Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Online Pay GmbH zip datei geöffnet ! Trojaner ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.02.2017, 21:25   #1
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Hallo.
Ich bin leider älteren Baujahrs.
Ich habe über mein Emailprogramm eine email der Firma Online Pay GmbH mit einem Rechnungsanhang im zip. format bekommen. Ich war erschrocken.Ich öffnete den Anhang,es meldete sich meine Firewall,ich stellte den Rechner sofort ab. habe den Rechner dann mit Avira überprüft, bisher keine Bedrohung erkannt.. bin mir unsicher.was soll ich tun ?
bitte helft mir ! Benutze den Rechner z.zt. wegen einer Krankheit intensiv und brauche Ihn !
Danke im Vorraus !

Alt 18.02.2017, 13:00   #2
M-K-D-B
/// TB-Ausbilder
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Wieso öffnest du überhaupt den Anhang solche Mails? Es sollte doch mittlerweile bekannt sein, dass sich darin Schadsoftware befindet...



Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 19.02.2017, 10:45   #3
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Erst einmal herzlichen Dank für die schnelle Antwort,ich werde die Anweisungen befolgen und alles hier online stellen,danke !

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
durchgeführt von Heinz Ingenillem (Administrator) auf HEINZLAPTOP (19-02-2017 10:39:07)
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Geladene Profile: Heinz Ingenillem & _ocster_backup_ (Verfügbare Profile: Heinz Ingenillem & _ocster_backup_ & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\WINDOWS\System32\BtwRSupportService.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
() C:\WINDOWS\SysWOW64\Rezip.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\NetworkUXBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\DfSdkS64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\WINDOWS\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.570_none_7645b09c266beb53\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [314680 2015-03-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{14992797-037e-4166-974e-034f215f4baa}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7a97b070-ded8-46fa-8171-1a9e8bd8143d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{c60de602-45b1-48f4-a158-c236ba4ac340}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f268a70c-eeb8-49f8-9ca1-e64ca81f7bbc}: [DhcpNameServer] 139.7.30.126 139.7.30.125

