D0DCA488E8, 353E598FF26FA363C02A2B44BA8D7D1ED97B8AC8C69F1B5C5D521BD0D5D5AB94 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
15:54:15.0009 0x1228 AxInstSV - ok
15:54:15.0071 0x1228 [ 00D64E82900E4EC9062805ED87C2D75A, 577110F9A7C6C2C4CF86FFF4F60E23F61623ED325FC950033900A5102754A677 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
15:54:15.0166 0x1228 b06bdrv - ok
15:54:15.0196 0x1228 [ 5164A66EC1565711A7B4CF2F143B4979, DA29F0FB63F3EB2BF92D51FEB4BB7D2B964553D2F634556325953927464CB3A5 ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
15:54:15.0258 0x1228 BasicDisplay - ok
15:54:15.0287 0x1228 [ F4C58BBF2972BD84C73F6A14CA35AC4E, B7A226EB861B63ACF4BF9B5A331ACA6FFC9B787DCCAA7697EEFC4F634508A6D5 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
15:54:15.0331 0x1228 BasicRender - ok
15:54:15.0358 0x1228 [ 25349D0B334E528667980948ED107D89, 70EF9D3B8DCAC6E9720C6F3EBC77392FADC182A6925F9024FE30A21321E0137F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
15:54:15.0381 0x1228 bcmfn2 - ok
15:54:15.0430 0x1228 [ DF78B56EEE6004DEE8CE57763128075E, 5758CAF4B0182F3F2E2508B3BB58B0271F2689808D09675B2753FE373D1D77D2 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
15:54:15.0536 0x1228 BDESVC - ok
15:54:15.0563 0x1228 [ 1E8A9267F8886803AAE02982FC1B5BC4, 655DF84E037BD6E582A6BA89737A4388956219171AF7253D126E54A23F16BE59 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
15:54:15.0620 0x1228 Beep - ok
15:54:15.0713 0x1228 [ 7FAFFFC4C59F5010D6E7CEA152076B92, 945FD6C04E109D4E5A4164BAA9A8120EC85AB809555AAD83E61B9F179F976FD7 ] BFE C:\WINDOWS\System32\bfe.dll
15:54:15.0867 0x1228 BFE - ok
15:54:15.0988 0x1228 [ BD60F5633F6BD617D9ECCA3FFDC0D37E, 2F0DECAEB7096CD628387263381E123C883F483BD87F7F2BA6DEFBB5A184BAA3 ] BITS C:\WINDOWS\System32\qmgr.dll
15:54:16.0206 0x1228 BITS - ok
15:54:16.0288 0x1228 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:54:16.0354 0x1228 Bonjour Service - ok
15:54:16.0380 0x1228 [ C9FD65687EF89715999C582D3E568812, 42BA59A78A47C510CB2AFDC6C6080B33F9F611F84FEE5262DFF16D7633C50EB1 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
15:54:16.0434 0x1228 bowser - ok
15:54:16.0511 0x1228 [ 3A4A543F135DE9A06ABA9DF982D79DD7, ABA165435C27BE15D7EBD3E7D023E295CB7AE2A099DF9E253C78EC45EADD75EA ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
15:54:16.0642 0x1228 BrokerInfrastructure - ok
15:54:16.0695 0x1228 [ B88731761FF66380303BEE550C5ED5B9, 8DB89CEDA511E199527CC7682262D80C7EEE77F92C76A6F9291BC24D1DC31318 ] Browser C:\WINDOWS\System32\browser.dll
15:54:16.0767 0x1228 Browser - ok
15:54:16.0794 0x1228 [ F8DD3B0EAC1EF1D087AE47E5819540AC, 866C951B52E3202AC89552AEA72A45123367199335578F03815E2ED55DA2FDAE ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
15:54:16.0842 0x1228 BthAvrcpTg - ok
15:54:16.0876 0x1228 [ 647E2A425AD43637EAA01096A58B7089, 8F76D024FEBCBA1AC54363133DE1E0DD5B9D696E5E688EFEBC3B79F7F1B9C568 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
15:54:16.0937 0x1228 BthHFEnum - ok
15:54:16.0964 0x1228 [ B95040CAD3434D9EE003065363A0FAFF, D441E0676EA1AE1ABC305732024311CA59715E6763B3D7ADB728DEEFC403E182 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
15:54:17.0009 0x1228 bthhfhid - ok
15:54:17.0075 0x1228 [ F334BF7B0737CEB3B6822631EAD55A87, 4E5AEB1F8E109BA01A5D1CDE2E3C677FF07F2AFE8B195CB5F82AA28816D2060E ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
15:54:17.0157 0x1228 BthHFSrv - ok
15:54:17.0180 0x1228 [ 29AEE352AED4FCD2191436D263D75347, 3D21262EA26BF423BFA4A9146E53F8B036B2A1157DBE91A11C5603AF7A670B6F ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
15:54:17.0230 0x1228 BTHMODEM - ok
15:54:17.0254 0x1228 [ 26DD0127A05B333E36316E6EA9A6AAE2, A2DC4483FF5639EE8DD315AB2989865CA6A6992C578FD7F7D31698A015355941 ] bthserv C:\WINDOWS\system32\bthserv.dll
15:54:17.0310 0x1228 bthserv - ok
15:54:17.0335 0x1228 [ 32B94975BF6F101C27C43E90FF8ABBEB, B5475D9A705894CBFA583D6E9DAF969527A75800E98D0288182BAB2F10136642 ] busenum C:\WINDOWS\System32\drivers\busenum.sys
15:54:17.0364 0x1228 busenum - ok
15:54:17.0403 0x1228 [ 854AF190F55E6D70EC65A85798F896E2, 6D39F9131BE93F934502BA1DB109E7AD35D3987B636F7B32F9C34823DF25746B ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
15:54:17.0466 0x1228 buttonconverter - ok
15:54:17.0494 0x1228 [ A10A1E05A943B10ECE5D57D131B7404D, 71BB816B6841001A4305DF1814926B639265E91895CA5D06284B0970E40CE386 ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
15:54:17.0551 0x1228 CapImg - ok
15:54:17.0598 0x1228 [ F2829DC6D292DCAC5029893BB2E9FEE3, AF2A25722D3BE37BABD1F6668786AAF39E9D6CA18CE8E845E63266E218C64526 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
15:54:17.0654 0x1228 cdfs - ok
15:54:17.0687 0x1228 [ F3A9E38AE23AD4015764AF89E4AE3519, 57ED6AC834177E128720FEC5B5793F35C7C36474E2D787F182B6730933222CC9 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
15:54:17.0770 0x1228 CDPSvc - ok
15:54:17.0781 0x0624 Object required for P2P: [ 6300722E8527EC54D426FD00EE5196B2 ] Audiosrv
15:54:17.0814 0x1228 [ CA160E02F35A61C6F5C681FB4669C519, E6BC66156EE226F16804C4FDC8A60EB15CE6212EAFB9FB841FAC899979E140E2 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
15:54:17.0875 0x1228 cdrom - ok
15:54:17.0900 0x1228 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
15:54:17.0980 0x1228 CertPropSvc - ok
15:54:18.0003 0x1228 [ 60D7D304DF75DFF6A46CF633F583B592, 4141D8D1C6FE829C02053DA91AC6B0628BDEB3322CAAD4AD958190F9D173340E ] circlass C:\WINDOWS\System32\drivers\circlass.sys
15:54:18.0052 0x1228 circlass - ok
15:54:18.0101 0x1228 [ FF9D4BCE19E5D36CB3A845A3286DA6C3, A0E2C38D629359EEC6F8EEC6F92A3E571AEF018BAF259F395DC497ED4827460B ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
15:54:18.0180 0x1228 CLFS - ok
15:54:18.0258 0x1228 [ 5C4648673693724C8D4A1A92E1AA06E6, 5D548241715687BFA52E40B867EF73CB45D01B7F9A9B7F00B92BF2B4C97BE1D0 ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
15:54:18.0366 0x1228 ClipSVC - ok
15:54:18.0443 0x1228 [ 7C30C9D90576CC1C30124458CD6EE1AA, AE9D6BD5ABE9BC374E0469AB2BD5370947BE1BCE6F406591B09DE23E4B09132F ] Cloud Station Drive VSS Service x64 C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
15:54:18.0490 0x1228 Cloud Station Drive VSS Service x64 - ok
15:54:18.0541 0x1228 [ 8EBA63416EC166EBA6EF6D34A505D8C8, 5EB0236ABEA2277B71D9F009DA71934C618606B20BBEC07B8595195E40C12A2B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
15:54:18.0590 0x1228 CmBatt - ok
15:54:18.0663 0x1228 [ 3B64DA873CEA5BEC42570BFF1054A014, 3649B25855CB9BE5BA3B3FEE4221575381FB2D488B8B050B5DD0088386AA0F7B ] CNG C:\WINDOWS\system32\Drivers\cng.sys
15:54:18.0771 0x1228 CNG - ok
15:54:18.0796 0x1228 [ 5EEA0856000F81B3D709BC81B3AA1EF2, C04E4E31D3FC38102BA410D312F58AF848920EE37004A5C306D79229C9B6079A ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
15:54:18.0835 0x1228 cnghwassist - ok
15:54:18.0940 0x1228 [ 74CD3BF688E2B408227FE012A2F2D8ED, CC01AC79CEB9DC94FA5675D66F048928C9968B8944E34F5482A73C14B70EE8A8 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
15:54:18.0986 0x1228 CompositeBus - ok
15:54:19.0000 0x1228 COMSysApp - ok
15:54:19.0023 0x1228 [ D38774D1D383A2CDB9A4F64B7206913B, 6CDDC46D1D431342F00CA537FC327B23B8AA4D513CEEEE61F3E19C77975DF9C8 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
15:54:19.0070 0x1228 condrv - ok
15:54:19.0166 0x1228 [ 8AFDD74F2DC5BAD9B2215FB19DB65240, A2BDDA4C77C63D3D8E9F1D397D7B41EC1BF093A6399C14D311D4D230B5F1E093 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
15:54:19.0286 0x1228 CoreMessagingRegistrar - ok
15:54:19.0351 0x1228 [ 35DB06AACD8AD5999161DA71FF0E16F0, 22AD27811AAD14666ACEF4115447B0CFAA70D1E73923059FB2A9B4C3CBE500A6 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
15:54:19.0407 0x1228 CryptSvc - ok
15:54:19.0465 0x1228 [ 838755238B2BAE5A4802B038443B8A22, 1A89E413C6E5C3E8C2B64F8A1D41271D3FA39BC67291331FEC8DCFD4F8CCE994 ] CSC C:\WINDOWS\system32\drivers\csc.sys
15:54:19.0587 0x1228 CSC - ok
15:54:19.0659 0x1228 [ 7D64B14DAFEBBC19A87EC9D5B862F6AA, BE7510E618566FEA013E2E77CE4C7C160BADE105C493424595A15D0A7F1615CF ] CscService C:\WINDOWS\System32\cscsvc.dll
15:54:19.0802 0x1228 CscService - ok
15:54:19.0829 0x1228 [ F038EAF73AAB72A4A89185A5A7B9FD75, 8213A60B3BEAFC1C554C5D049DFE3C6E44CEFE639EDD6A335AC18A9DAEDA2D4B ] dam C:\WINDOWS\system32\drivers\dam.sys
15:54:19.0870 0x1228 dam - ok
15:54:19.0980 0x1228 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
15:54:20.0136 0x1228 DcomLaunch - ok
15:54:20.0174 0x1228 [ 0605AB12BF1856DF21AB708F28EA91CF, 3A6A7F8F84044DC1EA490A007E6DBC52203BA237ECF1B845961D9BB95E9BF8C8 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
15:54:20.0267 0x1228 DcpSvc - ok
15:54:20.0318 0x1228 [ BABB7BB5AD3CECFF466E6080F43CFC58, 1B8FF66557EC4C749156ED6DACC4D61D5DC4E25DD58F6DB3713C356214B80FDA ] defragsvc C:\WINDOWS\System32\defragsvc.dll
15:54:20.0444 0x1228 defragsvc - ok
15:54:20.0496 0x1228 [ 63C9464B165D31ACC46B6B089AB36B41, DE38DE4E6331D07630B63224F8014C27368C29791EDB58CC5DAE7CBACD37160A ] DeviceAssociationService C:\WINDOWS\system32\das.dll
15:54:20.0611 0x1228 DeviceAssociationService - ok
15:54:20.0635 0x1228 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
15:54:20.0718 0x1228 DeviceInstall - ok
15:54:20.0741 0x1228 [ CF3895DD260ADE05BC91D8FBE0A82907, D7D8A29E873BE5C3832C9264F0165F6CD50D42ED0E04B0FCF07F054793092334 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
15:54:20.0794 0x1228 DevQueryBroker - ok
15:54:20.0845 0x1228 [ 55D5C5B0B9F9B65BD452136A384E6EAC, A50530EDF3B7BAF39686E97379E9148D8678FE105207A0B5BD437C32E18E030A ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
15:54:20.0917 0x1228 Dfsc - ok
15:54:20.0954 0x1228 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:54:20.0985 0x1228 dg_ssudbus - ok
15:54:21.0033 0x1228 [ E59C209F1F633C1AEAF151B2CA46BBAA, 6A4DA927418B56A228CC8D9DFA3351B2B53A9328F5C56C10F0C7B19974B2ED89 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
15:54:21.0136 0x1228 Dhcp - ok
15:54:21.0214 0x1228 [ 95AA7877FD4161BFBC8493F9279B1901, F6B7DF75D763A89901BD12454BEF92D161B392F721B8568505073929D9F419BD ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
15:54:21.0259 0x1228 diagnosticshub.standardcollector.service - ok
15:54:21.0397 0x1228 [ 28257B48DCBE3A193FFC41CF59CE293F, 89EA2E2F4A3D0238750C97FEBEF27B5DCD896127A20C5FE859B1705BDCC1F6A6 ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
15:54:21.0616 0x1228 DiagTrack - ok
15:54:21.0656 0x1228 [ FDCD449AE9E75D7690593D16ADAF4DB4, 3366C4BDB031EB525F85850E903C46802A2AC762C0772C6F6E543DDA4AF1E9D5 ] disk C:\WINDOWS\system32\drivers\disk.sys
15:54:21.0702 0x1228 disk - ok
15:54:21.0759 0x1228 [ 43A1B8B43CA4E213E0FD920F2FD6BCBA, 839C6047FD6EA951538209C30C9D8AE68F9B47A58DA151D071C03408250B0ECD ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
15:54:21.0851 0x1228 DmEnrollmentSvc - ok
15:54:21.0872 0x1228 [ F10A8F6D036CEDD14A5471782C52F041, E0DA3C4F76DBBEAED549375E57819F8825B33A118F7674D417D294054863F648 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
15:54:21.0916 0x1228 dmvsc - ok
15:54:21.0963 0x1228 [ 7228733177F673B4D51BD1AA082D47C1, DBE155CDCFAA7C32407A207F637F252FA0CE30F1DE7E7DBEC42DB37FADB5BFA7 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
15:54:22.0033 0x1228 dmwappushservice - ok
15:54:22.0075 0x1228 [ 592E41B3C11CA12203D3708AD8FC3D37, 6C69D5D603FBF038C069EDDCE29F7C6A60CAAE58B985AB218E1497F2BA934D42 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
15:54:22.0153 0x1228 Dnscache - ok
15:54:22.0235 0x1228 [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
15:54:22.0277 0x1228 DockLoginService - detected UnsignedFile.Multi.Generic ( 1 )
15:54:24.0716 0x1228 Detect skipped due to KSN trusted
15:54:24.0716 0x1228 DockLoginService - ok
15:54:24.0774 0x1228 [ 6184C7A2F12625C108AEFD3A43429967, 689153F319BB1013FF60F71317E8380A6945EEE8141EDBDD6B185A966E23BB93 ] dot3svc C:\WINDOWS\System32\dot3svc.dll
15:54:24.0870 0x1228 dot3svc - ok
15:54:24.0925 0x1228 [ A616D8297C1BEA690BBC796736A7A78D, 9365470F4609606410AD79D98E1E77D815DC7C5AA924FB639FCF713EE8EDEA76 ] DPS C:\WINDOWS\system32\dps.dll
15:54:24.0989 0x1228 DPS - ok
15:54:25.0048 0x1228 [ 45771610FF181434073B5A0A00F20F8D, 6A17DB09AA6D021F000F7315317235E1FCF41FD58EA7DF81A7C9F5A6DE999984 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
15:54:25.0087 0x1228 drmkaud - ok
15:54:25.0127 0x1228 [ 00D9A948FB7344C62CEBED88E50EE39A, EF33FE7FB34DE571F3956C1F7AC8EFAA25BFD9F3AFA3ECD25DD34C5890873245 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
15:54:25.0210 0x1228 DsmSvc - ok
15:54:25.0267 0x1228 [ D920A8B070A9BA5C9DEFC3BA7C3883B5, 8EA05CDE58930EB16B4B502561AF2DB5229658FDC1948A9A8F249A7402C21398 ] DsSvc C:\WINDOWS\System32\DsSvc.dll
15:54:25.0330 0x1228 DsSvc - ok
15:54:25.0508 0x1228 [ 89C9C3745F270EF93988DA57BC6AA62B, 947886F3121919427BDCB123C6FC28E29CA73D427E92025E1BEAA743D27306D3 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
15:54:25.0728 0x1228 DXGKrnl - ok
15:54:25.0772 0x1228 [ 6E36BDBB46DF7F865D0DD30663AE3891, 98967B01EA450AD4D5FE8085F710359C022D783B839A51BD4A266718156B01EB ] Eaphost C:\WINDOWS\System32\eapsvc.dll
15:54:25.0837 0x1228 Eaphost - ok
15:54:26.0105 0x1228 [ 3070013B01EDA42C7EB67D731340C396, C083CA05650750876E70CB6AB51D5C047C06098C2ED86B083A74C97830247BFC ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
15:54:26.0572 0x1228 ebdrv - ok
15:54:26.0606 0x1228 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] EFS C:\WINDOWS\System32\lsass.exe
15:54:26.0654 0x1228 EFS - ok
15:54:26.0682 0x1228 [ 59EE187E333EE9914DD9BEA5F4E0D85D, E34BB8075E38FC6AEC056323C6E3B5B4E7041EE6F4D51699B706DEEA18BDB911 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
15:54:26.0724 0x1228 EhStorClass - ok
15:54:26.0751 0x1228 [ 9297F1CC486F24BDFD2874156AC5430F, 1AF8689ADE4E658FC9418F7886B6C19F7D005EAB2AEF9B0E14FC81C61A74CECF ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
15:54:26.0798 0x1228 EhStorTcgDrv - ok
15:54:26.0840 0x1228 [ 9E8FF6B95FD420FA9E40BE548E5C8D92, 8825B81418335D03CFAADB792C1466023C459BE489ACACBD6686FFB544F22D30 ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
15:54:26.0908 0x1228 embeddedmode - ok
15:54:26.0945 0x1228 [ DC2F91EAE9A28FA8C6610A9B7701B70D, 480DB509BF944AAC3617594F1245B4603069DE39186BC1FA7EDB8E0536B05E79 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
15:54:27.0034 0x1228 EntAppSvc - ok
15:54:27.0060 0x1228 [ F7FCCA6300485EF60CEA6D991D6C8C78, 24080D80CF1FD678DF4C9CAE70F65F8D9232F5F6A6F2B73A77B5E3C91E6505F3 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
15:54:27.0102 0x1228 ErrDev - ok
15:54:27.0178 0x1228 [ 2093F65AA84478E28C8E9D05BC413845, 086D4E0D4B993F4041AA8A9DCBEEDB53BD05B88E2BEFB218837FB10FACDF4233 ] EventSystem C:\WINDOWS\system32\es.dll
15:54:27.0294 0x1228 EventSystem - ok
15:54:27.0343 0x1228 [ DCCDC3F35F0618692117DF90800A4284, B636B2A39AE89A9C2CDE17EC52DA669DA8AA9E2B04CA5CA19926DA8009655244 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
15:54:27.0432 0x1228 exfat - ok
15:54:27.0486 0x1228 Fabs - ok
15:54:27.0549 0x1228 [ 5A1C6AFFF6946C5C21A27AE05084C0D1, 558CB87E596E85182F6976F215EE0E35F57BF901409A2805E6A3C29D8984B048 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
15:54:27.0620 0x1228 fastfat - ok
15:54:27.0704 0x1228 [ 046FC9CF53A91E2FBA498CA7B0C3B028, BCFB06DF53065706DD6287E8C47BF5047F8A1E33981E1881E6ED7510337F5BC8 ] Fax C:\WINDOWS\system32\fxssvc.exe
15:54:27.0840 0x1228 Fax - ok
15:54:27.0896 0x1228 [ 4E4B7D935DBF522B2F23D3573596181D, 9D0EC9F65920EE0FFFB2D49C58E4D5151C8CEEB7AA82543D226E4B84EEE4B3F0 ] fcvsc C:\WINDOWS\System32\drivers\fcvsc.sys
15:54:27.0940 0x1228 fcvsc - ok
15:54:27.0962 0x1228 [ 583EB1C7690E361213BBD0472155128B, 5F5871490A6DAC4A824F4428941AC86FBFA9AA349B99B5D9544E5D62EB459FA8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
15:54:28.0010 0x1228 fdc - ok
15:54:28.0049 0x1228 [ 94B1A46EDD335F0C54C7BDAFC43348E6, 58073D58D0BE7389C2A4736AFE108835E5AE9C9950FF630644F585C99B964043 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
15:54:28.0112 0x1228 fdPHost - ok
15:54:28.0128 0x1228 [ BC855BB7DFE06F27F78E0EB2A8CCB70D, D16C3DAB99C16B077BA5DA5E9E0646B0B9237B00ABAE867D9F81A2D072D583B1 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
15:54:28.0195 0x1228 FDResPub - ok
15:54:28.0221 0x1228 [ F1125F20D56F28DDCD1A6F3E81EB4F5F, A6620ECCB15FAA70E4A43ADA4CE82CF97D708B6FA07F3FAED276359E7F92FD0F ] fhsvc C:\WINDOWS\system32\fhsvc.dll
15:54:28.0296 0x1228 fhsvc - ok
15:54:28.0317 0x1228 [ CDFD81CACE0E11596A3BB61EC4CF6467, 569FA86A215B054131AA9AFEECFEE7FD7143DCFFE275B84196004AEA538B2476 ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
15:54:28.0369 0x1228 FileCrypt - ok
15:54:28.0396 0x1228 [ 3F02FEDAE894CBF4BAADDF8C8E1D53A8, DA32ABB1CDA867B8456C46F8581FA7F3A8D8B89D9F6E7422F51941D5FFA15B13 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
15:54:28.0439 0x1228 FileInfo - ok
15:54:28.0464 0x1228 [ 2824933386E30DE5BA089DF539CE19A3, 7B33E514576C68B444AE99CBA1360EBFAE8A46EEE5C01F4EE4CF471A712AB148 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
15:54:28.0525 0x1228 Filetrace - ok
15:54:28.0782 0x1228 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:54:29.0230 0x1228 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
15:54:31.0669 0x1228 Detect skipped due to KSN trusted
15:54:31.0670 0x1228 FirebirdServerMAGIXInstance - ok
15:54:31.0701 0x1228 [ 6A598249640F8BEDD79EC73917E1664F, A675238EA19E6632CDEB4EEFF7CF509EAAEF76AD8DFD247664E5607555D9CEE1 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
15:54:31.0749 0x1228 flpydisk - ok
15:54:31.0798 0x1228 [ 44B6A6832134DF651E887E941478CA35, FCF4EB726D00F5A17DD66C81CFDA49427281C94CF9CA2008397D591AEA61AE05 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
15:54:31.0878 0x1228 FltMgr - ok
15:54:32.0017 0x1228 [ C197284A9D565A38497733AF2BDFA111, C6615AF0D366C2DD6D431B073901EED02D49AA3F252230735DBB52A90BCFA833 ] FontCache C:\WINDOWS\system32\FntCache.dll
15:54:32.0291 0x1228 FontCache - ok
15:54:32.0374 0x1228 [ 109AACC7FB0170535F71491F673AFD38, 212B6761ABBAC29993DA0A47C3DDE8074EA9E5A8FFA8FF6EAB95AC69D8FDD5A0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:54:32.0408 0x1228 FontCache3.0.0.0 - ok
15:54:32.0424 0x1228 [ 3F3B9E8CECD5604BC7746EF3A852EB67, 51AF62A9563379266C0C873E82F55427900032DFD7AC3EBDCDF77F8F8DE91A5D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
15:54:32.0467 0x1228 FsDepends - ok
15:54:32.0493 0x1228 [ A60583221C7BB7CEC35C63285A297BE1, 3C842FBEAD1FA2BD8D37B2B0E8EDF77F4F50508C56FB25DFA81DE9679090D51D ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:54:32.0531 0x1228 Fs_Rec - ok
15:54:32.0612 0x1228 [ F7101D3B4E00800E6CEE69F9795B7B62, FB6F7119D3977D4E8C4D2C5BA87CBE9F56F54AF5622DC0D07E042449C17C959F ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
15:54:32.0716 0x1228 fvevol - ok
15:54:32.0748 0x1228 [ 0DAAE3EFCE00133AB3E383A36C47CDAF, 9145665F4F0575F951803AAFAA1A7DC0FAA35430CAE7D90E902074D60D6F4C62 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
15:54:32.0790 0x1228 gagp30kx - ok
15:54:32.0828 0x1228 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:54:32.0851 0x1228 GEARAspiWDM - ok
15:54:32.0875 0x1228 [ F59155B95D01C08F9ED774B626B504A1, EF0FCF35AD9CD5E5D695F0C064244D2B327E7FB10FD7CBB0586253EC75562918 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
15:54:32.0917 0x1228 gencounter - ok
15:54:32.0937 0x1228 [ AE24452F55C6F1784CBD7489D0CDDB02, 4E13C51CBF30A8662B1180AC74E968CFC428B6EA7931F09357E7D120063D4823 ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
15:54:32.0989 0x1228 genericusbfn - ok
15:54:33.0061 0x1228 [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
15:54:33.0080 0x1228 GoToAssist - ok
15:54:33.0116 0x1228 [ 96F0D3A583A91B634EE2AC2507356EDC, 43D2575F33D28F61C13D2DCF358BFA9DCEAE276C83152DBE7AE2020A66929CD9 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
15:54:33.0167 0x1228 GPIOClx0101 - ok
15:54:33.0297 0x1228 [ E50CE978F571B900D9A7E2F1C5BCC070, EA14873A5F1B700D7CDBE55B9D214DC457262866A90D80B3E8325A8EB7932CE7 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
15:54:33.0528 0x1228 gpsvc - ok
15:54:33.0568 0x1228 [ 7BF844D362EB746BC7A6DC3F57FA3E32, C07007CF6A0A2BA953FC40A5031931131CC953A8CF3B5AFA86C8811F9C4D43C4 ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
15:54:33.0609 0x1228 GpuEnergyDrv - ok
15:54:33.0647 0x1228 gupdate - ok
15:54:33.0655 0x1228 gupdatem - ok
15:54:33.0682 0x1228 [ 27E248CD861AFED4DF0C48F4C853E7F0, 37BEA5E9D8ACAA871A441766B5FDD32A1091C0CB8B34DFA15596AD827C5EF1A4 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
15:54:33.0741 0x1228 HDAudBus - ok
15:54:33.0767 0x1228 [ D5A57EF4822A0388352FFF9F5CD53495, 509F365386859157E9078821FAA56D2A3C0BA296CA129E0D42453428A14687A5 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
15:54:33.0810 0x1228 HidBatt - ok
15:54:33.0843 0x1228 [ 39575B53EB80C77FF2A3F1449D00B7F5, 37E66B38BACE00AFEF7093F990A234399D8451A9D2C2C8CBECAB69C664E63EA6 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
15:54:33.0907 0x1228 HidBth - ok
15:54:33.0932 0x1228 [ 35C3B602664116E737FF729F9A7156AD, 7A3C5CAD716E819CC53405971F3ACD135BCF023EC2228C1095E2116BCC384E62 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
15:54:33.0977 0x1228 hidi2c - ok
15:54:34.0002 0x1228 [ C4ABE526BBF2A18E8AF70177FBAD9C6E, 4DA06B563A08AC15D949F4599F73F172B3BFCB5D23B34240D1E2114438A11929 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
15:54:34.0045 0x1228 hidinterrupt - ok
15:54:34.0069 0x1228 [ 348416C7D7EB05BC3099FE2F2B27985C, F30E8682E9DD731A1AD7328FB8A48A2BB7D6E52780AE1FDE839D26E84B4FA7B5 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
15:54:34.0116 0x1228 HidIr - ok
15:54:34.0138 0x1228 [ 5576DF399CF2D3B63608F7F282151249, 04939E79B8B8035547CE6FFE9001252CA810BAD46D8DB75FF5C13EB10EEB5C57 ] hidserv C:\WINDOWS\system32\hidserv.dll
15:54:34.0188 0x1228 hidserv - ok
15:54:34.0209 0x1228 [ 01F732724AF6EFE69886DA95A4E51820, E048A480F9396418BDE9659596E7EDA5FF97D3CE029D186048609B47575BEAE1 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
15:54:34.0258 0x1228 HidUsb - ok
15:54:34.0316 0x1228 [ 7433A8D28EE11A661C7A45AF28BA7987, 8A73DB423924E84CD3629BF6C7298CD093D2437B73B3F4520D39330923DDA2D6 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
15:54:34.0416 0x1228 HomeGroupListener - ok
15:54:34.0484 0x1228 [ 3FDBFBE5AE639996EB8D482C16BA7EA9, 7E48304818AABB4C5B0CB7FD32D96D6F90F4180AB0F668A2FE653A7097A40673 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
15:54:34.0503 0x1434 Object send P2P result: false
15:54:34.0589 0x1228 HomeGroupProvider - ok
15:54:34.0616 0x1228 [ 3844CE7DD23530CAD59D8CABA57CCB05, A44BB60686A0E98FF370D9DED5B32C3F34F0352ACFA3B3052BA4023922B53DB7 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
15:54:34.0657 0x1228 HpSAMD - ok
15:54:34.0750 0x1228 [ CA6EADBB8731CA27BDA4037BF290AC14, 31EC9397D55D4EEC416AD722134E2D6B5D14E46D2150CB94889C4BFDAACBF421 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
15:54:34.0891 0x1228 HTTP - ok
15:54:34.0919 0x1228 [ 8841D927EB1F7FFC8B1805BC0CF190ED, B063E686380EEF582CF736E33751812F0041C593C7F30EE97D13DEDC9B246AB5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
15:54:34.0959 0x1228 hwpolicy - ok
15:54:34.0992 0x1228 [ 53436C3835E80F4421652A67F44D6313, 8731091945A839713348DF3060A4C96033874E2B3DC7E099BEEC8C65B07F98CF ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
15:54:35.0041 0x1228 hyperkbd - ok
15:54:35.0061 0x1228 [ B2DC6C2F313EBB967B556B4E73A75451, B1816A0AE15705F0325F167EA76166779607D6086EC36A4A960E3BA47B4EBC4B ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
15:54:35.0106 0x1228 HyperVideo - ok
15:54:35.0130 0x1228 [ D4CDEE4A62BDFFF6E8558A9552148EA7, 55306786CB45082AE374937EBA256FF9CD640BB2E8C19DC6C704489D4743F5CC ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
15:54:35.0191 0x1228 i8042prt - ok
15:54:35.0218 0x1228 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
15:54:35.0262 0x1228 iaLPSSi_GPIO - ok
15:54:35.0288 0x1228 [ F1DF87463AC308047B089E9F0456B4C8, DFFF3C63D3124C2B879B888104042406FE326D4E7C8C1881A269BD4287B9CD33 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
15:54:35.0321 0x1228 iaLPSSi_I2C - ok
15:54:35.0386 0x1228 [ 9FDD4763A115D04F565C38183DE4646F, A8B0653E7C5F5B3CB2A1B642F502269FB1BB1E35DBB1CBABDBDADF92C9815727 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
15:54:35.0491 0x1228 iaStorAV - ok
15:54:35.0546 0x1228 [ 4E69EE8F8E5DA036535D433C544AF9E2, 2ADE9B97CE1C19FF984D8BB99CF31415872C2D9628864BD78C0E44D21CC94EE3 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
15:54:35.0626 0x1228 iaStorV - ok
15:54:35.0678 0x1228 [ 15C59DF20F74A0C2C764B991FED7F4A5, 6E9804775E815F32A4D73C346E627D64A3096525E78FAE3B6E43CFECAE270428 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
15:54:35.0760 0x1228 ibbus - ok
15:54:35.0816 0x1228 [ 88E6A429944544346EC3AE1FD7D24BCC, B6B8D51E5491C91D2FCDC77C1D82A5168B0C860252208E1B4612D8D5C19401AD ] icssvc C:\WINDOWS\System32\tetheringservice.dll
15:54:35.0903 0x1228 icssvc - ok
15:54:35.0921 0x1228 IEEtwCollectorService - ok
15:54:36.0009 0x1228 [ 54E0F4CCD6CE99A807459AF928DD64AC, 65EBD9757B811E8F1060F23C4936DBED5FBBEDA290CC4CD7F7781CC3D189BE8B ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
15:54:36.0040 0x1228 IJPLMSVC - ok
15:54:36.0130 0x1228 [ 6F9C31435DD3E3D3BC247212EA144EBF, 05C4A0BD4BABD27783CEFEE6108C1A05911A212189233F09AF1A56BDC60F60F8 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
15:54:36.0299 0x1228 IKEEXT - ok
15:54:36.0488 0x1228 [ 9AA6A93852E36FE76C3F7FC2904F3B01, F4E8E7FB956B59B450F1D830597EA0FBE8F99526EB0EAA886FA21761514C9B05 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
15:54:36.0696 0x1228 IntcAzAudAddService - ok
15:54:36.0742 0x1228 [ 498759139F71142888CF7EFA1ABE18C8, 9CD0CD748B143F947B4DEDE39344A8C284717CC8AC97E25827EB73CF10831419 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
15:54:36.0780 0x1228 intelide - ok
15:54:36.0799 0x1228 [ DC270DDCDDC2EF65D484A65CC5166222, A88BEAD819ABEFE28B6F9A10586ADCB0EE2A5ED9273F176E9313750609C7892F ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
15:54:36.0840 0x1228 intelpep - ok
15:54:36.0866 0x1228 [ B4D9C777762B1F7356958B9C0AA93BEB, F11B07FE939A107AB4EED4857854DF269C2D86A80C8507C8B1E95F7805975EDB ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
15:54:36.0923 0x1228 intelppm - ok
15:54:36.0943 0x1228 [ 22BD83268B80A8C89AAC0BDF46E4EB5D, E7DC0C2E4104B51EA545BA8D0CFF11FD6A15BFD8EE16E546E8FC220853402CB3 ] IoQos C:\WINDOWS\system32\drivers\ioqos.sys
15:54:36.0996 0x1228 IoQos - ok
15:54:37.0020 0x1228 [ A49E47A6E1429123F46A7CA9C05AEFC1, FFD68CA46DFAA4954FD76145808E2C74BDC34FFD6979BB3FB6A3EE4DC33CDC78 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:54:37.0079 0x1228 IpFilterDriver - ok
15:54:37.0193 0x1228 [ 8FBA61B7CB44F136226BE3B346FC6D19, 2190A523AC948B18C2C7B6DC96ABB654DAB471AD5E5E13F79899416E91777AED ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
15:54:37.0377 0x1228 iphlpsvc - ok
15:54:37.0412 0x1228 [ E0C276985AF968CE295B8E09C121321F, 07B54165E80D4254C29A6CF00CC634E70F190EF0EB8EEF73EC14F38B841087A5 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
15:54:37.0472 0x1228 IPMIDRV - ok
15:54:37.0502 0x1228 [ 5D3744E6FDEC1A6FB3FA9B1DD4AF0694, 209BE9FC25C8BF8CE058B7E993B6A902B881380DADC69F5208733077DA7F4382 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
15:54:37.0564 0x1228 IPNAT - ok
15:54:37.0658 0x1228 [ 0FF335D687C85097725A53458160E81E, BF8BB3C8AF1822BEB5FF5F8008614B982F277D862B16B6516CA91F73D336E9D4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:54:37.0735 0x1228 iPod Service - ok
15:54:37.0755 0x1228 [ B18202D72C0EF4B53CEC6F59E3E1B955, 6DA244E6485372C16CF0B38838DC90B48079A85F5D22B0F2F197C8DA37F0A293 ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
15:54:37.0798 0x0624 Object send P2P result: false
15:54:37.0798 0x0624 Object required for P2P: [ 5CF5E80616F74B769AABCF76FEA791D1 ] avgntflt
15:54:37.0812 0x1228 IRENUM - ok
15:54:37.0838 0x1228 [ CD04CBCCCB4C0E4BB06B98E0F45C888A, 106B3E823C188BD14328F2BEA28559D2F637C270064B2FD214522FAC4E616F4C ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
15:54:37.0877 0x1228 isapnp - ok
15:54:37.0920 0x1228 [ 5D90E942C94B20E0F321015C0ABF3EEA, 4110551B172D4A5524DD857D7CB65FAF2594310BE7883D5641BC0DF5EF49C82C ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
15:54:37.0988 0x1228 iScsiPrt - ok
15:54:38.0052 0x1228 [ 8BF9F59545716D985F7874C119250671, F97D3CD70A9A7B54B34F42A4D6A281A0961DADAF35910EB22F727350162B7817 ] k57nd60a C:\WINDOWS\System32\drivers\k57nd60a.sys
15:54:38.0123 0x1228 k57nd60a - ok
15:54:38.0149 0x1228 [ 4192DFE6CA143C0AD8AF42C51A82BECA, 31FB3A261D0D5241CC87EF7DFF8BFC1A1EACE8CEC42138918EC5958DAEE100CD ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
15:54:38.0192 0x1228 kbdclass - ok
15:54:38.0211 0x1228 [ B63C0DB341DCB46CF7AA259333A737DD, F1B43BA68707F3F99CD31AB2035F5E86CD967AE4E5393928C69861785E960872 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
15:54:38.0267 0x1228 kbdhid - ok
15:54:38.0282 0x1228 [ 53C79A7FABDAAFD11EAB31963FB2CED7, 357418645DDCEFA5546AE78EDCAE86D50928710CA7A3F65F01CF721AADA36623 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
15:54:38.0335 0x1228 kdnic - ok
15:54:38.0364 0x1228 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] KeyIso C:\WINDOWS\system32\lsass.exe
15:54:38.0411 0x1228 KeyIso - ok
15:54:38.0440 0x1228 [ 1E99B26BDB9B9C9BC775ED4543558560, 890870A6737B4910735D1B23F714AA73FCCD1C131D135FACBA6909F06D31B3FF ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
15:54:38.0488 0x1228 KSecDD - ok
15:54:38.0516 0x1228 [ 6198A79011C67497B324798B3D4272CE, C587F7D86837550D07918F6AACF26BF65EBAF7FF57475DC9196B4D011E83AE47 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
15:54:38.0568 0x1228 KSecPkg - ok
15:54:38.0598 0x1228 [ 503597D9B72DBD9998F722F12A51ACFC, 9B3585282191163AA70243BAD921ED8725A98454E0D3879E0F671E0E4F56AB4F ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
15:54:38.0643 0x1228 ksthunk - ok
15:54:38.0714 0x1228 [ ED5AE20C27F27F293C6C61AEC9881054, 4D5BE394D129BD559B0A9D237F3F59CB3D24C15ABDD97AE2E64931D6B9D14FF1 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
15:54:38.0823 0x1228 KtmRm - ok
15:54:38.0887 0x1228 [ C529DA0AD5A21878E318801B024AF8E7, A14E8ADCA33C37B1D256CB4926A19F56D2D19B94EDF314A4ED34A8B5AB62CA5A ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
15:54:38.0977 0x1228 LanmanServer - ok
15:54:39.0034 0x1228 [ D6D9F4CAFD3F1A7E30AD02E508552CD2, F0D225E5951CFE1D8349F634CC91BDD5B3F9DCF6233CCB965E99BFEAFE642265 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
15:54:39.0134 0x1228 LanmanWorkstation - ok
15:54:39.0190 0x1228 [ 24881F16D2829764681F5FAE7B86D7D3, 290348CFAF3165847E4B53965D22E9D417EE20FFD23293B5C1855C57E6328599 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
15:54:39.0249 0x1228 lfsvc - ok
15:54:39.0269 0x1228 [ 6ED675774BDC3735AB6DA12D29F825CF, 4317C7CF491F4E806975E7A973CFF11CFEE9E94730DDABCC67C3D693691DDDE5 ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
15:54:39.0326 0x1228 LicenseManager - ok
15:54:39.0351 0x1228 [ DB789F57CE94C827FBFF709CA5ABD29E, 4CA4DD079A63649C36F76A31C4081F11F5CF6574AC573B63EF930DB19B1D1C95 ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
15:54:39.0407 0x1228 lltdio - ok
15:54:39.0467 0x1228 [ FECBC6C4981772E5D0F517B34A5496EE, 15DB097BFB221B91E580E5CD1DD6B34A9A2C78A1A6FCE4162A855BB4AFE673E9 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
15:54:39.0563 0x1228 lltdsvc - ok
15:54:39.0606 0x1228 [ 24C87BDC66AB192FEB273BEE5FD5AA38, BFAAE1F2450DEBD1A14877C046C6EBA91014DB0B5D0FB95EC14CB714B773B3C0 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
15:54:39.0665 0x1228 lmhosts - ok
15:54:39.0705 0x1228 [ 3BB39166E446D456C277C17DFEA3DAC6, 1A08E1D017BBCE91E508D876835FA7AD2DA0859A8CFE8F8F31B4F12B48E2573D ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
15:54:39.0751 0x1228 LSI_SAS - ok
15:54:39.0774 0x1228 [ 25CF625E46307A5D6674C8DFA1A289AA, 1D00EB70B6B0157013A7C15EF194F51B8596612066EF31B337D8134D6BD0BBBE ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
15:54:39.0820 0x1228 LSI_SAS2i - ok
15:54:39.0852 0x1228 [ 722C52B12EA4C198D56994934C9DDAB6, 5F4AB818251C770821BAF41C19B1C483A31CCC28EB96F2084D4092E33EAF906B ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
15:54:39.0897 0x1228 LSI_SAS3i - ok
15:54:39.0922 0x1228 [ 3371FF1D5D745C3306C6A2C4E99C25A9, DD6F0099001501BAEDDF8411FBCD930BD6472662D209199249203CB2FDAA23FB ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
15:54:39.0965 0x1228 LSI_SSS - ok
15:54:40.0041 0x1228 [ E2EEF074F5260378F9AAFBCD592319A3, DC56674A08FA03FA7AF7DD8B3CC55D8324D1CB51546092A990A935FF9AB48A3C ] LSM C:\WINDOWS\System32\lsm.dll
15:54:40.0201 0x1228 LSM - ok
15:54:40.0238 0x1228 [ C692B9C0352315417CF49FFA664957A3, C2D4F9A936B809889F7C51FE48214A1923175913A6C5D0B72D3BA469214B5174 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
15:54:40.0311 0x1228 luafv - ok
15:54:40.0335 0x1228 [ B3944D06EB4B64D57BD7E5FE89415F58, D6A4D17A887F54EEB6138909D10CD708582B10A51F1094275F53C9FFC2447F5F ] LVPr2M64 C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys
15:54:40.0357 0x1228 LVPr2M64 - ok
15:54:40.0368 0x1228 [ B3944D06EB4B64D57BD7E5FE89415F58, D6A4D17A887F54EEB6138909D10CD708582B10A51F1094275F53C9FFC2447F5F ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2M64.sys
15:54:40.0387 0x1228 LVPr2Mon - ok
15:54:40.0434 0x1228 [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64 C:\WINDOWS\system32\DRIVERS\lvrs64.sys
15:54:40.0492 0x1228 LVRS64 - ok
15:54:40.0857 0x1228 [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64 C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
15:54:41.0283 0x1228 LVUVC64 - ok
15:54:41.0405 0x1228 [ 6A4C75FD28F60062FEA3DF3B15D956C0, 4FC58F3320D33BDACCF759A50C623A3E58E4320749E6691B397DF0C8EAAA8A6F ] MapsBroker C:\WINDOWS\System32\moshost.dll
15:54:41.0473 0x1228 MapsBroker - ok
15:54:41.0550 0x1228 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
15:54:41.0588 0x1228 MBAMSwissArmy - ok
15:54:41.0611 0x1228 [ B2ED9A7A5587A128A0EFD0DBE7662E95, 63070AAFD44E3CD2A4B262DF27222B103455A4D8C2E45914502BFA03D84D32C9 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
15:54:41.0653 0x1228 megasas - ok
15:54:41.0719 0x1228 [ 083F71488E6780A67290273180256EA5, 5F43CE66F5A48850BABB70F4D219FDD002F9BC2B2F0E58E66FE2C492AA335E50 ] megasr C:\WINDOWS\system32\drivers\megasr.sys
15:54:41.0820 0x1228 megasr - ok
15:54:41.0887 0x1228 Microsoft SharePoint Workspace Audit Service - ok
15:54:41.0967 0x1228 [ 5907A10D46747A2B6DBFD6A198254DC2, 6C283E9DC75C7ABFD270D6FABBF4F54628A1786E7CE2F603BF664CBB9E4FE583 ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
15:54:42.0104 0x1228 mlx4_bus - ok
15:54:42.0213 0x1228 [ 91ED6F0EDF4158D63C52194F17D4F42E, ACF543978E253650C167C6C370699AEA7340EBCECF7CAB904CBDD334D1BD6928 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
15:54:42.0272 0x1228 MMCSS - ok
15:54:42.0296 0x1228 [ 2C4CC9F6ADBED5A6D131FDB97A78FF68, 04DC76E3F0959C0A9B00DF2133B075194FB7DCBD76832B9D25B0E37223D300DC ] Modem C:\WINDOWS\system32\drivers\modem.sys
15:54:42.0353 0x1228 Modem - ok
15:54:42.0381 0x1228 [ D8DB13529C8AD6FBAF8E2F382024374F, 13025035C479E2EF76EDCB90D83BE65B4ADD9F7000AD31FEAD628D5DDFE69158 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
15:54:42.0445 0x1228 monitor - ok
15:54:42.0471 0x1228 [ 2DAAF1EE1C30F2FCF59851A64ADA0422, 08CD801E63E2862DE058CD732C3DB3D87B1A2898732365440E3F8919932E96FC ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
15:54:42.0515 0x1228 mouclass - ok
15:54:42.0538 0x1228 [ D30FE074503283829ED194BCAE6239C3, A3A127381ECC798417D01F6B8A1894EED7D71989047BC4D1D74D0E7C8394AD65 ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
15:54:42.0592 0x1228 mouhid - ok
15:54:42.0625 0x1228 [ D5EC9413527B286CFEEB0294C53ABB95, B094C611F5A7E33D2F8667B2A4D6260E1D57BD135867F984EE5B674C7EE72B95 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
15:54:42.0672 0x1228 mountmgr - ok
15:54:42.0753 0x1228 [ 63282F5EB7E5BFB58FD1EC93C6ADB457, 25096C4AE319E854153C75DCEC0A67A63F6B05FDD0B49D4D373724B3BF55D665 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:54:42.0796 0x1228 MozillaMaintenance - ok
15:54:42.0828 0x1228 [ 989A1BBD9C49B107B4A47D06E6827A69, 62D90B22AE13AC84324DFD5FEBA595813AD07469B7FEC41380CE223D93020CCA ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
15:54:42.0879 0x1228 mpsdrv - ok
15:54:43.0013 0x1228 [ A0DBB9386BEA8DA1A159C2A2E07081A3, 9D3F26005A76A72F9512F040D45C16124D17F8C8DA45C51FFAF74F066357D0A4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
15:54:43.0195 0x1228 MpsSvc - ok
15:54:43.0252 0x1228 [ 5B37FDC07159FE9F5F52399F7D78F60B, A0C20EB9A7918395A13A5E21917887DDC9897C475D33091B518354163CAE108A ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
15:54:43.0327 0x1228 MQAC - ok
15:54:43.0381 0x1228 [ 8E3F4C3A8EA2E787E6089618675501D0, 8A9FE21C5CBB1D770B58BFA241AA5A4428079EF901C28433FE94DB93DC14B6FB ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
15:54:43.0452 0x1228 MRxDAV - ok
15:54:43.0501 0x1228 [ 1DF2C5FD2710A13B07E663A12F0E0EEA, 8EBCA9269F52A5CF602F5DE2B0C2AB2BFD82F415465DBB74C73D43F321D9FD46 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:54:43.0598 0x1228 mrxsmb - ok
15:54:43.0641 0x1228 [ 185932B1149BD707F8A13174CDAB365B, BC26CB10DD6E81A94477564444E91F76D47E685E897BD77B9C1393F0D31AB718 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
15:54:43.0728 0x1228 mrxsmb10 - ok
15:54:43.0764 0x1228 [ 99E24D4DBACBC569833B9A67710D65E7, 93BC765E7B6E19E83AFF783DE8080A80A1D69A406B496F1E36C47AE6E86AFB76 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
15:54:43.0838 0x1228 mrxsmb20 - ok
15:54:43.0887 0x1228 [ 6F8BE4FB6262012E61BBADB5444628DC, E87489207AA48106C08E4BADDD8D66D14BC9DD6AD2A4CDD880BA655932CDDE60 ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
15:54:43.0950 0x1228 MsBridge - ok
15:54:44.0003 0x1228 [ 283BDF3602F442336DAF242BDD07FB98, 185F046B6AA24FFD1567F00AA70357C82002FF627E329CEF9B926645A6DDB172 ] MSDTC C:\WINDOWS\System32\msdtc.exe
15:54:44.0084 0x1228 MSDTC - ok
15:54:44.0127 0x1228 [ 7C55F1751CAC199680D4489D1EE46544, 967EC8137D321F6139C3382D19A338FD97A3023EB654747AC57C2008BE4AF677 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
15:54:44.0189 0x1228 Msfs - ok
15:54:44.0234 0x1228 [ 988588C16A53C2581488C15FF18934BF, F021FD31163CB5C7012CF96EF642C5E551708C835039075268F4CBED002D441D ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
15:54:44.0275 0x1228 msgpiowin32 - ok
15:54:44.0311 0x1228 [ 09622DBC24D0178F15DB8461BB6970DF, C0B3F9B2219AAF87E417EE9FF54C64B8AD9944E101EA79B5DC81D99E8C2ECF30 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
15:54:44.0354 0x1228 mshidkmdf - ok
15:54:44.0388 0x1228 [ 34BB07495C0159BE4189841E16F3BC2F, 264B5735D9A68C85BEDE363D4C0AE1FCC381B39EA884B4BAEE185EB8A873184A ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
15:54:44.0433 0x1228 mshidumdf - ok
15:54:44.0457 0x1228 [ 7BF3F0DA362C053918F5F2EC43CE39E2, AA773FA3F83C0C572160D3D0286A697DC628FF4F3655EF21D01C6D1B7BE5DF1C ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
15:54:44.0495 0x1228 msisadrv - ok
15:54:44.0538 0x1228 [ 669DA2006C0B9D882D2014617E1E88F5, 090F558818806CAEF6C81D369F8BFFE4A8240295EF37CAA7102A18F4CD20D868 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
15:54:44.0617 0x1228 MSiSCSI - ok
15:54:44.0630 0x1228 msiserver - ok
15:54:44.0656 0x1228 [ B2D0FD21FE67D6434769CC6F7A7883CA, B2368BD72952C6EE6DAF1AA006DF575A3019E4721BEFB108D3DF1B9E07B2BC5D ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:54:44.0701 0x1228 MSKSSRV - ok
15:54:44.0728 0x1228 [ FB3801F176376286A3F8F20FFB8CDC53, EEF89081665B9BBA93AE9F5912C40C1698E8BA8DBBCCC3BBE0BAB5A86B7E05D4 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
15:54:44.0789 0x1228 MsLldp - ok
15:54:44.0831 0x1228 [ 85EBF0A28B8B132B67C84C6CE5EBAC29, D0012CF4822A3D16F7BF61C94C5650DC1ED310A0DD1A3333465D28C73D40ECDB ] MSMQ C:\WINDOWS\system32\mqsvc.exe
15:54:44.0882 0x1228 MSMQ - ok
15:54:44.0921 0x1228 [ 8CBDF0E7A6CD824352F37A682A33DF7E, 4567FF4C73648FF26EA68EAE2B524B767099789086C158875C97768C77B81359 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:54:44.0966 0x1228 MSPCLOCK - ok
15:54:44.0986 0x1228 [ 33E5B6261D69ACD4948A5C64B9D8F29F, 1D32340640312372E52E59AFB5DB872E6F9DFE3AC16B56F9D928AE230DA02B8A ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
15:54:45.0030 0x1228 MSPQM - ok
15:54:45.0073 0x1228 [ 557DF8C0DBBBF518AC395C6EB1B179AE, B294B5A7882C0C60D91FB853FC87505B6E7638D25E360FDAE002AEBB714ED471 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
15:54:45.0145 0x1228 MsRPC - ok
15:54:45.0177 0x1228 [ 0A29AFA668F5DD50482A98ECE70C77A7, 4C1F23B062361D97B1C8D864AB227E5F398F774A99B5E60A1149A4F78D5BEC20 ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
15:54:45.0220 0x1228 mssmbios - ok
15:54:45.0243 0x1228 [ 30CE30877FD5BFADE74FA27D7829BF89, B5EA1F8C91E75722DB1E3E2172C8607FEDBF35BDC4141258A3E6D29D8B0E193B ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
15:54:45.0287 0x1228 MSTEE - ok
15:54:45.0310 0x1228 [ 13D88C0B8A2FA001CD72D454955A6974, 19DD5C8BBD07B64F355737436BF702FFC209D84A8855D2224D3377E233D4BB34 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
15:54:45.0356 0x1228 MTConfig - ok
15:54:45.0383 0x1228 [ 00C7F0F06A0A48B9CDB6B3AC3BE288F0, BF469A2DDF495ACB9FEE9063C6680C95BCC8686682C9EDAE6D1893D4058E8AA6 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
15:54:45.0431 0x1228 Mup - ok
15:54:45.0452 0x1228 [ 8E237527CA260C71D39ED4081BDF3419, CA52DD174C756A404B1FAD3F2A70E50085C2820BF12369259F61DA649101A179 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
15:54:45.0494 0x1228 mvumis - ok
15:54:45.0561 0x1228 [ 48D0587A8302FD3302CFE6F59F7345B0, 26D48AF3F7FF4867E179347CD635055DEA9A751C6C61CE2C391A7F74FC0DC1DE ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
15:54:45.0691 0x1228 NativeWifiP - ok
15:54:45.0746 0x1228 [ 11BE8117653C542D264788A700AC5BFE, 87EAAC2DF62BB26619DA72950F5EE41DCA1DBDF93F098647F9D200D588F14003 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
15:54:45.0827 0x1228 NcaSvc - ok
15:54:45.0867 0x1228 [ 286C6276B2BA86F29A0F687D05466277, AC8551536F37717A0ACE4A260F5696D1276F7AC62F669E8F12AA158DD86F71A5 ] NcbService C:\WINDOWS\System32\ncbservice.dll
15:54:45.0967 0x1228 NcbService - ok
15:54:45.0996 0x1228 [ C55DA734ED2A831E0BACAAFA01CEB7FF, 9D989B03D07BBAD287B317D238691664B0694331D6A69B7A1AA3D8AB7D1323FC ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
15:54:46.0101 0x1228 NcdAutoSetup - ok
15:54:46.0128 0x1228 [ CF8296427834CF8BBB3EE1444C17362D, 6EFBE1F015DFFA0704C66DF5C88089DD5771E1542018E4AE98389CFF3D0B2309 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
15:54:46.0171 0x1228 ndfltr - ok
15:54:46.0295 0x1228 [ 616F40B897DA651221F86A1741E9609B, 22D66029726313D92FC8E074BCC51C1E1560CB5FE36DCB735E7E063EA53E299A ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
15:54:46.0456 0x1228 NDIS - ok
15:54:46.0491 0x1228 [ A0719D1EBA971DFC5DF5F7CC010385F8, A982487D3A74E66F3C29AAA5B46CE9A0969F07F267DDEFE58C58573573AB0024 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
15:54:46.0540 0x1228 NdisCap - ok
15:54:46.0569 0x1228 [ 0C557932CCCC65AEB37326DD36504527, C0AF3066DEE4BCC32DB30CCC16B7A91442A8383BB36C7C4E3CC0A5EFE0FAAA9B ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
15:54:46.0637 0x1228 NdisImPlatform - ok
15:54:46.0659 0x1228 [ 56F9345D1945826135FBAB7589592B1F, 6BC2A5900076B917823C7392C582A2648D0C8000F2F65D309D5B48E36D4FB4D6 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:54:46.0712 0x1228 NdisTapi - ok
15:54:46.0736 0x1228 [ AADFC340939D99E5D756E713E1D452EB, EFEFDBB2188DE82C2C5E67929861B269FD4C127D34D1DE6D0596ABC33E2C2B51 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
15:54:46.0785 0x1228 Ndisuio - ok
15:54:46.0809 0x1228 [ 312DFD787D99D3BF1427B0388BC04F71, C082CA1F332AD57FF2100748518D3D7B3D0F1B042F69BD7401C44B77AFE97462 ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
15:54:46.0860 0x1228 NdisVirtualBus - ok
15:54:46.0897 0x1228 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
15:54:46.0969 0x1228 NdisWan - ok
15:54:46.0997 0x1228 [ 2103F43E0A1ECFB14B7E1B889F5F24D7, 6A86E854C89E132DBC9183DE2B9464DC592E7492BE267BA02FE4DAFE6FA87528 ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:54:47.0070 0x1228 ndiswanlegacy - ok
15:54:47.0101 0x1228 [ 6E98F16983C4AE8703FF9F90AB4B31DD, BB8BD5DB4B5FB31F3A257747C27CBEFA4B7837EC5C0CF3D4F408E626E4003F4C ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
15:54:47.0158 0x1228 ndproxy - ok
15:54:47.0192 0x1228 [ F1B7CC77F412C8D45B2DDCF76EDA4F9D, 25F2AA76E675D9BCC0B1FD47AFEC6DF2D0B47E7B1C8AF6FB27C1ED2FB902961A ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
15:54:47.0254 0x1228 Ndu - ok
15:54:47.0284 0x1228 [ 824FDC990A3F79069BE468A132EB6888, D09F7A9EC04E37DA504CE54EEC25C312B407B6A8B214CBB074BEB50DE420F52A ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
15:54:47.0330 0x1228 NetBIOS - ok
15:54:47.0373 0x1228 [ F0D791348AD254360CC3C3E501CCB745, E4CAB4D3C2CD3169731283B00DEBFE26438BB66A3F0D78BDB68E876A14FC7070 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
15:54:47.0462 0x1228 NetBT - ok
15:54:47.0489 0x1228 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] Netlogon C:\WINDOWS\system32\lsass.exe
15:54:47.0536 0x1228 Netlogon - ok
15:54:47.0601 0x1228 [ 7C8A7380CBE45DFD3DF118D8601499A7, C137280B7696F8CF4258BDC8B241C66BB3AA5708C5410D85255E46C7E8284826 ] Netman C:\WINDOWS\System32\netman.dll
15:54:47.0699 0x1228 Netman - ok
15:54:47.0760 0x1228 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:54:47.0806 0x1228 NetMsmqActivator - ok
15:54:47.0827 0x1228 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:54:47.0869 0x1228 NetPipeActivator - ok
15:54:47.0930 0x1228 [ BBE9D72EFC7BD66B28309C3607683DBA, FC372EFBC650CE0BDB117858D840A1FB361947B1C67D1DD16BABA95D0286856A ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
15:54:48.0060 0x1228 netprofm - ok
15:54:48.0129 0x1228 [ B50C003F86EFEDAB844AC808C6A6CB6C, DE27531037129830FD537114B0299B80A0C87C3515411EC95001BC6334ADA5C7 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
15:54:48.0216 0x1228 NetSetupSvc - ok
15:54:48.0236 0x1228 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:54:48.0280 0x1228 NetTcpActivator - ok
15:54:48.0303 0x1228 [ FBF2ACE9B10DDE0B4108930D78370E86, 2A4910F071747B786EA49A638B3AAB698DCD0AD7FE702078BA83F85C533A227E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:54:48.0344 0x1228 NetTcpPortSharing - ok
15:54:48.0378 0x1228 [ 46E862DA2CF8F351375EF537276B69B5, AC0FE0977E56380849DCE668AC0F5AF183AAB115ED84ADD964E390CC0BEDF6D3 ] netvsc C:\WINDOWS\System32\drivers\netvsc.sys
15:54:48.0429 0x1228 netvsc - ok
15:54:48.0492 0x1228 [ 88CE4AC85F36B6347C1D820FA373B998, E10B5DF8883928A2062FC6180DE4CF0DE33C68622C2E3E4E1AFC56A0682F8E75 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
15:54:48.0590 0x1228 NgcCtnrSvc - ok
15:54:48.0608 0x1228 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] NgcSvc C:\WINDOWS\system32\lsass.exe
15:54:48.0656 0x1228 NgcSvc - ok
15:54:48.0725 0x1228 [ EA1C2DAB8A63712B94897A58557B086C, 98DD7E5C84F3CDF2DAA89484892D6B439F5D14297B5243436925BEEAA0C02EE1 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
15:54:48.0853 0x1228 NlaSvc - ok
15:54:48.0880 0x1228 [ 41557BE174E9EC6AC703A8A4ADBC6650, 8CF6DF3FDC3C7C44B32851538A67BF86A54AB6444A424D7A20B7A9A94B4158D8 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
15:54:48.0940 0x1228 Npfs - ok
15:54:48.0968 0x1228 [ AC3F70FCFBCE97AA2F12BA43EE13B86E, D0AC50FB022C0F3031531CEE210D47FC3244C6FB55FAAD4AAB04081F0A21DAE4 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
15:54:49.0023 0x1228 npsvctrig - ok
15:54:49.0047 0x1228 [ 0AF4872D3D6FD3A030E836DAC2B3EF2D, 03EE7B6FAFC0BB5C26793BC5FF8BD1019AC96B3104688009C1E062C3F4F34D6D ] nsi C:\WINDOWS\system32\nsisvc.dll
15:54:49.0111 0x1228 nsi - ok
15:54:49.0132 0x1228 [ 66A98C407085B8920DF1E6D722F1ADB8, 3FE307E4A9E41B08E0453507E50D6D0C67FA6F4245A863D90181463C749C83B5 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
15:54:49.0179 0x1228 nsiproxy - ok
15:54:49.0381 0x1228 [ BA8DC96D1DD7785EB0589CB1777208B7, 09B486A20D9F22FE50CB4FBC0C801609F522FA99F5FBC43107336B7D98457D91 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
15:54:49.0649 0x1228 NTFS - ok
15:54:49.0682 0x1228 [ 383E546EF4982262A0EF6CC2B6E9D525, 3C6C90B62E8EB094E6928C388E5081A3F73DF87B0F34F716B72EA7B6EF71FBB7 ] Null C:\WINDOWS\system32\drivers\Null.sys
15:54:49.0728 0x1228 Null - ok
15:54:49.0761 0x1228 [ 466F875F1D4C6ABB46AF28007009237C, 26F5A5579737A7CF2267F79DDE5A551149C682D5FD24663B53FCEC5AA6B448CE ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
15:54:49.0813 0x1228 nvraid - ok
15:54:49.0844 0x1228 [ 76F19EAE7A52CBAF7B8EC428BE6E0DA0, CF1E55D92FA32744A20AB75D466A3E05E6FACF4694F9265C41F5C27C1E7243DC ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
15:54:49.0897 0x1228 nvstor - ok
15:54:49.0924 0x1228 [ 0D0CB77D74B38E0EC62341C19E469D8D, A05D3CC67FEEB2FD219BFAA34BF98CB3F3718042124AF28F0E9FDFB9F132DD76 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
15:54:49.0973 0x1228 nv_agp - ok
15:54:50.0032 0x1228 [ EA3FFE8617B9FCA1620AD9876E92F4F1, 68D5143CA71D10A2BB44E29B3C76580596669D0624076BCF6CCBA7AF3140538E ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
15:54:50.0133 0x1228 OneSyncSvc - ok
15:54:50.0277 0x1228 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:54:50.0322 0x1228 ose64 - ok
15:54:50.0721 0x1228 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:54:51.0190 0x1228 osppsvc - ok
15:54:51.0295 0x1228 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
15:54:51.0408 0x1228 p2pimsvc - ok
15:54:51.0480 0x1228 [ 3612CE3432E0A2BE0081E6B488ACF84C, F1A641735FD374CA293FB98FADA2C41E2033B17FECCA3B6D225D0E591AFFF413 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
15:54:51.0586 0x1228 p2psvc - ok
15:54:51.0630 0x1228 [ 38F1AE32339731F6E5A7281AE8042545, 308954518C45D29FC199525F0CC7FE4EA805322EC0B871DDDCBEEC15355514C8 ] Parport C:\WINDOWS\System32\drivers\parport.sys
15:54:51.0693 0x1228 Parport - ok
15:54:51.0722 0x1228 [ 707889D2F95AAE8C9DD254D8767AD908, BE7BD94728D7629F8B7567523FFB42B8979941CEA2EA03E11BFCD51CF119FC27 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
15:54:51.0769 0x1228 partmgr - ok
15:54:51.0824 0x1228 [ A09B0D8F9F0FC17EBCE6481AC9FD5CDF, 8E8D68992D98CF3DBC4B70C7902B3EC28A1E2DA8D4DB38F0AD9D52B1A5A1D40F ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
15:54:51.0928 0x1228 PcaSvc - ok
15:54:51.0999 0x1228 [ 2834089EA4E550FF3B96E61FB4AA34ED, D25DAB47F9778675E984E0738D2014024C2758D52D7E071167A12FF466B7898E ] pci C:\WINDOWS\system32\drivers\pci.sys
15:54:52.0066 0x1228 pci - ok
15:54:52.0110 0x1228 [ 3D587E4295B11B8480F7ACB09A89D718, 8C3BD62B3451E1B2E7197EDAE381785406DF86C03BEEC486602C642FDD37DBC1 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
15:54:52.0150 0x1228 pciide - ok
15:54:52.0177 0x1228 [ B8F07002B5F1DA23CFF979C2806B09F3, AD5C589A02BB8185AA070420BF30E78BC8BE3C6F9B0F66319A8CA05B70A5ED32 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
15:54:52.0224 0x1228 pcmcia - ok
15:54:52.0247 0x1228 [ FF588077D0C6AC2EA3FCBF1903CE08D0, 64BE1646FB6D8CC902B6F386255F7C0420E3C334E14DECD527DD541B43A1DCD6 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
15:54:52.0287 0x1228 pcw - ok
15:54:52.0332 0x1228 [ 70469C8AC4AD367295E70CFDD81B754C, 3EC6FD742C7C60363939E5343477810D751D91D32A2F24285976C08A7C4477AB ] pdc C:\WINDOWS\system32\drivers\pdc.sys
15:54:52.0382 0x1228 pdc - ok
15:54:52.0477 0x1228 [ 688F47C342E1BBC87A48AB71D316233E, CE99AB67C7E7A11AC69C2F4513AEBDACA385BA7F8CC49BE6313CE04ED404A0E7 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
15:54:52.0631 0x1228 PEAUTH - ok
15:54:52.0894 0x1228 [ 303D2C90139ABFC1D12E279F0F101710, CE02E335A72011004395DC635EB819B3ED8D00041B9C59024DE246366AF00559 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll
15:54:53.0223 0x1228 PeerDistSvc - ok
15:54:53.0282 0x1228 [ 189265498945593D5256CFF7FEBB9665, 9CB88CC3C726BFE6EDCE8D9E4544306AACD3FB9E969E3A438D9FD533F25C1281 ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
15:54:53.0335 0x1228 percsas2i - ok
15:54:53.0356 0x1228 [ 9B86965114F6831A5130EFE6657B17D9, 4C5B657DB9A9F96BFD3EAFA756ED60D911EB58857C439F5FA6E495A473ED1145 ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
15:54:53.0402 0x1228 percsas3i - ok
15:54:53.0514 0x1228 [ 8A5A52C855FB5BFEF019AE9938AEA8AE, 77CB8A09B209DB5895319BA9D073A67148926E22C47836343050DFC178AFAEEE ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
15:54:53.0573 0x1228 PerfHost - ok
15:54:53.0661 0x1228 [ 839BD56425530973FF3F6F7C0057CD22, 9BADF39BC4628409CFCD5F1300C6040C49B2ED72D0FA389C6BB042E5B17E1A40 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
15:54:53.0765 0x1228 PimIndexMaintenanceSvc - ok
15:54:53.0916 0x1228 [ 82FDEC2A262728F62F2111A84CC04B16, A1FCE38D4F55F10BB9B3BFB7D9E3EF7C27D499D9C8882218C8A9A73487798188 ] pla C:\WINDOWS\system32\pla.dll
15:54:54.0171 0x1228 pla - ok
15:54:54.0243 0x1228 [ 7B3DA16FAA498838BB457E0B7E380EDF, B73DCFFA60886F10765E4B76A58CFF18C08CAFEE620700361FC8FEC7E80B5958 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
15:54:54.0326 0x1228 PlugPlay - ok
15:54:54.0341 0x1228 [ F1E9C35A8DFD4D64382CFB9019A950F9, 24E0381C6909F9876D6DC4697DC6405FE18DF91531891B2CCA6DB0191B9C6DF4 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
15:54:54.0395 0x1228 PNRPAutoReg - ok
15:54:54.0436 0x1228 [ CAFB5A95883158A0579DED2ED5CB0627, B23F7D19142DD3544F96ADB36F152F4EA7F6C524A1281EC26A2B95D7D044822C ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
15:54:54.0531 0x1228 PNRPsvc - ok
15:54:54.0607 0x1228 [ 62C0BD179961132EF2C5B952210C11F5, 2473FBB3619D0DDA229D4BEC30CEFE7497C27ED3844A5B7655F6F2D328FEAF61 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
15:54:54.0720 0x1228 PolicyAgent - ok
15:54:54.0785 0x1228 [ 6390391EDFC43DD11CE9E6AADCAC20EA, C8BC222FFBB9E47489D16BB5248E0E2E594011C46CFF71F5DBCC4D5CC6788098 ] Power C:\WINDOWS\system32\umpo.dll
15:54:54.0849 0x1228 Power - ok
15:54:54.0875 0x1228 [ 1433EB7908E5E1E20FFD50E4126C3484, 34D81680C8F2F2C5892FC0E0A6DFCBB241AFF493267A1FE182ED28AE9F712456 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
15:54:54.0938 0x1228 PptpMiniport - ok
15:54:55.0257 0x1228 [ 12E2582F69ACA40A6BAE91DA578CBF34, 648C6394763906AA4163976DA2C3308F8B706486D9D8F16258CB1D61C2929930 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
15:54:55.0781 0x1228 PrintNotify - ok
15:54:55.0822 0x1228 [ 22DE54C3974E4FD98F61D095C22C59B7, 64E78D6DEC4A28ABB0A23F2CF078459D81796EC79235AE45976ABB4F72B1D1E6 ] Processor C:\WINDOWS\System32\drivers\processr.sys
15:54:55.0876 0x1228 Processor - ok
15:54:55.0944 0x1228 [ 8A216BBE091DA0585F6A5E8B65980961, 7A9400AF63D1B906F48C072084CC77508C91C7E69ACC1E9957D7A9C353A67710 ] ProfSvc C:\WINDOWS\system32\profsvc.dll
15:54:56.0035 0x1228 ProfSvc - ok
15:54:56.0062 0x1228 [ EDD52C352CBAAAD13FD7BD5DCEA309B3, EC7D294B23FD5C309E5C4C455896937B85DC615E1B36C9F8F3BDC90E75EBF9CF ] Psched C:\WINDOWS\system32\drivers\pacer.sys
15:54:56.0114 0x1228 Psched - ok
15:54:56.0172 0x1228 [ DD3FF2053356D11C785999BBC633F3E0, E9A5B7C657F4523E5DEF7AEE7ECFCC94E911FC65F1D491BEF01239F357B8D8E0 ] QWAVE C:\WINDOWS\system32\qwave.dll
15:54:56.0270 0x1228 QWAVE - ok
15:54:56.0315 0x1228 [ 51590F442C6E5D43244BA30DDB0CE79D, 9C7FD0A19753C13FD4A27EBFD60703A2414D5A2F6F451F0B32769C8D7C953980 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
15:54:56.0363 0x1228 QWAVEdrv - ok
15:54:56.0388 0x1228 [ E951E70019865B06126AF850BCCA2026, C590DE38C7603149AFA0271D57EEBAF956F18F50584FCF04BC2C8D8CEC5C5932 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:54:56.0440 0x1228 RasAcd - ok
15:54:56.0486 0x1228 [ 0BF8607133AE264BC3C41A5BAA5FFB7B, 9A4F6AC6013AB5C2A99BCFC2CCF161DD225DE8D85D61579655ADBF04A4383A61 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
15:54:56.0547 0x1228 RasAgileVpn - ok
15:54:56.0594 0x1228 [ FE0976379F9E7DB6F7945FCEB88C7E29, BA331CE55C02E86478714DA87FAC547B50D53BC7D02BCA5A64D484DED44BFAA5 ] RasAuto C:\WINDOWS\System32\rasauto.dll
15:54:56.0667 0x1228 RasAuto - ok
15:54:56.0714 0x1228 [ 2521520142F7853E39028AE6BD66E072, 7A7E18E886781B4984826C1FC4BEDABEC62D906063EE2781FD799B0097616B9F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
15:54:56.0777 0x1228 Rasl2tp - ok
15:54:56.0865 0x1228 [ 9AD8FCCC95B68BC3129AA2318CE55717, 57227EBF2C1D42063B95AC92F380BAA95E0C6F2E6556F887AACBF63A0482FD24 ] RasMan C:\WINDOWS\System32\rasmans.dll
15:54:57.0017 0x1228 RasMan - ok
|
|
28.04.2016, 15:09
| #5 |
| | Backdoor Agent kommt immer zum Vorschein Teil 2 TDDS Code:
ATTFilter
15:54:57.0043 0x1228 [ E5FA41160F5A3D78D8F7765E5C5F6BB0, 31BA423FFFC3206717DC34B482149421EE28B27A4A3BA2DC78C3B3A9EE0C1365 ] RasPppoe C:\WINDOWS\System32\drivers\raspppoe.sys
15:54:57.0102 0x1228 RasPppoe - ok
15:54:57.0125 0x1228 [ DF0834AE921E633E05D1FDC55C318957, 851A00961224DACBEF9DA427122F6B4B73BB99849D5ECB55DBBD311B2EA84C33 ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
15:54:57.0185 0x1228 RasSstp - ok
15:54:57.0241 0x1228 [ FC9B7AC6E2B837EF7CD6C64F7068D41D, 9B0DD842033E82BC7EE80416A62B084BF5200923EB7A6C80415BB28004E9B5E3 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:54:57.0337 0x1228 rdbss - ok
15:54:57.0378 0x1228 [ FB7375657F8A5932C35EAA45E9B4B416, 99594708BFD6DC9F8CECBF092058D4D0D4F1BC3204E86F9FDAD5207ED5ECF194 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
15:54:57.0423 0x1228 rdpbus - ok
15:54:57.0456 0x1228 [ A32AED8C644734B283A7C9D08D76064D, A12F67C57E43B6A2FE6449EA3822B1108FE70C66AF9911798777F85D760E384C ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
15:54:57.0519 0x1228 RDPDR - ok
15:54:57.0564 0x1228 [ 37CC7E41243EFBB4FBC0510E5CA32A02, 634E2F81D61F937F30E5ECE01FB581E090C6DA073EF7B1A3F6083ECAF363CB46 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
15:54:57.0603 0x1228 RdpVideoMiniport - ok
15:54:57.0654 0x1228 [ DAF957B25A35757E9D814611FAE8FE3B, 5244A427B2DEB5349B9F336A4A39A6834A6E8118A8EDA00738C6CE09F2452C24 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
15:54:57.0722 0x1228 rdyboost - ok
15:54:57.0803 0x0624 Object send P2P result: false
15:54:57.0803 0x0624 Object required for P2P: [ 8B86696A7030DDBD85B64621BD5B9C44 ] Avira.ServiceHost
15:54:57.0823 0x1228 [ 2C72E029C153D25325CA182A669E4ADE, 5CE0E04A6B53A1F11E8159DFD1E59F2AE6631E3B5BD27BAAEC4A35BC02A55722 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
15:54:57.0962 0x1228 ReFSv1 - ok
15:54:58.0065 0x1228 [ BABEE4A896D005BD0D205F1C932DA25E, 269FDF65BE3A226FA2A5CA25085366E32ADAD30A020484FE844962E8C61CB1D2 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
15:54:58.0197 0x1228 RemoteAccess - ok
15:54:58.0224 0x1228 [ 066062967A77867BDCF665960EFDAD32, 68143DBDFA7C68786C22F5CC4E80200255C663A844069C080E7816F423ABB1F4 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
15:54:58.0312 0x1228 RemoteRegistry - ok
15:54:58.0435 0x1228 [ DF84555A734BA2BDA55BCCCC47095ADD, 639814A7F5B758792FE6D84E3FF312F9CE9DACB21B93EA43394DC7A04526CB81 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
15:54:58.0623 0x1228 RetailDemo - ok
15:54:58.0676 0x1228 [ 6451FE42C35FDE3862D99579444F4A8F, BD56A1120AACF6143E6EB739E12BEE86DF142F1159865608BDF1BBE54B66AFCE ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
15:54:58.0739 0x1228 RpcEptMapper - ok
15:54:58.0782 0x1228 [ F24131EAD1D0B73463052BB042A37B6C, 43B5772310B200DF1914C8E4D10401A0BCE9082BDEAC34736AFB2920B39D7956 ] RpcLocator C:\WINDOWS\system32\locator.exe
15:54:58.0830 0x1228 RpcLocator - ok
15:54:58.0914 0x1228 [ 5E57B9FBB4E9C43EE5B69BEE01A1819F, A1F8D1E52AF446CEA2EB50064E3A24B713B19197D61C3EAECB81B3CCD80558E7 ] RpcSs C:\WINDOWS\system32\rpcss.dll
15:54:59.0072 0x1228 RpcSs - ok
15:54:59.0099 0x1228 [ DC66C1D262D64E30A30B68E9F21AC74B, A5ED3D31BCD68DBC00A956787517ACA167C86F5FFDAF7C9A85505FA2B705C6CB ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
15:54:59.0159 0x1228 rspndr - ok
15:54:59.0183 0x1228 [ 88F7703F2A4677C828124AE2110D3EBC, 529F6A5815806F2EA2235802BD28AF8D7A40E7799356BD3EC337C9E71B6B53E6 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
15:54:59.0225 0x1228 s3cap - ok
15:54:59.0255 0x1228 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] SamSs C:\WINDOWS\system32\lsass.exe
15:54:59.0304 0x1228 SamSs - ok
15:54:59.0330 0x1228 [ B467E932FE4E16E201DC7E56870CB559, 6FCE9A2DFC5D222BBEA4AA271A17B830FCF8EAE44B07BEE5FF34AE50CABCBB6A ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
15:54:59.0379 0x1228 sbp2port - ok
15:54:59.0418 0x1228 [ 3E115C63649402D321D396F8D606C9B0, F4BA7FE0E89D563A57B6865E4CF1334998987D11A0D70FF7491726A507B40DF4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
15:54:59.0512 0x1228 SCardSvr - ok
15:54:59.0536 0x1228 [ 67EFFD3D1BB6D2B67DF7F8FDCB1A51FC, DE41539FAC730F5CFF6C8754ECFF1253AFDC1C86743AE71B61D716B7A84E85FD ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
15:54:59.0622 0x1228 ScDeviceEnum - ok
15:54:59.0661 0x1228 [ 31DDA0716EC265CA57DAF9D2295FD76F, E6F39C1B3CF81918277DB8C6E3DF9A82812E1C9063DEB1FB85FE433DC9A16CBA ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
15:54:59.0722 0x1228 scfilter - ok
15:54:59.0828 0x1228 [ 1BFAC03B6422E878EFCDA934BF4C4823, 0BA537A4B9E8020E6B709A44F1382DB3B41CEF631B847201F812152FEB303CD3 ] Schedule C:\WINDOWS\system32\schedsvc.dll
15:55:00.0025 0x1228 Schedule - ok
15:55:00.0079 0x1228 [ 320E7A02D81A468E8C1FEEFDB856AFAE, E65127D3D6B628F9D19EA509FEBD9E4DC1BF20D0C62C3C9E1D7087DF972B2AA7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
15:55:00.0161 0x1228 SCPolicySvc - ok
15:55:00.0218 0x1228 [ 004C66464D8FE76D5DA78BE6777D61AF, 58B5C436798EEBBE7081D54B55B70DEB15331856802CD45E3FF8BDE794F06A27 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
15:55:00.0286 0x1228 sdbus - ok
15:55:00.0311 0x1228 [ A906C527B838A4922611C63EBD250F91, 6BB0054A9C2408138BDF49D834FF99B5B9764E7747ABC15016F54FBA1D28394F ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
15:55:00.0398 0x1228 SDRSVC - ok
15:55:00.0428 0x1228 [ F4BF50A7D16A97A887BFA0F193693C42, EEBF5AAC149C72F490BAC954B25BB6882B10FC38F93CA4F4829A06702B1ECEF9 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
15:55:00.0473 0x1228 sdstor - ok
15:55:00.0517 0x1228 [ F2F1E2B5E253A91BD0A623A674A48CD2, EB5982DF138731BFA0411BC21279F35240DDCA2B3101213D99D2A0605ED1BDD0 ] seclogon C:\WINDOWS\system32\seclogon.dll
15:55:00.0579 0x1228 seclogon - ok
15:55:00.0608 0x1228 [ 29452A9DA3E3482F0C2963312F979053, E1782D36C336C4B4C261AD665C1E9051905AA86020E08FC94069972AF4C4DB4B ] SENS C:\WINDOWS\System32\sens.dll
15:55:00.0687 0x1228 SENS - ok
15:55:00.0787 0x1228 [ 919BA7E3054E4F1D61A3524ADCE6A970, 3C382673DF5AF2F38A5AE4A268F5856B0CC9E65D52213DE6D2C06E252753B73C ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
15:55:01.0053 0x1228 SensorDataService - ok
15:55:01.0106 0x1228 [ 01C2EEA7870FE26A4A6CCBA5421CC7E5, 9E643AB6BCBECE4F2A5FD4C96547A4E3F2BDFEFC5FE24B802467718EC69929F8 ] SensorService C:\WINDOWS\system32\SensorService.dll
15:55:01.0214 0x1228 SensorService - ok
15:55:01.0247 0x1228 [ D2FEE824B4AA0BE377F1353E5F915BF4, 00D754C62F3482BBD0EA72C896139C39D15192B2D9FCC7B755D1FB9DF9FCFD9B ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
15:55:01.0323 0x1228 SensrSvc - ok
15:55:01.0355 0x1228 [ 9DB0BBE3ABE1F49651AE51EC5BCABE58, 0B46C1F231F41766AB73EE7E9834D3CDACA602D12E702D9277E28B47417D9CA4 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
15:55:01.0400 0x1228 SerCx - ok
15:55:01.0433 0x1228 [ C4AF79C37334D995D95C22C14FDBF7FD, 4D4985921261909F2123467A22EDB102B490710F60AB935624435E5BB808A0E9 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
15:55:01.0487 0x1228 SerCx2 - ok
15:55:01.0515 0x1228 [ FC541A272F47BE03E67A9FCB87FA8C3E, 730A3616FD67E9F2832442144B2655A8EF78B9AFCB204113E73E257256491354 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
15:55:01.0586 0x1228 Serenum - ok
15:55:01.0625 0x1228 [ 2A5F5F95FCA123DCBF53B5F603B64789, DE5C9E1D88B2C180B137DA7839F3EF6C936A171ABA49F89C10EE9C73A2226F3F ] Serial C:\WINDOWS\System32\drivers\serial.sys
15:55:01.0682 0x1228 Serial - ok
15:55:01.0713 0x1228 [ C8738887228B7BFA3B1A906816A8BB12, 328283569201791891D5E9FB3028DB5B9FD93A7BEFC00C7DEBC2CC5731DE64D5 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
15:55:01.0769 0x1228 sermouse - ok
15:55:01.0860 0x1228 [ B1CB58853153397DFFA2D13A81451D09, CC9B3B064711E9B5CB38DC1C84DC410033939848BD31BB0D12F990E8154F357E ] SessionEnv C:\WINDOWS\system32\sessenv.dll
15:55:01.0958 0x1228 SessionEnv - ok
15:55:02.0001 0x1228 [ 67832B68752CDF7FDE56949E4A2E70BF, A72320EA8575A751DF86A1EE7969AD9D548D6185F2520197262E11B79FF8222B ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
15:55:02.0046 0x1228 sfloppy - ok
15:55:02.0193 0x1228 [ E1974A92AC0914A3859359A0A8C82C68, 4908917F72D6E531B44488F06A05915F0DA9767758E44C886F5F93F46BA79654 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:55:02.0282 0x1228 SftService - ok
15:55:02.0387 0x1228 [ F10E5536E1C753E01CF19FA4F466CE90, C9897F22B176D84CA233F864078895E3DAD4DAD090FACBB01BD6E59EE337B47C ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
15:55:02.0509 0x1228 SharedAccess - ok
15:55:02.0590 0x1228 [ 4AC12D495B3CB4275F74C68A7A017561, DC53EBD606ECCD8BCF6D618C0EB58B03F5C20F09E0F0AEDE9B8082D6B208B19A ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:55:02.0756 0x1228 ShellHWDetection - ok
15:55:02.0787 0x1228 [ ED058030296CF9B79C8D48BF43724323, 01DC7C2590DF48116CD1A126F207FE5DE439A53286BAE3736E22EE3D1CA80BE3 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
15:55:02.0828 0x1228 SiSRaid2 - ok
15:55:02.0854 0x1228 [ 633D3D1581E9DCCD5A2D8F039104C9A5, C44B5097016C2AEC8B41F77425FE44413562F9DCF0C0C11CA69D8178970B4706 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
15:55:02.0898 0x1228 SiSRaid4 - ok
15:55:03.0015 0x1228 [ 9A66A87BBC0EC4463042959B7C0D4AC1, 2E61DC50AD4A4D4782F3271BAD010137DA9A6AFC46C7568C709F68C7621DCD40 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:55:03.0130 0x1228 SkypeUpdate - ok
15:55:03.0181 0x1228 [ 35B8FC714C2E7F07F7DC7C64452153F8, 6D45EB01B5F972ED0E5520E771F007FFEE892054FABDB3DD00D3E9915D3A0A31 ] smphost C:\WINDOWS\System32\smphost.dll
15:55:03.0227 0x1228 smphost - ok
15:55:03.0257 0x1228 [ DE3A5C27EC842A113F68A2705FF63B00, B134EF63708A892B673B539F544F7980FF72838D822E8E4CCDDB359B22CB8805 ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
15:55:03.0328 0x1228 SmsRouter - ok
15:55:03.0376 0x1228 [ CD1056818A6FCEF4D32BD1D6E34070D5, F5BFB61ACB220A73B0DC4487B049F52E9F9FA2D4188C001E7A5838D47CEA6343 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
15:55:03.0408 0x1228 SNMPTRAP - ok
15:55:03.0443 0x1228 [ 187B4AD4446C59F8FCC4A10F473EE3D1, 0AAD961B3D7B3484DC89CB86F3EC96CEBFABB7224A5BFB48083DE8F1805EA7B4 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
15:55:03.0495 0x1228 spaceport - ok
15:55:03.0516 0x1228 [ 2799FCA215919FDC9A87C5FCAB530828, BDE968BF26693AA4D70AB669896BCA49C6F533EA226386B35B0EA589A55227B5 ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
15:55:03.0560 0x1228 SpbCx - ok
15:55:03.0638 0x1228 [ 58C17D92AD61EC7A98B05F4FAD0D205A, B881134A1BD9194145A9D18BDB34D57E2C167F06C2A9368459D0C33E6E0D6501 ] Spooler C:\WINDOWS\System32\spoolsv.exe
15:55:03.0789 0x1228 Spooler - ok
15:55:04.0313 0x1228 [ 5C31E109943E67CFC801810C00AB63EE, 9A80D7CDA1135EBCE10E753986A59CFA3D8D49F9B0BE38FDF99880B1DD88C41D ] sppsvc C:\WINDOWS\system32\sppsvc.exe
15:55:04.0654 0x1228 sppsvc - ok
15:55:04.0713 0x1228 [ AA1F23501511EFE9CF9771F6B20E8D45, E786852D9877CCFD35444F8FC694467132F868D87A8C344FD1016FFDE74695A5 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
15:55:04.0812 0x1228 srv - ok
15:55:04.0883 0x1228 [ F5B169EDF9D5E3C7200D89D30E065D13, 12BAF3A3CB76F0900FA53681C9AD16F40308F493BA22C0F60E1E268D0D6AF825 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
15:55:05.0013 0x1228 srv2 - ok
15:55:05.0055 0x1228 [ 2E142E027F0AA698BA4DCE49CBDB43CD, A21027BBBC75A55A8B302D028113A0683016E4C72790A8C561DDB1AE7FDB4289 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
15:55:05.0132 0x1228 srvnet - ok
15:55:05.0169 0x1228 [ BF71B3FB5B7557CB740CDB09C5FB50D9, D6F9E65FDC9C4ADAFE82D94F71A1F5960DB3BEEBF4FE5B2D087515C4FAA5F287 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
15:55:05.0268 0x1228 SSDPSRV - ok
15:55:05.0320 0x1228 [ EF1BC04215C201ADA3F7F5A2F034EA21, E1A7A0FA2032B9E7D3951100E74C04D93CD848C88D23D57FBA0BFA2816B29C61 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
15:55:05.0413 0x1228 SstpSvc - ok
15:55:05.0465 0x1228 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:55:05.0504 0x1228 ssudmdm - ok
15:55:05.0740 0x1228 [ 78760751FBCB900F6F68CA1700DAE2DC, 356914797056B11745E18ECD033B8DC801C3C3DD6C5127FCD430A02C4FDD34A9 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
15:55:06.0238 0x1228 StateRepository - ok
15:55:06.0270 0x1228 [ DDE064A4298FD1FBF804D3ED691E7EDB, B0D117B1FC0DA2CB76F5F63699E2F108930B6C6721AC443111D48215ED624278 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
15:55:06.0309 0x1228 stexstor - ok
15:55:06.0375 0x1228 [ 60F04DF1AB55D6D4BDA02052DD20537E, 52996EDF2C06968DADC9BDF24E4039929B81643493C7193B8CC4A6BD1A3AE761 ] stisvc C:\WINDOWS\System32\wiaservc.dll
15:55:06.0520 0x1228 stisvc - ok
15:55:06.0605 0x1228 [ 32C95F44108C3E7DB58F773346E3C9D0, F852D8ECA06080EA6DE1A90509071965A750D9CFC9627F0D4DB8ECC57133B0B5 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
15:55:06.0654 0x1228 storahci - ok
15:55:06.0699 0x1228 [ 8883C8CE4942A99B84E1CC6EFA19738E, 60C1CDA4382F8EE70D810DBB1BCAF5F389433563FF23EEB84859612F396D8CE6 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
15:55:06.0741 0x1228 storflt - ok
15:55:06.0775 0x1228 [ AE7B7E1E95BFB9340B1956C98CA52C81, 3E0214A0C486C1CD05D9BC57E58A998A3CEADDC1D24AE2A75098F56B37069160 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
15:55:06.0819 0x1228 stornvme - ok
15:55:06.0844 0x1228 [ 63513EF3121689B3A59BD217618A2E42, DE9B89732801DEC60BD116D58CFB427F7E37F093BE8A9F6E0CAC729B5346B314 ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
15:55:06.0902 0x1228 storqosflt - ok
15:55:06.0958 0x1228 [ CC96FF061C772340F2ED89ABBA567ADC, 028CD44405B7FAFC7BF331DD729E44E0594A63386F48CF39D7725A58B3DE22D6 ] StorSvc C:\WINDOWS\system32\storsvc.dll
15:55:07.0069 0x1228 StorSvc - ok
15:55:07.0088 0x1228 [ 000F5CFCEF0F06DC8FD1D2F568E48AE4, C1FE485E57A1B912CE79556E0EFF03CC11362E7966D250E3AA4962DCCB8F8EE6 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
15:55:07.0128 0x1228 storufs - ok
15:55:07.0149 0x1228 [ 7415087F9006D6818F85F3CBD79B1A50, C768EBB2263375D285D689FEEF546147D42D7376977424A4D6FD655CC78EA7CD ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
15:55:07.0189 0x1228 storvsc - ok
15:55:07.0212 0x1228 [ E49858EA5865A015EB78B7F7C1C07DE2, 1ADBBAC2D2E2E3C40AB0BDDE068001E76A8DAB79C54F06479F7A4567DAD7A7A8 ] svsvc C:\WINDOWS\system32\svsvc.dll
15:55:07.0281 0x1228 svsvc - ok
15:55:07.0363 0x1228 [ 802278EE4ACCE9EA1F1481DF20EB1667, E78F0DA2CA0B2C2DF3B7E3B2A22C03380FE649813EE6EB31067C5FB6727DB7BD ] swenum C:\WINDOWS\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
15:55:07.0401 0x1228 swenum - ok
15:55:07.0463 0x1228 [ 313D2C0DBA0B23A8302254FD317D2EC8, 20B98D6F33FEC7ACBCEED9757A3FEAD837FA7BA378BA25575A33EA45E076FC6B ] swprv C:\WINDOWS\System32\swprv.dll
15:55:07.0595 0x1228 swprv - ok
15:55:07.0645 0x1228 [ 12D0CB1DCAE6725B6CA54CC2038C4C8C, 7D224298E440B8C5FDD99A52485A6245DE5109C9A02E65AD38F1EC6DBF4AEEF2 ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
15:55:07.0694 0x1228 Synth3dVsc - ok
15:55:07.0799 0x1228 [ D5B31B2F14848015C211F1D674A82F3A, 58C18254C817693DB727090D1CC518032B3A67C5B3FC7F2F8CE4613A33790CFA ] SysMain C:\WINDOWS\system32\sysmain.dll
15:55:08.0070 0x1228 SysMain - ok
15:55:08.0146 0x1228 [ D5AAA188C70146977CFEE8D128599F3F, 9ABC30982E552EAF41FE84397EEEE5A3187444062C662D7CF35A03E3B274AFB8 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
15:55:08.0259 0x1228 SystemEventsBroker - ok
15:55:08.0303 0x1228 [ 95875059929EF91B55EA612D7967DD3D, 5F734209C8C9725376F7C146ED84999CC6D019C4C10B1795F53E72BE8853E2DD ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
15:55:08.0393 0x1228 TabletInputService - ok
15:55:08.0440 0x1228 [ FE33F417DFD9847CB571D3C7EE5FA7E3, B3C7BE7998B9B093DD969A2588EE8CEBD9771331A63D4B1D86A188317B5EE71C ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
15:55:08.0541 0x1228 TapiSrv - ok
15:55:08.0740 0x1228 [ 7EBD20284AC9BF9F0A020B86769BB074, 26D8CC9C1EE069BB617973BA7CBCFC36BAF1EABF975F395077547F930197A56A ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
15:55:09.0034 0x1228 Tcpip - ok
15:55:09.0222 0x1228 [ 7EBD20284AC9BF9F0A020B86769BB074, 26D8CC9C1EE069BB617973BA7CBCFC36BAF1EABF975F395077547F930197A56A ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
15:55:09.0494 0x1228 Tcpip6 - ok
15:55:09.0542 0x1228 [ D378A1AF58AFA84BB6AC753F2C1BE9F4, 8BBA623193D51E6A8DD0627FA08C93B918EF1BA2EEBA46CDBB86FE6A1007FDEE ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
15:55:09.0598 0x1228 tcpipreg - ok
15:55:09.0652 0x1228 [ D42AC03ACF9CA67693D1D9BB4D2A0BC8, D39D5180F3CDB23B4551A8C98F3C92A960B4CC9FA48E0FE11A6D89B0C247783F ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
15:55:09.0699 0x1228 tdx - ok
15:55:09.0722 0x1228 [ CCDBD2817C10A4F631280CBB3AE44FFB, A022DEF4D3CF75F41FA26275347F4BA38A513AD32FF18385C2E756DECB61D404 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
15:55:09.0762 0x1228 terminpt - ok
15:55:09.0843 0x1228 [ A0608264209A836821D6AB8C67B108AB, 7912C75F72BCAB7426A2E00C597C8D94C185B5DD31BD6C4BE5D56FECD5B0D9EA ] TermService C:\WINDOWS\System32\termsrv.dll
15:55:10.0017 0x1228 TermService - ok
15:55:10.0044 0x1228 [ 261830B1E3650E4471E1F98850B929B7, D281B8A93315E64C7AF5002E5BFBE6AFF8B35FD6AA747AE07D7AA96F4AFAA613 ] Themes C:\WINDOWS\system32\themeservice.dll
15:55:10.0135 0x1228 Themes - ok
15:55:10.0213 0x1228 [ 8D23F0819A00C547814409B734DD3747, 0E1B25A53C84486F8A57F309F3C016114F90F5AF5E576889BD230931F38594A5 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
15:55:10.0342 0x1228 tiledatamodelsvc - ok
15:55:10.0378 0x1228 [ 354DAA630928CD4DA2BC84A0DA4ADA9D, AFAE4948EA4F899267DC52DF9A06450FC3E77083B563E541581DA90685C7E98C ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
15:55:10.0462 0x1228 TimeBroker - ok
15:55:10.0529 0x1228 [ F4AEDABC8F3A9D632F8206D0C7F8CA09, 6E76749CD4B857B4D930267E3CF448AF4D14FAC851873C5E71572E62CAD2FA36 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
15:55:10.0590 0x1228 TPM - ok
15:55:10.0618 0x1228 [ 2D0338A3009075FCCB119CB7F3280F82, F42F3B8DA0F8B2C99892E66CDEF471A1CD30A30CF437ADFF464A2C786A6B87A6 ] TrkWks C:\WINDOWS\System32\trkwks.dll
15:55:10.0685 0x1228 TrkWks - ok
15:55:10.0767 0x1228 [ 62D6A900C5DFF2ECF131384E5A5C85AB, 1AF1FB868C59DFF452E3351EE5070B2C746DE606B9E2F1834CE2256F41ABE7A9 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
15:55:10.0837 0x1228 TrustedInstaller - ok
15:55:10.0871 0x1228 [ 676C801CAA61AADD0C918CC536A74B78, DB5DEC9445272E46D32DC2A9A99A9AE45729E424E61C679ECFD973AA88457BE6 ] TsUsbFlt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
15:55:10.0927 0x1228 TsUsbFlt - ok
15:55:10.0951 0x1228 [ 2BB6CC0DD1CEE86330743B56FA9FE91F, EE71E3DEECA7599947AB09E8967FE8066348D82B4C17D8CBE800FCDE9CF4989D ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
15:55:10.0996 0x1228 TsUsbGD - ok
15:55:11.0035 0x1228 [ 14B46248612DF1B1A695040FFFBCFAFC, 8C373A3C416FC9AB3872A187E64AC7A6E69FF605BD8784E8F2B1C28C293A0495 ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
15:55:11.0113 0x1228 tunnel - ok
15:55:11.0139 0x1228 [ D0BE5EA1652D55029C9A898FB8ACFCE0, 80C4BC30B967C79B3457F43EB9B530CA2571C6158958879AC55E5A81F71CFF15 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
15:55:11.0183 0x1228 uagp35 - ok
15:55:11.0212 0x1228 [ 13C15E4B238895FE4731DB1D612EEB5F, 211E4B05AA09F7FBE2487C3241A98D1F970FEE5B9B1BAED2788B57233BFC4104 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
15:55:11.0256 0x1228 UASPStor - ok
15:55:11.0280 0x1228 [ BEBB8B55C5F99B69EEE39A9D7BADB21E, 08A094EA38AB58CC70108A3BDFDD3251897DC4B13FDDAD54C1B063137836EF34 ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
15:55:11.0339 0x1228 UcmCx0101 - ok
15:55:11.0371 0x1228 [ DE3EDAF609D00EA2E54986E6459796A6, 61A9AB51869F38300CC5CC5D302B962FB966F54CBB2E393954F36372B3A479FE ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
15:55:11.0429 0x1228 UcmUcsi - ok
15:55:11.0462 0x1228 [ FB1C1D8B96A482F3581338D6752E1D6C, 0FFAEE3E088614B3483C459513BB9D78EB76B574696FD877A3CDF6A11378F46C ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
15:55:11.0519 0x1228 Ucx01000 - ok
15:55:11.0539 0x1228 [ 4E1543ACE2F6E2846713E5123D9D4159, 1A6AFC525A80D1F19B14CDAD38790DF7293911C4D0E8301161D92201B934C3D4 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
15:55:11.0597 0x1228 UdeCx - ok
15:55:11.0747 0x1228 [ CDCA9CC1D8293E75218D8FF85F2337A4, 173086C08DDC7625E026E425F1E2B5D6C795771BEAE9BFF6093E3592FBEBD323 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
15:55:11.0853 0x1228 udfs - ok
15:55:11.0881 0x1228 [ BC683E19307C533C7161DB7A58051347, 5553BE3421986FDD9992EBFD883CDA151F7166C01BBFA3E9183A3C93E41D79B6 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
15:55:11.0920 0x1228 UEFI - ok
15:55:11.0955 0x1228 [ D14B42C26DE402F316D49667D15446F0, 61CC9FF03EF78631C800EFD8D587975CB94D53DB80E6F60BD13BA52EC5690D3D ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
15:55:12.0024 0x1228 Ufx01000 - ok
15:55:12.0049 0x1228 [ 192470BE4321791FBB25F379D0141D6F, AD120F8F98BD99014471CE60630B5FEE7555AB261C98B7D9819FE23C386655F7 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
15:55:12.0094 0x1228 UfxChipidea - ok
15:55:12.0125 0x1228 [ F7BD838E84E6B286DBCE068EFB8C0800, A55188C8F8BDC739A7ED7D29CDCB2A17468BBB158E13D804963B31ED73449520 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
15:55:12.0174 0x1228 ufxsynopsys - ok
15:55:12.0234 0x1228 [ C844E39B900FFA46CA8DD2BBA670A077, 0CB6232BCE47C59821DF25D6ED33E85C3E32DDAB101AA8A2C22B5401E73F5D5B ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
15:55:12.0304 0x1228 UI0Detect - ok
15:55:12.0328 0x1228 [ A25842AC180F0E8B02380ECB8ADA1AF5, AF22E7559C5EF8DC22A2B9E27FFFFF075B1D1B68A8307266BD9473E0FAF36BEF ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
15:55:12.0370 0x1228 uliagpkx - ok
15:55:12.0395 0x1228 [ 21088F43172525C7E02D335A3327F46C, B04AD471A7DFE83AB557DB4540616B7DF4A1904F8BDDCB920D449FCEE6F36FD5 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
15:55:12.0445 0x1228 umbus - ok
15:55:12.0467 0x1228 [ 294A291B5D48FE8F38DD94B7272442C5, 66C9139636760C92C1E04FCF440C432FF6C5A94E1577CAFE1D61FCF2D30472ED ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
15:55:12.0510 0x1228 UmPass - ok
15:55:12.0566 0x1228 [ 3427889AECC3B6912A0A01D095E32B98, 322AE14B74295ACFC124719BBEF8809201150A184E262EC55E26D2B45787BF9D ] UmRdpService C:\WINDOWS\System32\umrdp.dll
15:55:12.0668 0x1228 UmRdpService - ok
15:55:12.0779 0x1228 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:55:12.0840 0x1228 UMVPFSrv - ok
15:55:12.0963 0x1228 [ 0D5C9E27E93AAEA3E30A1E59A7AC3DFF, 31A203DA03877E6B887930990C5BB53402F0DFFB22A6F8FC5A34EF0B99CD8A7E ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
15:55:13.0188 0x1228 UnistoreSvc - ok
15:55:13.0256 0x1228 [ BD693208673F40BA21AA70B69F1D439C, E324947C2DD34386A83B09E73668F1CCED127AC91194B8BF7EC4C8E36CF8203E ] upnphost C:\WINDOWS\System32\upnphost.dll
15:55:13.0371 0x1228 upnphost - ok
15:55:13.0394 0x1228 [ A7A52EDDC3FAF183D6AC4774690ADF13, 630A0331F2EFA2DC7EFDACD08D8DF5C85BFDA30FF1525050FF54E069AFA45F6C ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
15:55:13.0434 0x1228 UrsChipidea - ok
15:55:13.0457 0x1228 [ 2EEA0897DD9E30E958B508D557F0B5E4, BE051A3AA5DFF56310FAB67AD19AC0443A3580542886EF3554EBE18F1323596F ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
15:55:13.0499 0x1228 UrsCx01000 - ok
15:55:13.0524 0x1228 [ DC54D775A3A61E4CDE871B4E38A1459A, CC996A9D293201BBD285E7B629B12EE88574702B8AC7BB4149439D6A25A07F7E ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
15:55:13.0563 0x1228 UrsSynopsys - ok
15:55:13.0593 0x1228 [ 1DC6166DB6C4FEFE87D9B9105044E5BE, D19B867C0E900B596B4180390A6E4F2ECCBDF8FBD49561C23DBA7D460B8F44A9 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
15:55:13.0652 0x1228 usbaudio - ok
15:55:13.0677 0x1228 [ 18B63A0980F4AA1E6D7879B253980E37, 05F96DBE0A3DE2A685DEEBA8B6838A47AEB7CE2EBE8EB6BAD67B36DCF7E73589 ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
15:55:13.0729 0x1228 usbccgp - ok
15:55:13.0757 0x1228 [ 1C60A1A3C8E1E819E16F12BAEB1C83F8, E255BD173DBF091C5EA07381862E23C1FD761489EC396E312974FBC124E1F33A ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
15:55:13.0812 0x1228 usbcir - ok
15:55:13.0900 0x1228 [ 635686E528F2C9CB916EC1BB04EE6AD1, 080A0F209773232860F510F17005EF92650BA831F69BB0006AEF11A2BB0A4906 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
15:55:13.0944 0x1228 UsbClientService - ok
15:55:13.0988 0x1228 [ 9A3E39F85DC6E3B9F792F1095ACFF788, 66B8E137A5232E9F717907CFD49FE624AE101F4DE14E2960849DABF7A877E87A ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
15:55:14.0035 0x1228 usbehci - ok
15:55:14.0113 0x1228 [ 0A368247A900656CC0678117DFC3A87C, 9BEAD14DA067439D913F609955E95CFA0B88ED4F1BC60B473E00F9D9CBC01B9C ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
15:55:14.0205 0x1228 usbhub - ok
15:55:14.0280 0x1228 [ 1BDA1FD02783566F0B20EB0E2517F85C, 4C86DC962BBE4CA5AE466A37CF647D84CE2A34DA7F861751587841FC10CFA09D ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
15:55:14.0374 0x1228 USBHUB3 - ok
15:55:14.0424 0x1228 [ 72EA850B59F40C25A4FEDDA5FE84EFEB, FB4801AA1FB72FC1C41024916368823E88D53E338640E3BEA865B0F0E7B8EE91 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
15:55:14.0485 0x1228 usbohci - ok
15:55:14.0510 0x1228 [ 47B2B2DE152E25546944049CA1170BB1, DDA0A806D3108B2475AB13F584EA8CE6F0932C5E394C2C3FA691DFAB8A2BCAC0 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
15:55:14.0555 0x1228 usbprint - ok
15:55:14.0591 0x1228 [ 1F72E1A7E1858B7B3FF81522FCEBDE95, 4FAD243DA73C45CD5CA5E50F824F30EF0DC777D83957FD21FF43D8C89EC15AAC ] usbser C:\WINDOWS\System32\drivers\usbser.sys
15:55:14.0653 0x1228 usbser - ok
15:55:14.0684 0x1228 [ CD35467670DF1E6FBF36DA308F0C872B, E1F4F9B1EBD476394CBD0C934842AEE2502B030D97351B0A1E751FF23B011B57 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
15:55:14.0736 0x1228 USBSTOR - ok
15:55:14.0764 0x1228 [ DFA92EA105DD1073B43FB210EEB03DD4, D940432458F0A04F5013B48197CEA0412C8A909C50605AA21DD08271C90E2FE3 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
15:55:14.0810 0x1228 usbuhci - ok
15:55:14.0878 0x1228 [ C67A03F54A1EA683F4880A481EE5FF6C, 346185B378577FF14EFAD01ECB7DFC9AFC0D50F16DF081C3BA99AEFF710A0EE9 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
15:55:14.0959 0x1228 USBXHCI - ok
15:55:15.0085 0x1228 [ 32212C0FE0556915E763C29DEB6D267E, C5BC9DA3AB0C41604E8F3D01AFC2C25351FF5D3967E766DD0CDB4C0239ED6312 ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
15:55:15.0323 0x1228 UserDataSvc - ok
15:55:15.0433 0x1228 [ A2FD4588F579F8671E4AB1064633CB46, A2BBF6AF7D84F5AE01BFFF69F6CCBACFC0651A2DE2BBD226C6D90208298333D5 ] UserManager C:\WINDOWS\System32\usermgr.dll
15:55:15.0588 0x1228 UserManager - ok
15:55:15.0644 0x1228 [ 0CFEA30C0217EE74FF853B2B0CC0BE6D, 1F0856D2D94F46D7B24B7EE18ED868C9EFAE972039D35D1FAA9058A12CF40493 ] UsoSvc C:\WINDOWS\system32\usocore.dll
15:55:15.0762 0x1228 UsoSvc - ok
15:55:15.0788 0x1228 [ 9A83FA0EC9B0DCED2CBC49DD05901920, 14D2F241235E2693C68BCCF05D83F2A1C9A7BE185C83E7C6C63EF0F654892F95 ] VaultSvc C:\WINDOWS\system32\lsass.exe
15:55:15.0834 0x1228 VaultSvc - ok
15:55:15.0856 0x1228 [ 26223003DDFB347B5CF3EC0B56DB066B, 78848BE1334C05F28FA431B08225EAE8345B2C66E7D677F9936892FC941EA961 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
15:55:15.0896 0x1228 vdrvroot - ok
15:55:15.0978 0x1228 [ 0C3F4E7684C1D72E85A98689E65A98A1, F7928D3EFC1A83125887ADA5F8E008022B58F0DBA8A711B4D60975D8CE82B595 ] vds C:\WINDOWS\System32\vds.exe
15:55:16.0140 0x1228 vds - ok
15:55:16.0169 0x1228 [ A417284BC6B5C2EEF63F2C5154473530, 55146660CDDD829630C216038E6500CFAC906E67C82881047B665BFEEB286D10 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
15:55:16.0224 0x1228 VerifierExt - ok
15:55:16.0291 0x1228 [ 4C39C05A72EB14C0567501C7E087E564, D3DC122B7E4A5BD345517FE3A9E9E58CD3C78887F9F327AB782BADCAD0F8F2EB ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
15:55:16.0407 0x1228 vhdmp - ok
15:55:16.0431 0x1228 [ C42206A15078596FDE8E89BB629DE342, B95F9EC2413ADE658A7CE4A9BB57A0E125C29205C24BBB120153DACAF4CF9482 ] vhf C:\WINDOWS\System32\drivers\vhf.sys
15:55:16.0474 0x1228 vhf - ok
15:55:16.0502 0x1228 [ 248D9F911A5C94CF8477125DD0C3A291, 418C7285184BCC9DE4E56175960585867A5DB21FEF761C49FF6F1AF1C07D8088 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
15:55:16.0551 0x1228 vmbus - ok
15:55:16.0571 0x1228 [ 3E98DD4E0CBD6B4F9CBD0E9E0EDF541E, 2B5CF364F4D1D3359FBEA8BB2E72A1FCE1277E8D893977B751D9AC10A27DF018 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
15:55:16.0615 0x1228 VMBusHID - ok
15:55:16.0684 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
15:55:16.0795 0x1228 vmicguestinterface - ok
15:55:16.0840 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
15:55:16.0944 0x1228 vmicheartbeat - ok
15:55:16.0989 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
15:55:17.0093 0x1228 vmickvpexchange - ok
15:55:17.0138 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
15:55:17.0242 0x1228 vmicrdv - ok
15:55:17.0286 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
15:55:17.0391 0x1228 vmicshutdown - ok
15:55:17.0436 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
15:55:17.0544 0x1228 vmictimesync - ok
15:55:17.0593 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvmsession C:\WINDOWS\System32\ICSvc.dll
15:55:17.0699 0x1228 vmicvmsession - ok
15:55:17.0744 0x1228 [ 977603C51C997435D59ECFE7E24E0653, 32AB9BBFFEB73F5282848748B46584238BD1B812A1435F7759180D36B33FE806 ] vmicvss C:\WINDOWS\System32\ICSvc.dll
15:55:17.0809 0x0624 Object send P2P result: false
15:55:17.0850 0x1228 vmicvss - ok
15:55:17.0885 0x1228 [ 91F165C5D71D9DCB18D4661CF10D1084, 1D55C1FF0F5D860E6DB60EEFE303C0797C98BB0B053ECC255F9B316872288818 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
15:55:17.0930 0x1228 volmgr - ok
15:55:17.0975 0x1228 [ 17042748AC05862A0283D32575220080, A85B480CB969CB7678545D2A9EE99CBD2ADFF210FA016A43E092D0711FBB633D ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
15:55:18.0054 0x1228 volmgrx - ok
15:55:18.0098 0x1228 [ 823A237D871CD652C6BFD47BECB6810A, 99310521451CB54C29A5DEA54C3A666F95E2A1FF0979D5F9792885A161E90C65 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
15:55:18.0173 0x1228 volsnap - ok
15:55:18.0199 0x1228 [ 78727FA284C2095EED660D71CD3C9AEF, 323F0BD5A624DF77973F28C7CF31EC6B3A525496EBF063666623A62B1DB0EA65 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
15:55:18.0243 0x1228 vpci - ok
15:55:18.0276 0x1228 [ 2415961D561E02F5E46B7C1C687A6788, 68A54B9595A0D15D410D5F1656B6EBE3B913A4BA5F71C658C9B99420E6ED327A ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
15:55:18.0329 0x1228 vsmraid - ok
15:55:18.0446 0x1228 [ 16419CBDB04DB9FF298169AA93413822, 743AD26F08AF5EFF5DD353E75C3D659B10C3FEC2FEDABB76387B87721B5B98F8 ] VSS C:\WINDOWS\system32\vssvc.exe
15:55:18.0693 0x1228 VSS - ok
15:55:18.0746 0x1228 [ 6AE9A843AE979F2DCCA5A25C07C7A5F8, 3CEC26DE2EEC97929A0FBBD87FF75F8DC387C0988B2047074C8F069ACBEF2587 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
15:55:18.0814 0x1228 VSTXRAID - ok
15:55:18.0879 0x1228 [ BD232C761C59FA8D8EF626CA630E2D2E, E494EFDCE8F6343F49F33F1F03DCD5DEC9CB6F349B1AD302B4D3333B5F6BD8E5 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
15:55:18.0923 0x1228 vwifibus - ok
15:55:18.0947 0x1228 [ 3039687AB65CEE26CF478C1F42FFCD7D, 40E140C6F94B6203767A1493DF8CAE6BA1FB67FBD0C13789444F72410D0E6FF1 ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
15:55:19.0006 0x1228 vwififlt - ok
15:55:19.0083 0x1228 [ EC9B6544C569E8D7FAB91772BD7D23F2, 06CC5F21E9A9DD35099CB3E44C3E2BF2F944CE5B71284E6A85E1B681F12BD31B ] W32Time C:\WINDOWS\system32\w32time.dll
15:55:19.0215 0x1228 W32Time - ok
15:55:19.0298 0x1228 [ 9776E4816D92B766F461957FBDA84360, 048F6ADC97767AFAB50582D0AE1E67A15B038A1C02F7982A6AD30B61AC5C7369 ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
15:55:19.0352 0x1228 w3logsvc - ok
15:55:19.0435 0x1228 [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] W3SVC C:\WINDOWS\system32\inetsrv\iisw3adm.dll
15:55:19.0564 0x1228 W3SVC - ok
15:55:19.0588 0x1228 [ FC40A7527D39F06D032A6553D22E4BF6, F572FCB5EB3DE16FD6222A5B6A43C81E3A1F838890667D9F0453F82FFCA772FF ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
15:55:19.0635 0x1228 WacomPen - ok
15:55:19.0693 0x1228 [ 2CFE8CBE358CC4D5715E010E3B13559F, 54E9BFCE202FA123EB261C226094054950429AAFA304AA714F461B003E070BD9 ] WalletService C:\WINDOWS\system32\WalletService.dll
15:55:19.0821 0x1228 WalletService - ok
15:55:19.0850 0x1228 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:55:19.0912 0x1228 wanarp - ok
15:55:19.0927 0x1228 [ E9E22E116F810DAC98C5EC207F24C916, C518DC57CECA5174E7695F5632555FA08571D5F3A7D6B0C295BA4221AEA67C04 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:55:19.0988 0x1228 wanarpv6 - ok
15:55:20.0040 0x1228 [ F61FA0EDBE913DFCA0CF012FDD9E99EE, DE8685230D49F940640F400D2EC4F10E677AF6D57B3FAB0342AA98BEA779D6AD ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
15:55:20.0152 0x1228 WAS - ok
15:55:20.0287 0x1228 [ CF9EF65FA66B0F4982FD1FACAB3009B6, 681C1CD5DCAF87EF436B907534E98B0AB4F66BD62E46B8977A7880B854766A27 ] wbengine C:\WINDOWS\system32\wbengine.exe
15:55:20.0556 0x1228 wbengine - ok
15:55:20.0628 0x1228 [ 8F2B0ED6FCA72B34BEEA37E32D0EE106, A86C641A13FDF056B7BA13641551582199DDB08E9490003C74D999518B097C00 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
15:55:20.0769 0x1228 WbioSrvc - ok
15:55:20.0847 0x1228 [ A40484AC27EE08DBE7F8DA5E1F6651ED, E3259694450C4F1DEC5E0EA5E23BF3A51F1819374DF47FECF70282AFD46114A1 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
15:55:20.0995 0x1228 Wcmsvc - ok
15:55:21.0040 0x1228 [ 8E7FD07D2C82ACBCA52C4100C20F6542, FB2CD88557ABB5EBE6555CD4E41BF4BDC6FE6BCF26288338F2FB034B966FCBD3 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
15:55:21.0148 0x1228 wcncsvc - ok
15:55:21.0156 0x1228 [ 9C776ED423CD03F8ABD54C2557E34416, 282C1208977070EC0280D5ABA0E03A847AEAEE31F35CDAA3C7A02D8477614EB1 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
15:55:21.0191 0x1228 WcsPlugInService - ok
15:55:21.0210 0x1228 [ C8BA574B3BA6AE88741AC86B1FE3C1DC, B2422CDE3A6A27B52D270D24298FF69D91D389C68456EC1805BA30AA59BAB839 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
15:55:21.0232 0x1228 WdBoot - ok
15:55:21.0281 0x1228 [ 927AD29D7F91B9A0C5294932374DA15E, ABB2722EF4153771D15683B5CE603D2B7D8A585357F64A3DC26114F37BE2906E ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
15:55:21.0349 0x1228 Wdf01000 - ok
15:55:21.0376 0x1228 [ C5BB7C612B4C852836BEA39593BA5F46, 1E2B123F34500C2A8E983AAAF7F14E409B88DC396A655F19F3E7F15D0C51A762 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
15:55:21.0410 0x1228 WdFilter - ok
15:55:21.0427 0x1228 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
15:55:21.0468 0x1228 WdiServiceHost - ok
15:55:21.0477 0x1228 [ 9E0442D3880438D006D95C6F63C27274, DB1ED2BCF9986495EFA8A0B3B0156119F2E4F77AE9BDC6377ADF3A6B53C658F6 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
15:55:21.0518 0x1228 WdiSystemHost - ok
15:55:21.0561 0x1228 [ 9B2039C5673EEBF1D4E34ABC0AFB88C7, BBC85546BD86B9027426DAF148194CFE992B80FF89311B28BE0BD82C88630E8C ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
15:55:21.0642 0x1228 wdiwifi - ok
15:55:21.0662 0x1228 [ BD193A7BD34B2E829FAF56306FEE3B09, ADD746D198E21242CEFA01840952B792074EFC473113CD3E7F1ABBA6A4E26AF6 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
15:55:21.0687 0x1228 WdNisDrv - ok
15:55:21.0722 0x1228 WdNisSvc - ok
15:55:21.0737 0x1228 [ 6A3B5013D5C7840E8CABD63DD021C112, 371CCEEAC7816CFE79ACA8A218CDA16469D9567CB63CC9D18C55FF047011EF25 ] WebClient C:\WINDOWS\System32\webclnt.dll
15:55:21.0788 0x1228 WebClient - ok
15:55:21.0803 0x1228 [ EED4043BC3C2D00067411730EE118354, 5E268DA4DB78C06D8F181E9408B4769F8A12C38DA52C1E986EE0CEE1101E9485 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
15:55:21.0849 0x1228 Wecsvc - ok
15:55:21.0857 0x1228 [ 6ECD7A49AFC6533821BEEA1876CEB21D, 2E972245F56F589EF1AB9DABB9214B9DE6E290878735476323A3357D8CDFC71F ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
15:55:21.0893 0x1228 WEPHOSTSVC - ok
15:55:21.0910 0x1228 [ 09B434867028AF4895A87959EA668686, 26A7DB82E42DCBF3A77092D58AC6392754FD7C538B9EAAEFA88E9AF81DFE8E96 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
15:55:22.0010 0x1228 wercplsupport - ok
15:55:22.0031 0x1228 [ DE4E417B867841EE55114E588098B8D5, 878708C93FC1D919E2B9E1C5F94A0EAFC5F28BDAA58D3F29DEEDC8EC3F72D9ED ] WerSvc C:\WINDOWS\System32\WerSvc.dll
15:55:22.0122 0x1228 WerSvc - ok
15:55:22.0133 0x1228 wfpcapture - ok
15:55:22.0171 0x1228 [ DBF5255B759212E5217A2748567A0B5C, 5E81A9289EC39702179038B686A35FADF9974651E74222F3354B4CBE919887B0 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
15:55:22.0222 0x1228 WFPLWFS - ok
15:55:22.0239 0x1228 [ 4CD8826BB8320741842A9E53E48AF2BC, 97B22D9DCD0FD31D3A801946173369B0E70B1850576682C8A8180874A61CAD1A ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
15:55:22.0301 0x1228 WiaRpc - ok
15:55:22.0346 0x1228 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\WINDOWS\system32\DRIVERS\wimfltr.sys
15:55:22.0387 0x1228 WimFltr - ok
15:55:22.0430 0x1228 [ 4375BCBA419D19695CF566082CEF27D3, 6F86FA14B41A03F2BA51B8702F3D59B85FD488405601FA177495E4B7C576850D ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
15:55:22.0470 0x1228 WIMMount - ok
15:55:22.0480 0x1228 WinDefend - ok
15:55:22.0523 0x1228 [ 037BC6DE5F58D4A74A5BB0C12DCECDCA, 92921A2615A41C434BADEB33594DABC166FC9418FBD311A3B2022410B14BFDAC ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
15:55:22.0571 0x1228 WindowsTrustedRT - ok
15:55:22.0592 0x1228 [ 70BCD70BD53F2FE660ED94B025A043EB, B23B96DCAB30C62CB1651B3A2292155AEE8217CE3120574F5158D5E7DA09DE56 ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
15:55:22.0630 0x1228 WindowsTrustedRTProxy - ok
15:55:22.0724 0x1228 [ 8921ECEC2C7D1B1333D77325C60D3AEA, 67C6B6A92B34D99165B5591D0730322C31E967E599BA44924249BF5AD505C132 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
15:55:22.0901 0x1228 WinHttpAutoProxySvc - ok
15:55:22.0929 0x1228 [ 7792AE5403BF8975B6460DFC3428D129, D88F77E973D58C2CA629CC9249877A34ABF31CA1DC2A570666921A8A0DC8DEC7 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
15:55:22.0967 0x1228 WinMad - ok
15:55:23.0056 0x1228 [ 73B5230F03DC7002A70F11EA1B0BAA37, DFE8BBE52B58589686E402ACED51021E298A491F907EBA5689DF9DAFC3002BA5 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
15:55:23.0147 0x1228 Winmgmt - ok
15:55:23.0364 0x1228 [ 2FE85D6AFF90F56A78743CC93B9CA684, B515765C4EE64E7EC16BD6AF037C084CCA6E81180AEF59E18F260406ABE6DF58 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
15:55:23.0754 0x1228 WinRM - ok
15:55:23.0815 0x1228 [ 811F30EB6EE8318C4171CB95AE30B9BD, 765F6BEA3D35D523B5D7ED7356EC0C97A48066A5C4D77C1E6EDAC6F220153385 ] WINUSB C:\WINDOWS\System32\drivers\WinUsb.sys
15:55:23.0866 0x1228 WINUSB - ok
15:55:23.0888 0x1228 [ DF00381AB8665D48DE3FF794BC6760AB, 749AC7048601061A34BFF507B574AF028FC662C0A98692E7331E667D105EC09D ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
15:55:23.0930 0x1228 WinVerbs - ok
15:55:24.0108 0x1228 [ 3C096082A9232B7CEE4653B9C9031769, CFD4C7D0874097ED70735FD99206F21C12749B7956C4B5D4287F160EC6A21DCC ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
15:55:24.0452 0x1228 WlanSvc - ok
15:55:24.0643 0x1228 [ 0968D575D9108497A6DC37749D4A6C4F, 8BFEDBE642DA0FD8AC1E60180C192527F3D36E43089090A7BB6D8B27AB6E4F7F ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
15:55:24.0971 0x1228 wlidsvc - ok
15:55:25.0000 0x1228 [ 623ED8E10DFEEAB7AE2CD11A0451DB79, 7DDE15F22FD24556D4765F6CFD0F8E2F27370A89A962919646DE2613B33D43D6 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
15:55:25.0043 0x1228 WmiAcpi - ok
15:55:25.0084 0x1228 [ B2BB87531C4127ED4120E9BF5566827F, 1DDC0F00F215D77D3698F81B56D4488F384E9D017267840EDFA4846742B99B6A ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
15:55:25.0151 0x1228 wmiApSrv - ok
15:55:25.0187 0x1228 WMPNetworkSvc - ok
15:55:25.0231 0x1228 [ 78CA1FF6FE37EEFAFF99DD1C956AF60A, 883C7890C83BAB3B846A0C969D7B67031BD2EF65FA58A0620DD0CD1655C5B2C5 ] Wof C:\WINDOWS\system32\drivers\Wof.sys
15:55:25.0295 0x1228 Wof - ok
15:55:25.0470 0x1228 [ C7503A49364DB2AF7A7DE177B233081F, 85DC6D8B5631E51FCF395A884F58571A96C8C55C38CA9ABEBD9C75BABAD21E38 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
15:55:25.0777 0x1228 workfolderssvc - ok
15:55:25.0811 0x1228 [ 388F2A3C771B8BEE76FD1AAF9614D08E, C064EC6136CC20C4EE19C86E91CA071974933BB52C9EF8521DF4AFD060FED4A2 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
15:55:25.0852 0x1228 wpcfltr - ok
15:55:25.0910 0x1228 [ A6FCFE1F691B4A4D266F5D487FADB9FE, 2135D0C13C1295A2F76885E380CD72CB71CEB8E0D9F1C183A35935B27737D423 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
15:55:25.0980 0x1228 WPDBusEnum - ok
15:55:26.0006 0x1228 [ 37DCE976B3935380F2F6E39ABB6BF40D, B14E875F6D6503DF0DB6D9D2363316073AEEF394D830EA2270A0DCDA56E1CEC4 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
15:55:26.0044 0x1228 WpdUpFltr - ok
15:55:26.0065 0x1228 [ 80F0154FD4293E562D54E97811E03499, EDE920F7F95EFBE542FE3CE066B6F7CDE3B9A37DDF3411DC86EACE9EEF294C1D ] WpnService C:\WINDOWS\system32\WpnService.dll
15:55:26.0129 0x1228 WpnService - ok
15:55:26.0142 0x1228 [ 3CD22DD5A790CF7C24D65455E565EA83, 49DB06DF6F38940E7F8691C16586A78BB20E702FD48A34E50987C06B08BDF4DB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
15:55:26.0195 0x1228 ws2ifsl - ok
15:55:26.0219 0x1228 [ EBA916109A176714E6A7BD152387F13C, 7B38B1708B83271ADA8D1CEC7F5F0A75C7F2572185C0961EFC749D5DF16A03F0 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
15:55:26.0304 0x1228 wscsvc - ok
15:55:26.0328 0x1228 [ E392DFAF6D0DEFC812ECC727A61F91C5, C28B6CC8AD034157CE92C7F098A9C12ADED2769E6AF954A9AAD10CC0E811DD2A ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
15:55:26.0373 0x1228 WSDPrintDevice - ok
15:55:26.0387 0x1228 [ 0902C63D8C836EA4D0876FCD8D627701, 0173F83CF8DA9C6D40C64CE88BF1A40EB634008D3D48F74E4E3BBBB11F1CA8D1 ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
15:55:26.0434 0x1228 WSDScan - ok
15:55:26.0445 0x1228 WSearch - ok
15:55:26.0722 0x1228 [ 9EB85802AB625970E05879D15DE56335, B7DCE5E1924A5CEE76CC07FF3B8CEDBBD0DDBB4C4ED0A3BFB8D1ABCAD7C0AA23 ] WSService C:\WINDOWS\System32\WSService.dll
15:55:27.0117 0x1228 WSService - ok
15:55:27.0327 0x1228 [ 4787FD0852F34388200A44CBCFA0CE1E, 0664DDC80C859D109B54AB856D1B323A4AE0C9652CCD43582663B1285D434B1F ] wuauserv C:\WINDOWS\system32\wuaueng.dll
15:55:27.0674 0x1228 wuauserv - ok
15:55:27.0709 0x1228 [ 835F60262E7E310080EA05F6752BF248, 3010B731DF3D52B56EA16FD29B66F5D3AB9412E49CA4C547BAAECA3225C5DC40 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
15:55:27.0765 0x1228 WudfPf - ok
15:55:27.0802 0x1228 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
15:55:27.0872 0x1228 WUDFRd - ok
15:55:27.0898 0x1228 [ 44CF3130AEC8914705487C4AEF756A19, 30B09E32DEC02141F9B99ED012E441056C1663A72E4130EF4221ECC0ED87BF4B ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
15:55:27.0967 0x1228 wudfsvc - ok
15:55:28.0001 0x1228 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
15:55:28.0070 0x1228 WUDFWpdFs - ok
15:55:28.0099 0x1228 [ 4E848DE29E4279C7F25EF5B34ED94FDD, FD7B0673F4CFA6EB66D7212288223419BFFA02EBF1F1D85F155B5397C6FB21E9 ] WUDFWpdMtp C:\WINDOWS\System32\drivers\WUDFRd.sys
15:55:28.0168 0x1228 WUDFWpdMtp - ok
15:55:28.0277 0x1228 [ D23F211E1AA0787EFEC373D172D4A1C2, 6CCAB272D121C9946B2CF6B19F50E09946F0187713D54BFBD371B5C017367204 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
15:55:28.0510 0x1228 WwanSvc - ok
15:55:28.0589 0x1228 [ 9BDC2AFCEF4CF1C630D728DE1DBD495A, 5CE19974380CCEC46C181315B349E9A7CE757E19118EC5978A2293D63268BA66 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
15:55:28.0768 0x1228 XblAuthManager - ok
15:55:28.0864 0x1228 [ 3EDB6162310EA223890C2DF44C68358B, 12053291809CA9C38A30EA4B2DE7115F535531F0925220C63B0312979F9CC707 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
15:55:29.0070 0x1228 XblGameSave - ok
15:55:29.0117 0x1228 [ 30021D1E0407B71E8D5D4F8DAE4E656A, EE2E366A1CC033C068176C7E9F876FFA0EF86A15A482B6964E170DE863CFF542 ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
15:55:29.0199 0x1228 xboxgip - ok
15:55:29.0281 0x1228 [ 729B70C81F207541BC6A4ABAE3A8D594, 31F9BC41169D28B397C0D988C367C32FA9A95289E68AB8F38061DA478752A765 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
15:55:29.0463 0x1228 XboxNetApiSvc - ok
15:55:29.0492 0x1228 [ 6851673B90D8CB332439E0339F81A6B6, 4E95F1A63E6DD58BB5BD6FC1D9784837D5E6F5BCF870C7ECC92DCA1AF20B6A4C ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
15:55:29.0535 0x1228 xinputhid - ok
15:55:29.0543 0x1228 ================ Scan global ===============================
15:55:29.0590 0x1228 [ C6BC6E49A7F76AA2BBA58CD08196755F, D02B6B285899E966D19323566A4780D51303D00E66674D7FF4B61991430A69A6 ] C:\WINDOWS\system32\basesrv.dll
15:55:29.0636 0x1228 [ 70EC9717DC3A1CDF79C703A145E0E5B7, D5ABF42063DFF799FD4099D8A347256CC79B89582B987B3DEE240AFA5BA421BE ] C:\WINDOWS\system32\winsrv.dll
15:55:29.0690 0x1228 [ F435AFA375ACBAEE44324DD464EDCC11, 815DE470439AE5D96348BEBF971A14FBDCA1D36F31CA0D25F69E5F41817D43D5 ] C:\WINDOWS\system32\sxssrv.dll
15:55:29.0745 0x1228 [ BB3D8E1C108F7244613FF3993291A922, 1642AF23F200D46F54239C3BA743F1D5ADDC6A32D5F6481264D0C1D7F3E9D533 ] C:\WINDOWS\system32\services.exe
15:55:29.0806 0x1228 [ Global ] - ok
15:55:29.0807 0x1228 ================ Scan MBR ==================================
15:55:29.0827 0x1228 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:55:30.0287 0x1228 \Device\Harddisk0\DR0 - ok
15:55:30.0288 0x1228 ================ Scan VBR ==================================
15:55:30.0296 0x1228 [ FD38E1549D1EC6E61047D358A7F3588D ] \Device\Harddisk0\DR0\Partition1
15:55:30.0338 0x1228 \Device\Harddisk0\DR0\Partition1 - ok
15:55:30.0347 0x1228 [ 594CAA7205D52CF987EE2DF5E2DB595E ] \Device\Harddisk0\DR0\Partition2
15:55:30.0389 0x1228 \Device\Harddisk0\DR0\Partition2 - ok
15:55:30.0392 0x1228 ================ Scan generic autorun ======================
15:55:31.0000 0x1228 [ 901A91A3527F4F5212CF6B03C21DAD82, 246BF06652DEA48DCC486496587E08FCA3F45A0EDEFFAE13251514CE6C46ED4B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:55:31.0693 0x1228 RtHDVCpl - ok
15:55:31.0791 0x1228 [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
15:55:31.0831 0x1228 BCSSync - ok
15:55:32.0068 0x1228 [ 912993864DE980DE79E2317B109298AE, CD01E488E6331D0F00092A6F5B4B62F3404C9C5F0736887849AD215730C072D2 ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
15:55:32.0326 0x1228 CanonMyPrinter - ok
15:55:32.0422 0x1228 [ 9B5E7EFF0485F39A9663314667D97049, 87F56BD7E309F34BB8D99DFA493B775FAA81DCC7B8D9BD8A9A4696398453AED9 ] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
15:55:32.0492 0x1228 ATICustomerCare - detected UnsignedFile.Multi.Generic ( 1 )
15:55:32.0726 0x1228 ATICustomerCare ( UnsignedFile.Multi.Generic ) - warning
15:55:32.0906 0x1228 [ 7C4AE21DB35F7AF697370EC068C4943E, AA5CB7EF571687B2553B060D0CD71D256C73047F698E033864EB456DB9572197 ] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
15:55:33.0034 0x1228 NBAgent - ok
15:55:33.0149 0x1228 [ A2418D3C557C0A0C634DA713A8AC3789, 4D8212B15081A31134167B9A328EEE778797ADDEBD23C8B0160FA43BCA1349DE ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
15:55:33.0182 0x1228 LWS - ok
15:55:33.0251 0x1228 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
15:55:33.0272 0x1228 APSDaemon - ok
15:55:33.0280 0x1228 AMD AVT - ok
15:55:33.0485 0x1228 [ 7B59D1D1F458B322A722E95554BB591E, F184E22D37E013580AB7FD07172C1F662275D39E036CE22DFA62B2A43823E719 ] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
15:55:33.0645 0x1228 CanonSolutionMenuEx - ok
15:55:33.0726 0x1228 [ C1DDF24C40BA13D1015890431A9D7B5F, E67259046F694B7FB5C946FCB7465A12104CFB7EEC60B207D479AECDF0E8D13A ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
15:55:33.0783 0x1228 IJNetworkScannerSelectorEX - ok
15:55:33.0895 0x1228 [ A9F9D081518AC03A51C1195986076F42, 7549CA4530470D9C8A0078E0002E3650133051AA4A1D2F3B7CF0BCA4C4A65595 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
15:55:33.0927 0x1228 iTunesHelper - ok
15:55:34.0089 0x1228 [ 1CE11C53E562D5F7EAFCF47E0E696516, 4E8264DB3CA9B2344905BC2CAE6A9E73190A3CCF3D154B3CBDAF4F73F8FCD64B ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
15:55:34.0172 0x1228 avgnt - ok
15:55:34.0241 0x1228 [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
15:55:34.0330 0x1228 QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
15:55:34.0331 0x1228 QuickTime Task ( UnsignedFile.Multi.Generic ) - warning
15:55:34.0401 0x1228 [ CB228E181580EA4B66B03426BA57BD80, 2E672182404223A42BD207B78EE92BD4A58B7DCFC801EDD96458CEAB00578705 ] C:\Program Files (x86)\PDF24\pdf24.exe
15:55:34.0449 0x1228 PDFPrint - ok
15:55:34.0522 0x1228 [ C94EBFBCD3018DCC50E193DFD02C8CEF, 93E48E0B2E9794CBE59C57226E5AF4CBAD03A1C04F76830530DDFD746794F0A2 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
15:55:34.0548 0x1228 Avira SystrayStartTrigger - ok
15:55:34.0635 0x1228 [ C9B67BCB8E384064A8C2263740B0C437, F2609406A84F3A8E256DD250F84A774EF43F92C9F8B373E297A99ACF95B3CCE4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
15:55:34.0717 0x1228 SunJavaUpdateSched - ok
15:55:35.0375 0x1228 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:55:35.0925 0x1228 OneDriveSetup - ok
15:55:36.0407 0x1228 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:55:37.0087 0x1228 OneDriveSetup - ok
15:55:37.0780 0x1228 [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
15:55:38.0331 0x1228 CCleaner Monitoring - ok
15:55:38.0506 0x1228 [ F9387D080BF8566354CDB0445AB8F87B, 4EE5D4A15E2D3DF578FA0370449C0894166B1B2998B63D9F02A994845350B86A ] C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\OneDrive.exe
15:55:38.0598 0x1228 OneDrive - ok
15:55:38.0667 0x1228 [ CC436BB2A26391F3DEBE316F6FB0474F, 2DA63827AD1449CA5F2888ADFA9645F1EAF8B39D26EC214441EE80F3A56E6E72 ] C:\Users\Jürgen Werner\AppData\Local\Microsoft\BingSvc\BingSvc.exe
15:55:38.0709 0x1228 BingSvc - ok
15:55:38.0781 0x1228 Skype - ok
15:55:38.0863 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:38.0964 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 - ok
15:55:39.0021 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:39.0104 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626 - ok
15:55:39.0150 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:39.0235 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64 - ok
15:55:39.0280 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:39.0365 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716 - ok
15:55:39.0409 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:39.0493 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
15:55:39.0538 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:39.0621 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814 - ok
15:55:39.0666 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:39.0750 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 - ok
15:55:39.0796 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:39.0878 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827 - ok
15:55:39.0923 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0007 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 - ok
15:55:40.0050 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0133 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019 - ok
15:55:40.0181 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0264 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 - ok
15:55:40.0308 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0392 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202 - ok
15:55:40.0435 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0521 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 - ok
15:55:40.0564 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0648 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127 - ok
15:55:40.0699 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0783 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64 - ok
15:55:40.0826 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:40.0910 0x1228 Uninstall C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225 - ok
15:55:41.0443 0x1228 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:55:42.0104 0x1228 OneDriveSetup - ok
15:55:42.0144 0x1228 Sidebar - ok
15:55:42.0208 0x1228 [ 9615F77B42907587DEBD6CA487317830, 71CB9484D079BCAD70C69D50C188A8BC07A3ED6D7EB90BE2749859E506FE696D ] C:\Program Files (x86)\Windows Mail\wab.exe
15:55:42.0353 0x1228 WAB Migrate - ok
15:55:42.0711 0x1228 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:55:43.0058 0x1228 OneDriveSetup - ok
15:55:43.0075 0x1228 Sidebar - ok
15:55:43.0102 0x1228 [ 9615F77B42907587DEBD6CA487317830, 71CB9484D079BCAD70C69D50C188A8BC07A3ED6D7EB90BE2749859E506FE696D ] C:\Program Files (x86)\Windows Mail\wab.exe
15:55:43.0155 0x1228 WAB Migrate - ok
15:55:43.0158 0x1228 Sidebar - ok
15:55:43.0251 0x1228 [ 527CF721F78B2DF6A1570F93899A0AA8, 1F08074DA90593E7EDC63C072B784BE438C5EC94FE992433053D6B75CDEE78EB ] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
15:55:43.0379 0x1228 OfficeSyncProcess - ok
15:55:43.0467 0x1228 [ 61F488AC3053DEB2AADB6A34DEBC8876, B5C5E0325F0FB4A37E80F08273B7483630F676C6342519564798CE7D1F121CB7 ] C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\OneDrive.exe
15:55:43.0548 0x1228 OneDrive - ok
15:55:43.0596 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:43.0682 0x1228 Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64 - ok
15:55:43.0723 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:43.0806 0x1228 Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 - ok
15:55:43.0848 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:43.0924 0x1228 Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64 - ok
15:55:43.0947 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:43.0990 0x1228 Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64 - ok
15:55:44.0016 0x1228 [ A6177D080759CF4A03EF837A38F62401, 79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35 ] C:\WINDOWS\system32\cmd.exe
15:55:44.0059 0x1228 Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 - ok
15:55:44.0405 0x1228 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
15:55:45.0072 0x1228 OneDriveSetup - ok
15:55:45.0199 0x1228 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.16.273 ), 0x41000 ( enabled : updated )
15:55:45.0201 0x1228 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.10240.16384 ), 0x60100 ( disabled : updated )
15:55:45.0212 0x1228 Win FW state via NFP2: enabled ( trusted )
15:55:45.0213 0x1228 ============================================================
15:55:45.0213 0x1228 Scan finished
15:55:45.0213 0x1228 ============================================================
15:55:45.0248 0x0ab4 Detected object count: 2
15:55:45.0248 0x0ab4 Actual detected object count: 2
15:56:23.0745 0x0ab4 ATICustomerCare ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:23.0745 0x0ab4 ATICustomerCare ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:56:23.0747 0x0ab4 QuickTime Task ( UnsignedFile.Multi.Generic ) - skipped by user
15:56:23.0748 0x0ab4 QuickTime Task ( UnsignedFile.Multi.Generic ) - User select action: Skip
 |
|
29.04.2016, 09:14
| #6 |
| /// Malwareteam | Backdoor Agent kommt immer zum Vorschein Schritt 1  Starte bitte wieder Malwarebytes Anti-Malware
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Bitte poste in deiner nächsten Antwort also:
__________________ --> Backdoor Agent kommt immer zum Vorschein |
|
29.04.2016, 13:57
| #7 |
| | Backdoor Agent kommt immer zum Vorschein Log Schritt 1 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 29.04.2016 Suchlaufzeit: 12:42 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.04.29.03 Rootkit-Datenbank: v2016.04.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Jürgen Werner Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 758248 Abgelaufene Zeit: 1 Std., 8 Min., 6 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) AdwCleaner Logfile: AdwCleaner Logfile: AdwCleaner Logfile: AdwCleaner Logfile: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v5.021 - Bericht erstellt am 19/11/2015 um 11:28:16
# Aktualisiert am 14/11/2015 von Xplode
# Datenbank : 2015-11-17.2 [Server]
# Betriebssystem : Windows 10 Pro (x64)
# Benutzername : Jürgen Werner - JÜRGENWERNER-PC
# Gestartet von : C:\Users\Jürgen Werner\AppData\Downloads\adwcleaner_5.021.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner Gelöscht : C:\ProgramData\apn
[-] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser
[-] Ordner Gelöscht : C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Ordner Gelöscht : C:\Users\Jürgen Werner\AppData\Roaming\Windows Net Data
[-] Ordner Gelöscht : C:\Users\Jürgen Werner\AppData\Roaming\Check Point Software Technologies LTD
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
# AdwCleaner v5.114 - Bericht erstellt am 29/04/2016 um 14:18:34
# Aktualisiert am 27/04/2016 von Xplode
# Datenbank : 2016-04-27.1 [Server]
# Betriebssystem : Windows 10 Pro (X64)
# Benutzername : Jürgen Werner - JÜRGENWERNER-PC
# Gestartet von : C:\Users\Jürgen Werner\Desktop\AdwCleaner_5.114.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
***** [ Dateien ] *****
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Internetbrowser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [6324 Bytes] - [19/11/2015 12:17:23]
C:\AdwCleaner\AdwCleaner[C2].txt - [2237 Bytes] - [19/11/2015 12:28:16]
C:\AdwCleaner\AdwCleaner[C3].txt - [1610 Bytes] - [19/11/2015 14:42:26]
C:\AdwCleaner\AdwCleaner[C4].txt - [2179 Bytes] - [02/12/2015 16:41:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [5843 Bytes] - [19/11/2015 12:14:37]
C:\AdwCleaner\AdwCleaner[S2].txt - [1223 Bytes] - [19/11/2015 12:21:19]
C:\AdwCleaner\AdwCleaner[S3].txt - [2911 Bytes] - [19/11/2015 14:30:54]
C:\AdwCleaner\AdwCleaner[S5].txt - [2016 Bytes] - [02/12/2015 16:38:37]
C:\AdwCleaner\AdwCleaner[S6].txt - [898 Bytes] - [11/12/2015 12:35:07]
C:\AdwCleaner\AdwCleaner[S7].txt - [898 Bytes] - [11/12/2015 12:47:26]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2892 Bytes] ##########
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- [/CODE] Logs Schritt 3 FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
durchgeführt von Jürgen Werner (Administrator) auf JÜRGENWERNER-PC (29-04-2016 14:46:07)
Gestartet von C:\Users\Jürgen Werner\Desktop
Geladene Profile: Jürgen Werner (Verfügbare Profile: Jürgen Werner & Sabine & Manuela & DefaultAppPool)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16719_none_11647d1561f368c0\TiWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [BingSvc] => C:\Users\Jürgen Werner\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-02] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2010-08-23]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-04-29]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
Startup: C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-12-11]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-29]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cb9d73b5-0417-40cd-810e-4d2f6230a47a}: [DhcpNameServer] 192.168.178.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=de-de
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Kein Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Jürgen Werner\AppData\Roaming\Mozilla\Firefox\Profiles\m961gktu.default-1461248636567
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2010-02-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2010-02-04] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4075896183-1784680247-2664955815-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Jürgen Werner\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [2012-03-19] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-06-02] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-12] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-04-12] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=de-de
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browserschutz) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-02]
CHR Extension: (Skype) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-08] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287712 2015-11-11] ()
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [Datei ist nicht signiert]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [Datei ist nicht signiert]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-08] (Avira Operations GmbH & Co. KG)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-29 14:46 - 2016-04-29 14:48 - 00026777 _____ C:\Users\Jürgen Werner\Desktop\FRST.txt
2016-04-29 14:43 - 2016-04-29 14:43 - 00002974 _____ C:\Users\Jürgen Werner\Desktop\AdwCleaner[C2].txt
2016-04-29 14:42 - 2016-04-29 14:42 - 00000000 ___HD C:\OneDriveTemp
2016-04-29 14:41 - 2016-04-29 14:41 - 00016148 _____ C:\WINDOWS\system32\JÜRGENWERNER-PC_Jürgen Werner_HistoryPrediction.bin
2016-04-29 13:53 - 2016-04-29 13:53 - 00001208 _____ C:\Users\Jürgen Werner\Desktop\mbam.txt
2016-04-29 13:18 - 2016-04-29 13:18 - 00000000 ____D C:\Users\Jürgen Werner\Desktop\2016_04_29
2016-04-29 12:44 - 2016-04-29 13:53 - 03581504 _____ C:\Users\Jürgen Werner\Desktop\AdwCleaner_5.114.exe
2016-04-28 18:13 - 2016-04-28 18:14 - 00004176 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_18.13.40_log.txt
2016-04-28 15:52 - 2016-04-28 16:07 - 00275264 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_15.52.54_log.txt
2016-04-28 15:51 - 2016-04-28 15:52 - 00004176 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_15.51.58_log.txt
2016-04-28 15:50 - 2016-04-28 15:51 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Jürgen Werner\Desktop\tdsskiller.exe
2016-04-28 15:36 - 2016-04-28 15:39 - 00054474 _____ C:\Users\Jürgen Werner\Desktop\FRST1 (2).txt
2016-04-28 15:34 - 2016-04-28 15:39 - 00042078 _____ C:\Users\Jürgen Werner\Desktop\FRST1 (1).txt
2016-04-28 15:33 - 2016-04-29 14:46 - 00000000 ____D C:\FRST
2016-04-28 15:32 - 2016-04-28 15:33 - 02376704 _____ (Farbar) C:\Users\Jürgen Werner\Desktop\FRST64.exe
2016-04-28 11:00 - 2016-04-28 11:00 - 00002889 _____ C:\Users\Jürgen Werner\Desktop\Scan Malewarebytes 28_04.txt
2016-04-24 11:24 - 2016-04-24 11:24 - 00016148 _____ C:\WINDOWS\system32\JÜRGENWERNER-PC_Manuela_HistoryPrediction.bin
2016-04-22 20:45 - 2016-04-22 20:45 - 00007785 _____ C:\Users\Jürgen Werner\Documents\Michaela 2 Bewerbung.odt
2016-04-22 20:44 - 2016-04-22 20:45 - 00006491 _____ C:\Users\Jürgen Werner\Documents\Michaela Bindlach 1.odt
2016-04-19 21:16 - 2016-04-19 21:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5D380244.sys
2016-04-19 20:17 - 2016-04-19 20:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4AFF5508.sys
2016-04-19 19:55 - 2016-04-19 19:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\27A0441B.sys
2016-04-19 17:59 - 2016-04-19 17:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\42F96BA4.sys
2016-04-19 16:24 - 2016-04-19 16:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\59822276.sys
2016-04-17 09:30 - 2016-04-17 09:32 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.008
2016-04-17 09:30 - 2016-04-17 09:30 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.008\AppData\Local\TileDataLayer
2016-04-17 09:22 - 2016-04-17 09:29 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.007
2016-04-17 09:22 - 2016-04-17 09:22 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.007\AppData\Local\TileDataLayer
2016-04-13 15:08 - 2016-04-13 15:54 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.006\AppData\Local\Packages
2016-04-13 15:08 - 2016-04-13 15:54 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.006
2016-04-12 18:19 - 2016-04-12 18:19 - 00003446 _____ C:\WINDOWS\System32\Tasks\Fenix Defrag Logon
2016-04-12 12:29 - 2016-04-17 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-07 18:31 - 2016-04-07 18:31 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-02 14:17 - 2016-04-02 14:17 - 00279096 _____ C:\WINDOWS\Minidump\040216-48875-01.dmp
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-29 14:46 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 14:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-29 14:44 - 2010-06-28 17:52 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\Skype
2016-04-29 14:43 - 2014-06-06 21:27 - 00000000 ___RD C:\Users\Jürgen Werner\CloudStation
2016-04-29 14:42 - 2015-07-29 11:42 - 00000000 ___RD C:\Users\Jürgen Werner\OneDrive
2016-04-29 14:42 - 2011-06-12 07:05 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Outlook-Dateien
2016-04-29 14:41 - 2011-05-14 20:19 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-29 14:40 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-29 14:40 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-29 14:40 - 2010-06-28 16:32 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-04-29 14:31 - 2012-10-22 17:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-29 14:14 - 2011-05-14 20:19 - 00001158 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 14:00 - 2015-11-18 20:18 - 00004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC9AFB74-B68B-4B73-8EE9-23B9B03F69C7}
2016-04-29 13:55 - 2015-11-19 12:14 - 00000000 ____D C:\AdwCleaner
2016-04-29 13:17 - 2014-11-16 18:35 - 00000000 ____D C:\Users\Jürgen Werner\Documents\KabelDeutschland
2016-04-29 12:42 - 2014-11-08 16:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 08:41 - 2013-04-21 21:31 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-04-29 08:24 - 2010-08-23 15:49 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\uTorrent
2016-04-29 08:10 - 2011-05-06 20:28 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\ElevatedDiagnostics
2016-04-28 11:03 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Registration
2016-04-25 18:54 - 2015-09-17 18:35 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-25 18:54 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Sabine
2016-04-25 18:54 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Nicole
2016-04-25 18:54 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-25 18:19 - 2013-11-09 20:55 - 00002471 _____ C:\Users\Jürgen Werner\Desktop\Google Chrome.lnk
2016-04-25 10:00 - 2010-06-28 17:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-25 10:00 - 2010-06-28 17:51 - 00000000 ____D C:\ProgramData\Skype
2016-04-25 09:10 - 2015-07-29 11:42 - 00002460 _____ C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-24 18:24 - 2013-01-03 16:58 - 00000000 ____D C:\Users\Jürgen Werner\Documents\1. Sabine
2016-04-22 11:57 - 2012-03-25 12:47 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8BFD1B50-A937-4064-AB0F-D9F936811448}
2016-04-21 16:24 - 2013-12-23 21:24 - 00000000 ____D C:\Users\Jürgen Werner\Desktop\Alte Firefox-Daten
2016-04-21 16:20 - 2015-07-29 11:31 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\Packages
2016-04-21 11:19 - 2015-09-07 15:25 - 00000000 ____D C:\Users\Manuela\.oracle_jre_usage
2016-04-21 11:17 - 2015-08-21 10:51 - 00000000 ____D C:\Users\Manuela\AppData\Local\Packages
2016-04-19 19:26 - 2015-07-29 10:58 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-19 19:26 - 2015-07-10 18:34 - 00883752 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-19 19:26 - 2015-07-10 18:34 - 00195886 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-19 19:26 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-19 10:18 - 2013-08-19 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-19 10:17 - 2014-08-08 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-18 11:47 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-17 13:46 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Manuela
2016-04-17 09:35 - 2013-03-21 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-15 18:01 - 2015-11-03 10:47 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Ergebnisse Tim
2016-04-13 16:03 - 2013-01-14 17:12 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Konfirmation Nicole 5.5.2013
2016-04-12 18:18 - 2015-10-29 11:17 - 00003772 _____ C:\WINDOWS\System32\Tasks\Fenix Defrag
2016-04-12 18:18 - 2015-10-29 11:17 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag
2016-04-12 12:52 - 2014-11-13 15:37 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Briefe
2016-04-10 08:10 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Resources
2016-04-10 07:32 - 2014-11-08 16:58 - 00001177 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-10 07:32 - 2014-11-08 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-10 07:32 - 2014-11-08 16:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-08 18:52 - 2015-07-19 10:36 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\JDownloader 2.0
2016-04-04 18:22 - 2015-08-30 10:33 - 00000000 ____D C:\Users\Jürgen Werner\Downloads\Neu
2016-04-03 22:14 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Jürgen Werner
2016-04-02 14:29 - 2015-07-10 14:20 - 00415672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-02 14:17 - 2015-08-21 23:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-02 14:16 - 2016-03-18 15:27 - 634048721 _____ C:\WINDOWS\MEMORY.DMP
2016-03-30 17:12 - 2014-11-13 15:44 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Passwörter
2016-03-30 09:44 - 2015-06-12 13:38 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\vlc
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-10-30 11:19 - 2015-10-30 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\47B.tmp
2015-11-04 11:19 - 2015-11-04 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\5792.tmp
2015-10-31 11:19 - 2015-10-31 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\5BC8.tmp
2015-11-03 11:19 - 2015-11-03 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\748B.tmp
2015-11-05 11:19 - 2015-11-05 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\DDF3.tmp
2010-07-29 10:09 - 2010-07-29 10:09 - 0021634 _____ () C:\Users\Jürgen Werner\AppData\Roaming\mdbu.bin
2010-06-28 17:56 - 2010-06-28 17:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-04 10:51 - 2015-12-04 10:51 - 0000016 _____ () C:\ProgramData\mntemp
Einige Dateien in TEMP:
====================
C:\Users\Jürgen Werner\AppData\Local\Temp\avgnt.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\gpup_213.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1021.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1025.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1047.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\libeay32.dll
C:\Users\Jürgen Werner\AppData\Local\Temp\msvcr120.dll
C:\Users\Jürgen Werner\AppData\Local\Temp\proxy_vole137087492866520834.dll
C:\Users\Jürgen Werner\AppData\Local\Temp\ShFolder.Exe
C:\Users\Jürgen Werner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\sqlite3.dll
C:\Users\Manuela\AppData\Local\Temp\avgnt.exe
C:\Users\TEMP.JürgenWerner-PC.001\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-28 11:45
==================== Ende von FRST.txt ============================
[/CODE] Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-04-2016
durchgeführt von Jürgen Werner (2016-04-29 14:50:06)
Gestartet von C:\Users\Jürgen Werner\Desktop
Windows 10 Pro (X64) (2015-07-29 09:30:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4075896183-1784680247-2664955815-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4075896183-1784680247-2664955815-503 - Limited - Disabled)
Gast (S-1-5-21-4075896183-1784680247-2664955815-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4075896183-1784680247-2664955815-1008 - Limited - Enabled)
Jürgen Werner (S-1-5-21-4075896183-1784680247-2664955815-1000 - Administrator - Enabled) => C:\Users\Jürgen Werner
Manuela (S-1-5-21-4075896183-1784680247-2664955815-1005 - Limited - Enabled) => C:\Users\Manuela
Nicole (S-1-5-21-4075896183-1784680247-2664955815-1004 - Limited - Enabled)
Sabine (S-1-5-21-4075896183-1784680247-2664955815-1003 - Administrator - Enabled) => C:\Users\Sabine
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.3 - )
µTorrent (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX710 series Benutzerregistrierung (HKLM-x32\...\Canon MX710 series Benutzerregistrierung) (Version: - )
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version: - )
Canon MX710 series On-screen Manual (HKLM-x32\...\Canon MX710 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.48 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Duden Tipptrainer 2.0 (HKLM-x32\...\{7036A07A-FE2A-4920-A944-19B73D16F106}) (Version: 1.00.0019 - Brockhaus Duden Neue Medien GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Klett Nussknacker 1 (HKLM-x32\...\Klett Nussknacker 1) (Version: - )
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Luka und der verborgene Schatz (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Luka und der verborgene Schatz) (Version: - )
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Opera 10.63 (HKLM-x32\...\{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}) (Version: 10.63 - Opera Software ASA)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SOE Web Installer (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3479 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.0.4062 - Synology, Inc.)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.5.5 - Shark007)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Winsol 1.21 (HKLM-x32\...\Winsol_is1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {005192BB-F9C5-4D3B-A2F0-C25AC19BED92} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {00BCD157-3DF9-4C55-A447-519DA9C55DC8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {03D611F0-6B64-41E7-A11D-5F89676498DA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {04183081-B648-45F0-B19D-FB65560F6F06} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {12EBC4F0-B2D7-4CFE-9AE2-0FCEF0418767} - System32\Tasks\{81FD0B49-60B5-4BB9-8BC1-F74A5A2D544A} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.85.102/de/abandoninstall?page=tsMain
Task: {18FF1DFD-A8D1-45FD-BAF6-2E471F0478D6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1F68C40D-01EA-4D71-99FA-57EACA6DF3C3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {218D8439-DBD1-4677-A983-111705CC1006} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {2BD79C6E-F00A-4BD4-BD9F-88D39B5FCEE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {33502DA4-482E-43BD-9209-E7390EB8AE52} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3A7AD837-C57C-40E9-99A3-E40D152EF64A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {3B21856C-5241-4A43-AC92-9048E18C92C1} - System32\Tasks\{8C3B9BC9-42C8-4E8B-B690-7C0ED752735E} => pcalua.exe -a D:\SetupStarter.exe -d D:\
Task: {3BA52692-592D-4BCC-AD13-A77FA135C526} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3DA9A2AB-5549-42A9-9C43-CDF3D02FDB06} - System32\Tasks\{4203A2F5-75AB-4C8E-9EAD-6B7214E22E6D} => Firefox.exe
Task: {3F5F1837-80D2-4824-9D0C-8554BC177191} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4016516C-9684-41C4-9998-9A686FA4EF55} - System32\Tasks\{5CB1C16A-7983-4CD2-BE2A-4890F0D7871A} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "chrome"
Task: {442392D7-53E8-48F2-95E2-EDAD35CF8439} - System32\Tasks\Common Installer Worker => C:\Program Files (x86)\Common Installer\CommonInstaller.exe [2015-11-03] (Backup Updater)
Task: {44972B6F-3A71-4DE5-834D-C086361D4664} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4ADD0826-A7FA-4D54-9606-40616F55EFA5} - System32\Tasks\{6C3C35A4-33C9-4617-8C3B-337CCBA2B979} => pcalua.exe -a "C:\Users\Jürgen Werner\Downloads\avira_antivir_personal_de.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E59259B-2467-4501-B34E-D21E9586A5A7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6180FF1A-8559-4957-A156-26DF7B53F136} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {67A1A65F-271D-48B0-A6DD-ACE2CDC8CFBF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6BABFEFF-B200-4A77-9F98-A69B701DD07F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {718A2D38-79D1-4ED2-B7EF-C475C9E512E8} - System32\Tasks\{658F2182-BCD9-43D8-9EC3-0B7D8C931F56} => C:\Users\Jürgen Werner\Documents\Microsoft.Office.2010.Professional.Plus.GERMAN.x86.x64\BIE\os_x86\bie_o10install86.exe [2010-05-30] ()
Task: {71B12A1B-D9F1-468A-98F7-508F78869328} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {793EAEFF-9F5F-4E1F-8CB8-E563E01F521D} - System32\Tasks\{90515FD2-42C6-4D88-9B54-BFF02754C6CD} => Firefox.exe
Task: {79EECAA7-5AF9-47C7-8CFC-A545631F9D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {803A6E1B-7D43-4E8B-9D05-28A5A6DA75AB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {81E02735-BDD5-4EB5-9588-FC16789B605F} - System32\Tasks\{4DD48FE3-A6AF-4D91-9226-6F38FD9240D5} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\bin\cloud.exe
Task: {84D31172-764A-4DFD-BE40-F40894F1185B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88C208C8-C628-434D-8B16-CA821173EC0F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8FCADBC1-33BD-4872-8B1E-401AE095693F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {959E6674-6A10-4259-9AAD-2DDEDC85D4EE} - System32\Tasks\{C4B6BBCF-5237-45FB-A98E-2ACFB07F6325} => C:\Users\Jürgen Werner\Documents\Microsoft.Office.2010.Professional.Plus.GERMAN.x86.x64\BIE\os_x86\bie_o10install86.exe [2010-05-30] ()
Task: {980C3DE5-5B70-49F0-9772-7B4F53BF3A25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {A37C7988-9121-4512-8F93-BB1B8DA56B32} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A59A61A3-3068-4F19-9360-04B40D655681} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {A6F8BF39-29BF-4509-B7BB-96C715571DB5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {AC6DD7AF-C261-4DFC-94E3-844E63D4B094} - \Gamma Task Menager Worker -> Keine Datei <==== ACHTUNG
Task: {B04CAB88-2CED-4011-85E1-B710B7C27392} - System32\Tasks\Fenix Defrag => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe [2016-04-12] () <==== ACHTUNG
Task: {B4518264-C23C-411B-AA88-F765FD073927} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B4F8341D-E538-449B-B48A-A0289CED7E50} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B746B3D8-9694-4A29-A29C-F2174F419D86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {B96E4FB4-B6CF-4C9D-B66F-C2D78EA58173} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B9978F61-C8AB-4317-9550-6BADD4309A48} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BAA3D4B9-7A94-4C92-B982-D04075BE56DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C09B9744-E33D-4B27-88AC-AB69F4828F60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C76C7C29-050D-4470-B707-311BD480FCA5} - System32\Tasks\{3A68D0D9-42FD-4087-B861-6AADCADE9676} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-04-08] (Skype Technologies S.A.)
Task: {CC32E716-5634-496E-85A3-6CA68D11D98A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {D2E1D66D-7C23-4A41-ABCC-0B4FCC1360EA} - System32\Tasks\{4D4DB832-D542-4FBF-8A6C-E7EDBF40374E} => Firefox.exe
Task: {D30CB1BB-BD76-452B-B4D0-934FFC3B579E} - System32\Tasks\Fenix Defrag Logon => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe [2016-04-12] ()
Task: {DA943567-04DC-4026-B214-E46EED4D7078} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {DBDDF84B-3696-4814-9167-C7504D0461D3} - System32\Tasks\{8C240E24-0EE7-435B-AE19-B872A71A5675} => Firefox.exe
Task: {DEE2D70C-9743-4DC8-ABDE-D56C6ECDAA3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EB8601AB-5F82-472A-BEA1-8CB2A20E526B} - \Start Registry Reviver -> Keine Datei <==== ACHTUNG
Task: {EC5FF962-1880-4831-AC74-3ACBBE6CDB5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {ED070690-BA39-4999-8303-A04F9FFCB237} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F19AB114-0E55-42D9-9185-458D1EA82142} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FEB5D27E-D4DB-4758-9C0B-D47DA4B02A6F} - System32\Tasks\{417CEE16-CAF5-48C2-9A9C-2B5184BF4554} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "iexplore"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-29 11:51 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 11:55 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-11 09:52 - 2015-11-11 09:52 - 00287712 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2013-04-21 22:36 - 2011-09-06 04:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-05-11 09:12 - 2015-05-11 09:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-10-01 15:34 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-25 09:10 - 2016-04-25 09:10 - 00959176 _____ () C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-10-01 15:34 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 15:33 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 11:36 - 2015-11-25 06:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 11:36 - 2015-11-25 06:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 11:36 - 2015-11-25 06:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 15:34 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 03:49 - 2015-11-11 03:49 - 01557160 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-12-08 21:25 - 2015-12-08 21:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2016-04-25 09:10 - 2016-04-25 09:10 - 00679624 _____ () C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2014-06-26 18:51 - 2015-07-21 11:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2014-06-26 18:51 - 2015-07-21 11:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00123918 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01026062 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00524460 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 02949660 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01798570 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 03095505 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00115214 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 21565192 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00712704 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00031744 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00046080 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00032768 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00516608 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00243200 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00431616 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\com -> hxxp://*.Wondershare.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\sony.com -> sony.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jürgen Werner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jürgen Werner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: SpUninstallCleanUp => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\Run: => "AMD AVT"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ATICustomerCare"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "AMD AVT"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\StartupApproved\Run: => "BingSvc"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{95D95D86-6A2B-4506-BCAA-7FE17E80F0AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D50D9F1B-095B-4FA9-A074-4023F035E6F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AB566753-EEA6-4E86-8F6F-E6019FEB15EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8BC2761-E284-4E29-960B-40FDBE1A2C1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{8FB5921E-16FA-47E3-A02B-4C2FD874A347}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{BAD9D87E-3F95-4C73-87F1-DAA8D5A7E22A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{FB8AC5CD-D373-46FB-ACB6-FB1EB30B668A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{3CEBAFE0-783A-4821-B3EC-2EDDBB24ADCC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{2D9B1C58-BF34-49A1-84E3-19CF30DF06EA}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [TCP Query User{DB71C5CD-6FA0-4CE9-BBCA-EC9C02386F1D}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [{14C7C674-040E-4949-83D6-479678DA47D5}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{E85DF57E-310C-4991-974D-6FE14ADD6573}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{63314D4E-424A-4E0C-BD0F-D8A31571548E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{162B55F8-AD72-468A-9A7D-80D473B2970B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{437D7CC4-8FF0-4589-BC42-4A69875E0590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0A3D4BE9-0D95-4180-96EF-34D26D378719}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC1B1600-5950-4C93-A47B-3A627486369A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AFCF48DE-5BBF-4D6C-80C8-F77E3E9FDD96}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{0099945C-85C2-4625-8F33-C3E6D15B6F87}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{ED449D4B-E0B6-45AA-B594-7A183CC823C2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{81CF9183-58B5-4B3B-BCCF-3BB07C73B538}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3937E7F0-9973-4799-9B81-B8A8E69135D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7583698B-CA63-4917-82E6-91EE379D95BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D156535-CD2E-4DB8-A394-2235C61E5803}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A21CED51-8C40-4172-B71A-6DFF2AC5DA61}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{04E793FE-903C-4AA3-A78B-B874EFD677E3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D508BCE7-136E-4DAB-8D8F-695DE6989D77}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
28-04-2016 13:02:24 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/29/2016 02:40:52 PM) (Source: MSMQ) (EventID: 2078) (User: )
Description: Der Message Queuing-Dienst kann nicht gestartet werden. Die Prüfpunktdateien können nicht wiederhergestellt werden. Um den Message Queuing-Dienst ohne Konsistenzverlust zu starten, müssen Sie die beschädigten Prüfpunkt- und Protokolldateien korrigieren oder wiederherstellen. Löschen Sie zum Starten des Dienstes für die Notfallverwendung (mit potenziellen Verlusten der Datenkonsistenz) die Dateien "QMLog", "MQTrans.lg1", "MQTrans.lg2", "MQInSeqs.lg1" und "MQInSeqs.lg2" aus dem Ordner "Msmq\Storage", und fügen Sie den DWORD-Registrierungsschlüssel "HKLM\Software\Microsoft\MSMQ\Parameters\LogDataCreated" mit einem Wert von 0 hinzu. Fehler 0xc00e03f1:
Error: (04/29/2016 02:40:52 PM) (Source: MSMQ) (EventID: 2053) (User: )
Description: Die eingehende Prüfpunktdatei für Sequenzen konnte nicht initialisiert werden. Die Datei "MQInSeqs.lg1" oder "MQInSeqs.lg2" im Ordner "Msmq\Storage" ist beschädigt oder fehlt. Fehler 0xc00e03f1:
Error: (04/29/2016 02:40:52 PM) (Source: MSMQ) (EventID: 2053) (User: )
Description: Die eingehende Prüfpunktdatei für Sequenzen konnte nicht initialisiert werden. Die Datei "MQInSeqs.lg1" oder "MQInSeqs.lg2" im Ordner "Msmq\Storage" ist beschädigt oder fehlt. Fehler 0xc00e03f1:
Error: (04/29/2016 02:40:52 PM) (Source: MSMQ) (EventID: 2053) (User: )
Description: Die eingehende Prüfpunktdatei für Sequenzen konnte nicht initialisiert werden. Die Datei "MQInSeqs.lg1" oder "MQInSeqs.lg2" im Ordner "Msmq\Storage" ist beschädigt oder fehlt. Fehler 0xc00e03f1:
Error: (04/29/2016 11:21:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AUDIODG.EXE, Version: 10.0.10240.16384, Zeitstempel: 0x559f3a8d
Name des fehlerhaften Moduls: MBAPO64.dll, Version: 1.0.9.0, Zeitstempel: 0x4a0a6138
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000fdf2
ID des fehlerhaften Prozesses: 0x1978
Startzeit der fehlerhaften Anwendung: 0xAUDIODG.EXE0
Pfad der fehlerhaften Anwendung: AUDIODG.EXE1
Pfad des fehlerhaften Moduls: AUDIODG.EXE2
Berichtskennung: AUDIODG.EXE3
Vollständiger Name des fehlerhaften Pakets: AUDIODG.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AUDIODG.EXE5
Error: (04/28/2016 09:51:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JürgenWerner-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/28/2016 01:02:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (04/28/2016 01:02:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-4075896183-1784680247-2664955815-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {e15b0720-e3a4-40fd-b3b1-b2bdc53db549}
Error: (04/28/2016 11:07:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JürgenWerner-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/28/2016 11:03:46 AM) (Source: MSMQ) (EventID: 2078) (User: )
Description: Der Message Queuing-Dienst kann nicht gestartet werden. Die Prüfpunktdateien können nicht wiederhergestellt werden. Um den Message Queuing-Dienst ohne Konsistenzverlust zu starten, müssen Sie die beschädigten Prüfpunkt- und Protokolldateien korrigieren oder wiederherstellen. Löschen Sie zum Starten des Dienstes für die Notfallverwendung (mit potenziellen Verlusten der Datenkonsistenz) die Dateien "QMLog", "MQTrans.lg1", "MQTrans.lg2", "MQInSeqs.lg1" und "MQInSeqs.lg2" aus dem Ordner "Msmq\Storage", und fügen Sie den DWORD-Registrierungsschlüssel "HKLM\Software\Microsoft\MSMQ\Parameters\LogDataCreated" mit einem Wert von 0 hinzu. Fehler 0xc00e03f1:
Systemfehler:
=============
Error: (04/29/2016 02:44:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (04/29/2016 02:43:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.
Error: (04/29/2016 02:42:12 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (04/29/2016 02:40:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" ist vom Dienst "Message Queuing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1066
Error: (04/29/2016 02:40:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Message Queuing" wurde mit dem folgenden dienstspezifischen Fehler beendet:
%%3222143985
Error: (04/29/2016 02:40:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Net.Tcp-Listeneradapter" ist vom Dienst "Net.Tcp-Portfreigabedienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1058
Error: (04/29/2016 02:40:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen:
Error: (04/29/2016 02:40:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen:
Error: (04/29/2016 02:40:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen:
Error: (04/29/2016 02:40:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen:
CodeIntegrity:
===================================
Date: 2016-03-08 08:24:36.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:36.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:36.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:29.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:29.234
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.245
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.109
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:39.336
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:38.963
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) II X4 630 Processor
Prozentuale Nutzung des RAM: 55%
Installierter physikalischer RAM: 4094.97 MB
Verfügbarer physikalischer RAM: 1814.24 MB
Summe virtueller Speicher: 8190.97 MB
Verfügbarer virtueller Speicher: 5507.61 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:920.43 GB) (Free:600.33 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Warentest) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=920.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
30.04.2016, 19:52
| #8 |
| /// Malwareteam | Backdoor Agent kommt immer zum Vorschein Schritt: 1 Lade Dir bitte von hier  Emsisoft Emergency Kit herunter.
Schritt: 2 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~  Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
30.04.2016, 20:40
| #9 |
| | Backdoor Agent kommt immer zum VorscheinCode:
ATTFilter
Emsisoft Emergency Kit - Version 11.0
Letztes Update: 30.04.2016 21:07:16
Benutzerkonto: JürgenWerner-PC\Jürgen Werner
Scan-Einstellungen:
Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien
PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan-Beginn: 30.04.2016 21:07:58
Key: HKEY_USERS\S-1-5-21-4075896183-1784680247-2664955815-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Gefunden: Application.Toolbar (A)
C:\Users\Jürgen Werner\AppData\Local\Temp\gpup_213.exe Gefunden: Application.Downloader (A)
C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1047.exe Gefunden: Application.Downloader (A)
C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe Gefunden: Application.Downloader (A)
Gescannt: 99502
Gefunden 4
Scan-Ende: 30.04.2016 21:29:46
Scan-Zeit: 0:21:48
C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe Application.Downloader (A)
C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1047.exe Application.Downloader (A)
C:\Users\Jürgen Werner\AppData\Local\Temp\gpup_213.exe Application.Downloader (A)
Key: HKEY_USERS\S-1-5-21-4075896183-1784680247-2664955815-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Application.Toolbar (A)
Quarantäne 4
FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:30-04-2016
durchgeführt von Jürgen Werner (Administrator) auf JÜRGENWERNER-PC (30-04-2016 21:32:22)
Gestartet von C:\Users\Jürgen Werner\Desktop
Geladene Profile: Jürgen Werner & Sabine & Manuela & DefaultAppPool (Verfügbare Profile: Jürgen Werner & Sabine & Manuela & DefaultAppPool)
Platform: Windows 10 Pro (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Synology Inc.) C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Emsisoft Ltd) C:\EEK\bin64\a2emergencykit.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2780776 2011-07-19] (CANON INC.)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-21] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [BingSvc] => C:\Users\Jürgen Werner\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-02] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5907.0716"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5930.0814"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.5951.0827"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6201.1019"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\RunOnce: [Uninstall C:\Users\J�rgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1003\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4075896183-1784680247-2664955815-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1004.bak\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4075896183-1784680247-2664955815-1004.bak\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\...\RunOnce: [Uninstall C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Manuela\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll [2015-12-02] (TODO: <Company name>)
Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-28]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk [2010-08-23]
ShortcutTarget: Microsoft Outlook 2010.lnk -> C:\WINDOWS\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Startup: C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-04-30]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
Startup: C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-12-11]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-29]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{cb9d73b5-0417-40cd-810e-4d2f6230a47a}: [DhcpNameServer] 192.168.178.1
ManualProxies:
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=de-de
URLSearchHook: HKU\S-1-5-21-4075896183-1784680247-2664955815-1005 - (Kein Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Keine Datei
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4075896183-1784680247-2664955815-1005 -> {7CB28F13-130A-4795-95B9-D31DD8CCF23E} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Kein Name -> {43D9786F-A485-683B-9B5B-ACC97ABC17FC} -> Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-26] (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-26] (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - Keine Datei
FireFox:
========
FF ProfilePath: C:\Users\Jürgen Werner\AppData\Roaming\Mozilla\Firefox\Profiles\m961gktu.default-1461248636567
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-09-21] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll [2010-02-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll [2010-02-04] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4075896183-1784680247-2664955815-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Jürgen Werner\AppData\LocalLow\Sony Online Entertainment\npsoe.dll [2012-03-19] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-06-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-06-02] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-04-12] [ist nicht signiert]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-04-12] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com => nicht gefunden
Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=de-de
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira Browserschutz) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-02-02]
CHR Extension: (Skype) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Jürgen Werner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-03-02]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-08] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-08] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287712 2015-11-11] ()
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [Datei ist nicht signiert]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [Datei ist nicht signiert]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-08] (Avira Operations GmbH & Co. KG)
R1 epp; C:\EEK\bin64\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-30 21:32 - 2016-04-30 21:33 - 00029594 _____ C:\Users\Jürgen Werner\Desktop\FRST.txt
2016-04-30 21:31 - 2016-04-30 21:31 - 00000000 ____D C:\Users\Jürgen Werner\Desktop\FRST-OlderVersion
2016-04-30 21:30 - 2016-04-30 21:30 - 00002876 _____ C:\Users\Jürgen Werner\Desktop\scan_160430-210758.txt
2016-04-30 21:26 - 2016-04-30 21:26 - 00016148 _____ C:\WINDOWS\system32\JÜRGENWERNER-PC_Jürgen Werner_HistoryPrediction.bin
2016-04-30 20:59 - 2016-04-30 21:29 - 00000000 ____D C:\EEK
2016-04-30 20:56 - 2016-04-30 20:58 - 229907360 _____ C:\Users\Jürgen Werner\Desktop\EmsisoftEmergencyKit.exe
2016-04-30 20:55 - 2016-04-30 20:55 - 00000000 ___HD C:\OneDriveTemp
2016-04-30 18:22 - 2016-04-30 18:22 - 00016148 _____ C:\WINDOWS\system32\JÜRGENWERNER-PC_Manuela_HistoryPrediction.bin
2016-04-29 14:43 - 2016-04-29 14:43 - 00002974 _____ C:\Users\Jürgen Werner\Desktop\AdwCleaner[C2].txt
2016-04-29 13:53 - 2016-04-29 13:53 - 00001208 _____ C:\Users\Jürgen Werner\Desktop\mbam.txt
2016-04-29 13:18 - 2016-04-29 13:18 - 00000000 ____D C:\Users\Jürgen Werner\Desktop\2016_04_29
2016-04-29 12:44 - 2016-04-29 13:53 - 03581504 _____ C:\Users\Jürgen Werner\Desktop\AdwCleaner_5.114.exe
2016-04-28 18:13 - 2016-04-28 18:14 - 00004176 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_18.13.40_log.txt
2016-04-28 15:52 - 2016-04-28 16:07 - 00275264 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_15.52.54_log.txt
2016-04-28 15:51 - 2016-04-28 15:52 - 00004176 _____ C:\TDSSKiller.3.1.0.9_28.04.2016_15.51.58_log.txt
2016-04-28 15:50 - 2016-04-28 15:51 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Jürgen Werner\Desktop\tdsskiller.exe
2016-04-28 15:33 - 2016-04-30 21:32 - 00000000 ____D C:\FRST
2016-04-28 15:32 - 2016-04-30 21:31 - 02377216 _____ (Farbar) C:\Users\Jürgen Werner\Desktop\FRST64.exe
2016-04-22 20:45 - 2016-04-22 20:45 - 00007785 _____ C:\Users\Jürgen Werner\Documents\Michaela 2 Bewerbung.odt
2016-04-22 20:44 - 2016-04-22 20:45 - 00006491 _____ C:\Users\Jürgen Werner\Documents\Michaela Bindlach 1.odt
2016-04-19 21:16 - 2016-04-19 21:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5D380244.sys
2016-04-19 20:17 - 2016-04-19 20:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4AFF5508.sys
2016-04-19 19:55 - 2016-04-19 19:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\27A0441B.sys
2016-04-19 17:59 - 2016-04-19 17:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\42F96BA4.sys
2016-04-19 16:24 - 2016-04-19 16:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\59822276.sys
2016-04-17 09:30 - 2016-04-17 09:32 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.008
2016-04-17 09:30 - 2016-04-17 09:30 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.008\AppData\Local\TileDataLayer
2016-04-17 09:22 - 2016-04-17 09:29 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.007
2016-04-17 09:22 - 2016-04-17 09:22 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.007\AppData\Local\TileDataLayer
2016-04-13 15:08 - 2016-04-13 15:54 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.006\AppData\Local\Packages
2016-04-13 15:08 - 2016-04-13 15:54 - 00000000 ____D C:\Users\TEMP.JürgenWerner-PC.006
2016-04-12 18:19 - 2016-04-12 18:19 - 00003446 _____ C:\WINDOWS\System32\Tasks\Fenix Defrag Logon
2016-04-12 12:29 - 2016-04-17 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-07 18:31 - 2016-04-07 18:31 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-02 14:17 - 2016-04-02 14:17 - 00279096 _____ C:\WINDOWS\Minidump\040216-48875-01.dmp
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-04-30 21:31 - 2012-10-22 17:03 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-30 21:31 - 2010-06-28 17:52 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\Skype
2016-04-30 21:30 - 2015-10-29 11:17 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag
2016-04-30 21:14 - 2011-05-14 20:19 - 00001158 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-30 21:14 - 2011-05-14 20:19 - 00001154 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-30 20:56 - 2014-06-06 21:27 - 00000000 ___RD C:\Users\Jürgen Werner\CloudStation
2016-04-30 20:55 - 2015-07-29 11:42 - 00000000 ___RD C:\Users\Jürgen Werner\OneDrive
2016-04-30 20:55 - 2011-06-12 07:05 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Outlook-Dateien
2016-04-30 20:54 - 2010-06-28 16:32 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-04-30 18:09 - 2012-03-25 12:47 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8BFD1B50-A937-4064-AB0F-D9F936811448}
2016-04-30 18:08 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-30 12:24 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-30 11:58 - 2015-08-21 10:58 - 00002442 _____ C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-30 11:58 - 2015-08-21 10:58 - 00000000 ___RD C:\Users\Manuela\OneDrive
2016-04-29 20:29 - 2015-11-18 20:18 - 00004188 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FC9AFB74-B68B-4B73-8EE9-23B9B03F69C7}
2016-04-29 15:09 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-29 14:40 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-29 14:40 - 2015-07-10 11:05 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-04-29 13:55 - 2015-11-19 12:14 - 00000000 ____D C:\AdwCleaner
2016-04-29 13:17 - 2014-11-16 18:35 - 00000000 ____D C:\Users\Jürgen Werner\Documents\KabelDeutschland
2016-04-29 12:42 - 2014-11-08 16:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 08:41 - 2013-04-21 21:31 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-04-29 08:24 - 2010-08-23 15:49 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Roaming\uTorrent
2016-04-29 08:10 - 2011-05-06 20:28 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\ElevatedDiagnostics
2016-04-28 11:03 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Registration
2016-04-25 18:54 - 2015-09-17 18:35 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-25 18:54 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Sabine
2016-04-25 18:54 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Nicole
2016-04-25 18:54 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-25 18:19 - 2013-11-09 20:55 - 00002471 _____ C:\Users\Jürgen Werner\Desktop\Google Chrome.lnk
2016-04-25 10:00 - 2010-06-28 17:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-25 10:00 - 2010-06-28 17:51 - 00000000 ____D C:\ProgramData\Skype
2016-04-25 09:10 - 2015-07-29 11:42 - 00002460 _____ C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-24 18:24 - 2013-01-03 16:58 - 00000000 ____D C:\Users\Jürgen Werner\Documents\1. Sabine
2016-04-22 09:57 - 2010-06-28 16:37 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-21 16:24 - 2013-12-23 21:24 - 00000000 ____D C:\Users\Jürgen Werner\Desktop\Alte Firefox-Daten
2016-04-21 16:20 - 2015-07-29 11:31 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\Packages
2016-04-21 11:19 - 2015-09-07 15:25 - 00000000 ____D C:\Users\Manuela\.oracle_jre_usage
2016-04-21 11:17 - 2015-08-21 10:51 - 00000000 ____D C:\Users\Manuela\AppData\Local\Packages
2016-04-19 19:26 - 2015-07-29 10:58 - 02077126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-19 19:26 - 2015-07-10 18:34 - 00883752 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-19 19:26 - 2015-07-10 18:34 - 00195886 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-19 19:26 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-04-19 10:18 - 2013-08-19 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-19 10:17 - 2014-08-08 13:02 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-17 13:46 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Manuela
2016-04-17 09:35 - 2013-03-21 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-15 18:01 - 2015-11-03 10:47 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Ergebnisse Tim
2016-04-13 16:03 - 2013-01-14 17:12 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Konfirmation Nicole 5.5.2013
2016-04-12 18:18 - 2015-10-29 11:17 - 00003772 _____ C:\WINDOWS\System32\Tasks\Fenix Defrag
2016-04-12 12:52 - 2014-11-13 15:37 - 00000000 ____D C:\Users\Jürgen Werner\Documents\Briefe
2016-04-10 08:10 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Resources
2016-04-10 07:32 - 2014-11-08 16:58 - 00001177 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-04-10 07:32 - 2014-11-08 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-04-10 07:32 - 2014-11-08 16:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-04-08 18:52 - 2015-07-19 10:36 - 00000000 ____D C:\Users\Jürgen Werner\AppData\Local\JDownloader 2.0
2016-04-04 18:22 - 2015-08-30 10:33 - 00000000 ____D C:\Users\Jürgen Werner\Downloads\Neu
2016-04-03 22:14 - 2015-07-29 10:59 - 00000000 ____D C:\Users\Jürgen Werner
2016-04-02 14:29 - 2015-07-10 14:20 - 00415672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-02 14:24 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-02 14:17 - 2015-08-21 23:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-02 14:16 - 2016-03-18 15:27 - 634048721 _____ C:\WINDOWS\MEMORY.DMP
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-10-30 11:19 - 2015-10-30 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\47B.tmp
2015-11-04 11:19 - 2015-11-04 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\5792.tmp
2015-10-31 11:19 - 2015-10-31 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\5BC8.tmp
2015-11-03 11:19 - 2015-11-03 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\748B.tmp
2015-11-05 11:19 - 2015-11-05 11:19 - 0000000 _____ () C:\Users\Jürgen Werner\AppData\Roaming\DDF3.tmp
2010-07-29 10:09 - 2010-07-29 10:09 - 0021634 _____ () C:\Users\Jürgen Werner\AppData\Roaming\mdbu.bin
2010-06-28 17:56 - 2010-06-28 17:56 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2015-12-04 10:51 - 2015-12-04 10:51 - 0000016 _____ () C:\ProgramData\mntemp
Einige Dateien in TEMP:
====================
C:\Users\Jürgen Werner\AppData\Local\Temp\avgnt.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1021.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\hp2_upd2_v1025.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\libeay32.dll
C:\Users\Jürgen Werner\AppData\Local\Temp\msvcr120.dll
C:\Users\Jürgen Werner\AppData\Local\Temp\proxy_vole137087492866520834.dll
C:\Users\Jürgen Werner\AppData\Local\Temp\ShFolder.Exe
C:\Users\Jürgen Werner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jürgen Werner\AppData\Local\Temp\sqlite3.dll
C:\Users\Manuela\AppData\Local\Temp\avgnt.exe
C:\Users\TEMP.JürgenWerner-PC.001\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-04-28 11:45
==================== Ende von FRST.txt ============================
[/CODE] Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:30-04-2016
durchgeführt von Jürgen Werner (2016-04-30 21:35:10)
Gestartet von C:\Users\Jürgen Werner\Desktop
Windows 10 Pro (X64) (2015-07-29 09:30:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-4075896183-1784680247-2664955815-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4075896183-1784680247-2664955815-503 - Limited - Disabled)
Gast (S-1-5-21-4075896183-1784680247-2664955815-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4075896183-1784680247-2664955815-1008 - Limited - Enabled)
Jürgen Werner (S-1-5-21-4075896183-1784680247-2664955815-1000 - Administrator - Enabled) => C:\Users\Jürgen Werner
Manuela (S-1-5-21-4075896183-1784680247-2664955815-1005 - Limited - Enabled) => C:\Users\Manuela
Nicole (S-1-5-21-4075896183-1784680247-2664955815-1004 - Limited - Enabled)
Sabine (S-1-5-21-4075896183-1784680247-2664955815-1003 - Administrator - Enabled) => C:\Users\Sabine
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.3 - )
µTorrent (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{3b87484e-d70b-4b4f-ad59-2ae89571e2cf}) (Version: 1.1.56.9119 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MX710 series Benutzerregistrierung (HKLM-x32\...\Canon MX710 series Benutzerregistrierung) (Version: - )
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version: - )
Canon MX710 series On-screen Manual (HKLM-x32\...\Canon MX710 series On-screen Manual) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.41 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.48 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Duden Tipptrainer 2.0 (HKLM-x32\...\{7036A07A-FE2A-4920-A944-19B73D16F106}) (Version: 1.00.0019 - Brockhaus Duden Neue Medien GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JDownloader (HKLM-x32\...\JDownloader) (Version: - AppWork UG (haftungsbeschränkt))
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Klett Nussknacker 1 (HKLM-x32\...\Klett Nussknacker 1) (Version: - )
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Luka und der verborgene Schatz (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\Luka und der verborgene Schatz) (Version: - )
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 45.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 de)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
Opera 10.63 (HKLM-x32\...\{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}) (Version: 10.63 - Opera Software ASA)
PDF24 Creator 7.0.6 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.10.9560 - Skype Technologies S.A.)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SOE Web Installer (HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\SOE Web Installer) (Version: 1.0.3.171 - Sony Online Entertainment)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station (remove only) (HKLM\...\Synology Cloud Station) (Version: 3.2.3479 - Synology, Inc.)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.0.4062 - Synology, Inc.)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.5.5 - Shark007)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Winsol 1.21 (HKLM-x32\...\Winsol_is1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.dll (TODO: <Company name>)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {005192BB-F9C5-4D3B-A2F0-C25AC19BED92} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {00BCD157-3DF9-4C55-A447-519DA9C55DC8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {03D611F0-6B64-41E7-A11D-5F89676498DA} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {04183081-B648-45F0-B19D-FB65560F6F06} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {12EBC4F0-B2D7-4CFE-9AE2-0FCEF0418767} - System32\Tasks\{81FD0B49-60B5-4BB9-8BC1-F74A5A2D544A} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.85.102/de/abandoninstall?page=tsMain
Task: {18FF1DFD-A8D1-45FD-BAF6-2E471F0478D6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1F68C40D-01EA-4D71-99FA-57EACA6DF3C3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {218D8439-DBD1-4677-A983-111705CC1006} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {2BD79C6E-F00A-4BD4-BD9F-88D39B5FCEE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {33502DA4-482E-43BD-9209-E7390EB8AE52} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3A7AD837-C57C-40E9-99A3-E40D152EF64A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {3B21856C-5241-4A43-AC92-9048E18C92C1} - System32\Tasks\{8C3B9BC9-42C8-4E8B-B690-7C0ED752735E} => pcalua.exe -a D:\SetupStarter.exe -d D:\
Task: {3BA52692-592D-4BCC-AD13-A77FA135C526} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3DA9A2AB-5549-42A9-9C43-CDF3D02FDB06} - System32\Tasks\{4203A2F5-75AB-4C8E-9EAD-6B7214E22E6D} => Firefox.exe
Task: {3F5F1837-80D2-4824-9D0C-8554BC177191} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4016516C-9684-41C4-9998-9A686FA4EF55} - System32\Tasks\{5CB1C16A-7983-4CD2-BE2A-4890F0D7871A} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "chrome"
Task: {442392D7-53E8-48F2-95E2-EDAD35CF8439} - System32\Tasks\Common Installer Worker => C:\Program Files (x86)\Common Installer\CommonInstaller.exe [2015-11-03] (Backup Updater)
Task: {44972B6F-3A71-4DE5-834D-C086361D4664} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4ADD0826-A7FA-4D54-9606-40616F55EFA5} - System32\Tasks\{6C3C35A4-33C9-4617-8C3B-337CCBA2B979} => pcalua.exe -a "C:\Users\Jürgen Werner\Downloads\avira_antivir_personal_de.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E59259B-2467-4501-B34E-D21E9586A5A7} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6180FF1A-8559-4957-A156-26DF7B53F136} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {67A1A65F-271D-48B0-A6DD-ACE2CDC8CFBF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6BABFEFF-B200-4A77-9F98-A69B701DD07F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {718A2D38-79D1-4ED2-B7EF-C475C9E512E8} - System32\Tasks\{658F2182-BCD9-43D8-9EC3-0B7D8C931F56} => C:\Users\Jürgen Werner\Documents\Microsoft.Office.2010.Professional.Plus.GERMAN.x86.x64\BIE\os_x86\bie_o10install86.exe [2010-05-30] ()
Task: {71B12A1B-D9F1-468A-98F7-508F78869328} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {793EAEFF-9F5F-4E1F-8CB8-E563E01F521D} - System32\Tasks\{90515FD2-42C6-4D88-9B54-BFF02754C6CD} => Firefox.exe
Task: {79EECAA7-5AF9-47C7-8CFC-A545631F9D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {803A6E1B-7D43-4E8B-9D05-28A5A6DA75AB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {81E02735-BDD5-4EB5-9588-FC16789B605F} - System32\Tasks\{4DD48FE3-A6AF-4D91-9226-6F38FD9240D5} => C:\Users\Jürgen Werner\AppData\Local\CloudStation\bin\cloud.exe
Task: {84D31172-764A-4DFD-BE40-F40894F1185B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88C208C8-C628-434D-8B16-CA821173EC0F} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8FCADBC1-33BD-4872-8B1E-401AE095693F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {959E6674-6A10-4259-9AAD-2DDEDC85D4EE} - System32\Tasks\{C4B6BBCF-5237-45FB-A98E-2ACFB07F6325} => C:\Users\Jürgen Werner\Documents\Microsoft.Office.2010.Professional.Plus.GERMAN.x86.x64\BIE\os_x86\bie_o10install86.exe [2010-05-30] ()
Task: {980C3DE5-5B70-49F0-9772-7B4F53BF3A25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {A37C7988-9121-4512-8F93-BB1B8DA56B32} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A59A61A3-3068-4F19-9360-04B40D655681} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {A6F8BF39-29BF-4509-B7BB-96C715571DB5} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {AC6DD7AF-C261-4DFC-94E3-844E63D4B094} - \Gamma Task Menager Worker -> Keine Datei <==== ACHTUNG
Task: {B04CAB88-2CED-4011-85E1-B710B7C27392} - System32\Tasks\Fenix Defrag => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe <==== ACHTUNG
Task: {B4518264-C23C-411B-AA88-F765FD073927} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B4F8341D-E538-449B-B48A-A0289CED7E50} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B746B3D8-9694-4A29-A29C-F2174F419D86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {B96E4FB4-B6CF-4C9D-B66F-C2D78EA58173} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B9978F61-C8AB-4317-9550-6BADD4309A48} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BAA3D4B9-7A94-4C92-B982-D04075BE56DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C09B9744-E33D-4B27-88AC-AB69F4828F60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {C76C7C29-050D-4470-B707-311BD480FCA5} - System32\Tasks\{3A68D0D9-42FD-4087-B861-6AADCADE9676} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-04-08] (Skype Technologies S.A.)
Task: {CC32E716-5634-496E-85A3-6CA68D11D98A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {D2E1D66D-7C23-4A41-ABCC-0B4FCC1360EA} - System32\Tasks\{4D4DB832-D542-4FBF-8A6C-E7EDBF40374E} => Firefox.exe
Task: {D30CB1BB-BD76-452B-B4D0-934FFC3B579E} - System32\Tasks\Fenix Defrag Logon => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe
Task: {DA943567-04DC-4026-B214-E46EED4D7078} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {DBDDF84B-3696-4814-9167-C7504D0461D3} - System32\Tasks\{8C240E24-0EE7-435B-AE19-B872A71A5675} => Firefox.exe
Task: {DEE2D70C-9743-4DC8-ABDE-D56C6ECDAA3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EB8601AB-5F82-472A-BEA1-8CB2A20E526B} - \Start Registry Reviver -> Keine Datei <==== ACHTUNG
Task: {EC5FF962-1880-4831-AC74-3ACBBE6CDB5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {ED070690-BA39-4999-8303-A04F9FFCB237} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F19AB114-0E55-42D9-9185-458D1EA82142} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FEB5D27E-D4DB-4758-9C0B-D47DA4B02A6F} - System32\Tasks\{417CEE16-CAF5-48C2-9A9C-2B5184BF4554} => pcalua.exe -a C:\ProgramData\Wondershare\Player\pluginInstall.exe -d C:\ProgramData\Wondershare\Player -c "i" "iexplore"
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-29 11:51 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 11:55 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-11-11 09:52 - 2015-11-11 09:52 - 00287712 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2013-04-21 22:36 - 2011-09-06 04:02 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-05-11 09:12 - 2015-05-11 09:12 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-10-01 15:34 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-25 09:10 - 2016-04-25 09:10 - 00959176 _____ () C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-29 12:57 - 2013-10-29 12:57 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2014-11-08 12:10 - 2013-08-23 14:36 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01047552 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.dll
2015-10-01 15:34 - 2015-09-17 08:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 15:33 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-09 11:36 - 2015-11-25 06:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 11:36 - 2015-11-25 06:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 11:36 - 2015-11-25 06:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 15:34 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-08 21:25 - 2015-12-08 21:25 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-04-10 09:30 - 2016-04-10 09:30 - 00472576 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\e8d3ef4b2e696f27353e12629143ce43\VistaBridgeLibrary.ni.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 03:49 - 2015-11-11 03:49 - 01557160 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00058688 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-06-28 16:41 - 2010-07-21 17:33 - 00116032 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2016-04-25 09:10 - 2016-04-25 09:10 - 00679624 _____ () C:\Users\Jürgen Werner\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2014-06-26 18:51 - 2015-07-21 11:43 - 00074272 _____ () C:\Program Files (x86)\PDF24\zlib.dll
2014-06-26 18:51 - 2015-07-21 11:43 - 00051744 _____ () C:\Program Files (x86)\PDF24\OperationUI.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00123918 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01026062 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00524460 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 02949660 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 01798570 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00115214 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 03095505 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 21565192 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00712704 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00031744 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00046080 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00032768 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00516608 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00243200 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2015-12-02 16:34 - 2015-12-02 16:34 - 00431616 _____ () C:\Users\Jürgen Werner\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\com -> hxxp://*.Wondershare.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\sony.com -> sony.com
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jürgen Werner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4075896183-1784680247-2664955815-1003\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4075896183-1784680247-2664955815-1004.bak\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-4075896183-1784680247-2664955815-1005\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Winsol_Autostart.lnk => C:\Windows\pss\Winsol_Autostart.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jürgen Werner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk => C:\Windows\pss\ctfmon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jürgen Werner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: SpUninstallCleanUp => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\StartupApproved\Run: => "AMD AVT"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ATICustomerCare"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LWS"
HKLM\...\StartupApproved\Run32: => "NBAgent"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "AMD AVT"
HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\StartupApproved\Run: => "BingSvc"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{95D95D86-6A2B-4506-BCAA-7FE17E80F0AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D50D9F1B-095B-4FA9-A074-4023F035E6F3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{AB566753-EEA6-4E86-8F6F-E6019FEB15EA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C8BC2761-E284-4E29-960B-40FDBE1A2C1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{8FB5921E-16FA-47E3-A02B-4C2FD874A347}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{BAD9D87E-3F95-4C73-87F1-DAA8D5A7E22A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{FB8AC5CD-D373-46FB-ACB6-FB1EB30B668A}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{3CEBAFE0-783A-4821-B3EC-2EDDBB24ADCC}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{2D9B1C58-BF34-49A1-84E3-19CF30DF06EA}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [TCP Query User{DB71C5CD-6FA0-4CE9-BBCA-EC9C02386F1D}C:\program files (x86)\synology\photo station uploader\mediauploader.exe] => (Allow) C:\program files (x86)\synology\photo station uploader\mediauploader.exe
FirewallRules: [{14C7C674-040E-4949-83D6-479678DA47D5}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{E85DF57E-310C-4991-974D-6FE14ADD6573}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{63314D4E-424A-4E0C-BD0F-D8A31571548E}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{162B55F8-AD72-468A-9A7D-80D473B2970B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{437D7CC4-8FF0-4589-BC42-4A69875E0590}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0A3D4BE9-0D95-4180-96EF-34D26D378719}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC1B1600-5950-4C93-A47B-3A627486369A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AFCF48DE-5BBF-4D6C-80C8-F77E3E9FDD96}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{0099945C-85C2-4625-8F33-C3E6D15B6F87}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{ED449D4B-E0B6-45AA-B594-7A183CC823C2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{81CF9183-58B5-4B3B-BCCF-3BB07C73B538}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3937E7F0-9973-4799-9B81-B8A8E69135D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7583698B-CA63-4917-82E6-91EE379D95BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D156535-CD2E-4DB8-A394-2235C61E5803}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A21CED51-8C40-4172-B71A-6DFF2AC5DA61}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{04E793FE-903C-4AA3-A78B-B874EFD677E3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{D508BCE7-136E-4DAB-8D8F-695DE6989D77}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
28-04-2016 13:02:24 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (04/30/2016 01:41:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JürgenWerner-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (04/29/2016 09:24:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3187
Error: (04/29/2016 09:24:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3187
Error: (04/29/2016 09:24:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2016 09:23:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1625
Error: (04/29/2016 09:23:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1625
Error: (04/29/2016 09:23:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/29/2016 07:26:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {48358479-8105-4d1c-81cc-6d863c0cd4ba}
Error: (04/29/2016 07:26:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-4075896183-1784680247-2664955815-1004.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {99dc32e6-7138-4681-b5b2-6a868d88ffcc}
Error: (04/29/2016 07:05:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4843
Systemfehler:
=============
Error: (04/30/2016 06:22:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session3" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/30/2016 01:41:25 PM) (Source: DCOM) (EventID: 10010) (User: JürgenWerner-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
Error: (04/30/2016 01:41:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_Session2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/30/2016 12:20:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/30/2016 12:16:39 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/30/2016 12:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/30/2016 12:06:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/30/2016 12:04:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/30/2016 12:04:32 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
Error: (04/30/2016 12:01:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073cf9 fehlgeschlagen: Microsoft Visual C++ 2015 Runtime Package
CodeIntegrity:
===================================
Date: 2016-04-29 15:04:11.323
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-04-29 15:03:56.362
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:36.550
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:36.381
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:36.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:29.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-08 08:24:29.234
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.245
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-07 08:19:45.109
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: AMD Athlon(tm) II X4 630 Processor
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 4094.97 MB
Verfügbarer physikalischer RAM: 1553.55 MB
Summe virtueller Speicher: 8190.97 MB
Verfügbarer virtueller Speicher: 4784.39 MB
==================== Laufwerke ================================
Drive c: (OS) (Fixed) (Total:920.43 GB) (Free:598.53 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Warentest) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F0000000)
Partition 1: (Not Active) - (Size=110 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=920.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
03.05.2016, 11:47
| #10 |
| /// Malwareteam | Backdoor Agent kommt immer zum Vorschein okay, machen wir zum Abschluss noch zwei Scans zur Kontrolle: Schritt: 1 Starte bitte wieder Malwarebytes Anti-Malware
Schritt: 2 ESET Online Scanner
Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
04.05.2016, 15:35
| #11 |
| | Backdoor Agent kommt immer zum VorscheinCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 03.05.2016 Suchlaufzeit: 17:55 Protokolldatei: mbam.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.05.03.06 Rootkit-Datenbank: v2016.04.17.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 10 CPU: x64 Dateisystem: NTFS Benutzer: Jürgen Werner Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 765751 Abgelaufene Zeit: 1 Std., 14 Min., 16 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=036dd473e8561748aff8f6c1bcad2e7d
# end=init
# utc_time=2016-05-03 04:34:55
# local_time=2016-05-03 06:34:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29357
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=036dd473e8561748aff8f6c1bcad2e7d
# end=updated
# utc_time=2016-05-03 05:18:34
# local_time=2016-05-03 07:18:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=036dd473e8561748aff8f6c1bcad2e7d
# engine=29357
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-05-03 10:52:24
# local_time=2016-05-04 12:52:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 29836 60522689 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 381812 25789956 0 0
# scanned=381530
# found=1
# cleaned=0
# scan_time=20029
sh=F1AFD6563DB62464E0225265BD0DEE2718A71EB6 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.Agent.NPJ Trojaner" ac=I fn="C:\Users\Jürgen Werner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2c0935da-126e120b"
|
|
07.05.2016, 13:57
| #12 |
| /// Malwareteam | Backdoor Agent kommt immer zum Vorschein Schritt: 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {00BCD157-3DF9-4C55-A447-519DA9C55DC8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {04183081-B648-45F0-B19D-FB65560F6F06} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {218D8439-DBD1-4677-A983-111705CC1006} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {33502DA4-482E-43BD-9209-E7390EB8AE52} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3A7AD837-C57C-40E9-99A3-E40D152EF64A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {44972B6F-3A71-4DE5-834D-C086361D4664} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {79EECAA7-5AF9-47C7-8CFC-A545631F9D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {980C3DE5-5B70-49F0-9772-7B4F53BF3A25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {AC6DD7AF-C261-4DFC-94E3-844E63D4B094} - \Gamma Task Menager Worker -> Keine Datei <==== ACHTUNG
Task: {B04CAB88-2CED-4011-85E1-B710B7C27392} - System32\Tasks\Fenix Defrag => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe <==== ACHTUNG
Task: {C09B9744-E33D-4B27-88AC-AB69F4828F60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {CC32E716-5634-496E-85A3-6CA68D11D98A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {DEE2D70C-9743-4DC8-ABDE-D56C6ECDAA3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EB8601AB-5F82-472A-BEA1-8CB2A20E526B} - \Start Registry Reviver -> Keine Datei <==== ACHTUNG
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\com -> hxxp://*.Wondershare.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\sony.com -> sony.com
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Hast du noch irgendwelche Probleme mit deinem Rechner?
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
09.05.2016, 17:08
| #13 |
| | Backdoor Agent kommt immer zum VorscheinCode:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-05-2016
durchgeführt von Jürgen Werner (2016-05-09 18:00:07) Run:1
Gestartet von C:\Users\Jürgen Werner\Desktop
Geladene Profile: Jürgen Werner & Manuela (Verfügbare Profile: Jürgen Werner & Sabine & Manuela & DefaultAppPool)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Task: {00BCD157-3DF9-4C55-A447-519DA9C55DC8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {04183081-B648-45F0-B19D-FB65560F6F06} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {218D8439-DBD1-4677-A983-111705CC1006} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {33502DA4-482E-43BD-9209-E7390EB8AE52} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {3A7AD837-C57C-40E9-99A3-E40D152EF64A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {44972B6F-3A71-4DE5-834D-C086361D4664} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {79EECAA7-5AF9-47C7-8CFC-A545631F9D8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {980C3DE5-5B70-49F0-9772-7B4F53BF3A25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC} - \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync -> Keine Datei <==== ACHTUNG
Task: {AC6DD7AF-C261-4DFC-94E3-844E63D4B094} - \Gamma Task Menager Worker -> Keine Datei <==== ACHTUNG
Task: {B04CAB88-2CED-4011-85E1-B710B7C27392} - System32\Tasks\Fenix Defrag => C:\Users\Jürgen Werner\AppData\Roaming\Fenix Defrag\Fenix Defrag.exe <==== ACHTUNG
Task: {C09B9744-E33D-4B27-88AC-AB69F4828F60} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {CC32E716-5634-496E-85A3-6CA68D11D98A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {DEE2D70C-9743-4DC8-ABDE-D56C6ECDAA3E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {EB8601AB-5F82-472A-BEA1-8CB2A20E526B} - \Start Registry Reviver -> Keine Datei <==== ACHTUNG
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\com -> hxxp://*.Wondershare.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\...\sony.com -> sony.com
emptytemp:
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00BCD157-3DF9-4C55-A447-519DA9C55DC8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00BCD157-3DF9-4C55-A447-519DA9C55DC8}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{04183081-B648-45F0-B19D-FB65560F6F06}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04183081-B648-45F0-B19D-FB65560F6F06}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{218D8439-DBD1-4677-A983-111705CC1006}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{218D8439-DBD1-4677-A983-111705CC1006}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33502DA4-482E-43BD-9209-E7390EB8AE52}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33502DA4-482E-43BD-9209-E7390EB8AE52}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A7AD837-C57C-40E9-99A3-E40D152EF64A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A7AD837-C57C-40E9-99A3-E40D152EF64A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44972B6F-3A71-4DE5-834D-C086361D4664}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44972B6F-3A71-4DE5-834D-C086361D4664}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79EECAA7-5AF9-47C7-8CFC-A545631F9D8F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79EECAA7-5AF9-47C7-8CFC-A545631F9D8F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{980C3DE5-5B70-49F0-9772-7B4F53BF3A25}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{980C3DE5-5B70-49F0-9772-7B4F53BF3A25}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0FF1C4C-B44D-432C-AFCB-8A38CAAB8ADC}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC6DD7AF-C261-4DFC-94E3-844E63D4B094}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC6DD7AF-C261-4DFC-94E3-844E63D4B094}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Gamma Task Menager Worker => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B04CAB88-2CED-4011-85E1-B710B7C27392}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B04CAB88-2CED-4011-85E1-B710B7C27392}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Fenix Defrag => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fenix Defrag" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C09B9744-E33D-4B27-88AC-AB69F4828F60}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C09B9744-E33D-4B27-88AC-AB69F4828F60}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC32E716-5634-496E-85A3-6CA68D11D98A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC32E716-5634-496E-85A3-6CA68D11D98A}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEE2D70C-9743-4DC8-ABDE-D56C6ECDAA3E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEE2D70C-9743-4DC8-ABDE-D56C6ECDAA3E}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB8601AB-5F82-472A-BEA1-8CB2A20E526B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB8601AB-5F82-472A-BEA1-8CB2A20E526B}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Start Registry Reviver => Schlüssel nicht gefunden.
"HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-4075896183-1784680247-2664955815-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => Schlüssel erfolgreich entfernt
EmptyTemp: => 851.2 MB temporäre Dateien entfernt.
Das System musste neu gestartet werden.
==== Ende von Fixlog 18:02:04 ====
|
|
11.05.2016, 12:51
| #14 |
| /// Malwareteam | Backdoor Agent kommt immer zum VorscheinHast du noch irgendwelche Probleme mit deinem Rechner?
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
11.05.2016, 16:27
| #15 |
| | Backdoor Agent kommt immer zum Vorschein Aktuell läuft der Rechner einwandfrei. |
|
| Themen zu Backdoor Agent kommt immer zum Vorschein |
| 127.0.0.1, agent, anti, appdata, backdoor, bösartige, erkannt, files, gamma, heute, interne, internet, kostenlose, microsoft, program, quarantäne, scan, services, software, super, tagen, temp, users, websites, wenige, windows |
Linear-Darstellung