Internet Explorer:
==================
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {0DCDFC37-895F-4FA4-B0F6-2AD2E7300CE6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {1199CB04-489F-4507-9B08-5B83FDFE7FDB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {34F7AB04-0A5C-470D-8E55-23822898DBCF} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {5005F082-B204-4B9E-9272-AFB4116CD6F7} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {AB730F28-1225-4D0D-B2C8-DEEE451B6E32} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default [2017-02-16]
FF Homepage: Mozilla\Firefox\Profiles\bhI9ckTj.default -> chrome://unitedtb/content/newtab/startpage.xhtml
FF Extension: (Avira Browser Safety) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\abs@avira.com [2017-02-16]
FF Extension: (Avira Browser Safety) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\abs@avira.com.xpi [2016-01-26]
FF Extension: (WEB.DE MailCheck) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\browser-mailcheck@web.de [2015-10-26]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\safesearchplus@avira.com [2017-02-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default [2017-02-19]
CHR Extension: (Google Docs) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google Drive) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google-Suche) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-13]
CHR Extension: (Avira Browserschutz) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-13]
CHR Extension: (Google Mail) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-24] (Adobe Systems) [Datei ist nicht signiert]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [25232 2016-12-09] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23864 2015-03-05] ()
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [Datei ist nicht signiert]
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-06-03] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-25] (Malwarebytes Corporation)
S3 SD11CL64; C:\WINDOWS\system32\DRIVERS\SD11CL64.sys [96512 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01164; C:\WINDOWS\system32\DRIVERS\SDI01164.SYS [75904 2011-01-24] (SCM Microsystems Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2015-10-30] (Marvell)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-19 10:39 - 2017-02-19 10:39 - 00029983 _____ C:\Users\Heinz Ingenillem\Desktop\FRST.txt
2017-02-19 10:38 - 2017-02-19 10:39 - 00000000 ____D C:\FRST
2017-02-19 10:37 - 2017-02-19 10:37 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Heinz Ingenillem\Desktop\tdsskiller.exe
2017-02-19 10:36 - 2017-02-19 10:38 - 02422784 _____ (Farbar) C:\Users\Heinz Ingenillem\Desktop\FRST64.exe
2017-02-17 21:57 - 2017-02-17 21:57 - 02948080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 21:55 - 2017-02-17 21:55 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_pbgd8h0r37udghjpqtvx_wd (1).exe
2017-02-17 21:55 - 2017-02-17 21:55 - 00091224 _____ C:\Users\Heinz Ingenillem\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-17 21:53 - 2017-02-17 21:53 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_bmukzkars024s21kf9hc_wd.exe
2017-02-17 21:44 - 2017-02-17 21:44 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_pbgd8h0r37udghjpqtvx_wd.exe
2017-02-16 01:12 - 2017-02-16 01:12 - 00001565 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2017).lnk
2017-02-16 01:12 - 2017-02-16 01:12 - 00001329 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2017.lnk
2017-02-16 01:12 - 2017-02-16 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-16 01:12 - 2017-02-16 01:12 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-16 01:12 - 2017-02-16 01:12 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2017-02-16 01:12 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2017-02-16 01:03 - 2017-02-16 01:04 - 22028168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Heinz Ingenillem\Downloads\ashampoo_winoptimizer_2017_25315.exe
2017-02-16 00:41 - 2017-02-16 00:41 - 00001355 _____ C:\Users\Heinz Ingenillem\Desktop\JRT.txt
2017-02-16 00:35 - 2017-02-16 00:35 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT81.exe
2017-02-16 00:35 - 2017-02-16 00:35 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT81 (1).exe
2017-02-16 00:22 - 2017-02-16 00:29 - 00000000 ____D C:\AdwCleaner
2017-02-16 00:21 - 2017-02-16 00:22 - 04015056 _____ C:\Users\Heinz Ingenillem\Downloads\adwcleaner_6.043 (1).exe
2017-02-16 00:21 - 2017-02-16 00:21 - 04015056 _____ C:\Users\Heinz Ingenillem\Downloads\adwcleaner_6.043.exe
2017-02-08 11:25 - 2017-02-08 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 15:32 - 2017-02-06 15:32 - 00001209 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-01-30 18:09 - 2017-01-30 18:10 - 00690080 _____ (Dropbox, Inc.) C:\Users\Heinz Ingenillem\Downloads\DropboxInstaller (3).exe
2017-01-24 19:37 - 2017-01-24 19:37 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-24 19:37 - 2017-01-24 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-24 19:36 - 2017-01-24 19:37 - 00000000 ____D C:\Program Files\iTunes
2017-01-24 19:36 - 2017-01-24 19:36 - 00000000 ____D C:\Program Files\iPod
2017-01-24 19:32 - 2017-01-24 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-19 10:38 - 2012-11-16 17:27 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BD2C414F-711A-4261-85AF-8BC95FBA7768}
2017-02-19 10:35 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 20:48 - 2012-12-19 18:29 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-18 20:15 - 2015-12-24 12:11 - 00001258 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-18 18:15 - 2015-12-24 12:11 - 00001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-18 17:25 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 22:30 - 2016-08-02 16:38 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\ClassicShell
2017-02-17 22:05 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 21:57 - 2016-01-12 22:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 21:57 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-17 21:56 - 2016-09-25 22:27 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\D54FC705-5AAC-4D60-B100-8972879436F5.aplzod
2017-02-16 01:24 - 2016-01-12 20:04 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-16 00:49 - 2015-08-26 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-16 00:49 - 2012-12-22 20:49 - 00000000 ____D C:\ProgramData\Avira
2017-02-16 00:49 - 2012-12-22 20:49 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-16 00:29 - 2014-02-06 19:30 - 00000000 ____D C:\Program Files (x86)\iolo
2017-02-16 00:22 - 2013-11-06 17:24 - 00003518 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-02-15 22:53 - 2016-01-12 20:14 - 00000000 ____D C:\Users\_ocster_backup_
2017-02-10 18:24 - 2013-04-11 20:51 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-10 18:24 - 2013-04-11 20:51 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 11:25 - 2015-12-24 12:15 - 00000000 ___RD C:\Users\Heinz Ingenillem\Dropbox
2017-02-08 11:25 - 2015-12-24 12:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 15:32 - 2014-06-11 21:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 15:17 - 2012-11-26 10:10 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Ocster Backup
2017-02-03 14:31 - 2015-12-24 12:07 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Dropbox
2017-01-30 18:10 - 2015-12-24 12:11 - 00004318 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-01-30 18:10 - 2015-12-24 12:11 - 00004086 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-01-24 23:54 - 2016-09-25 22:25 - 00000000 ___RD C:\Users\Heinz Ingenillem\iCloudDrive
2017-01-24 23:54 - 2013-10-27 15:59 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Apple Computer
2017-01-24 19:36 - 2013-10-27 15:56 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-24 13:28 - 2016-01-14 10:17 - 00000000 ____D C:\Users\DefaultAppPool

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-03 16:04 - 2014-01-03 16:04 - 0000325 _____ () C:\Users\Heinz Ingenillem\AppData\Roaming\mplex-log.log
2015-10-22 10:51 - 2015-10-22 10:52 - 1154916 _____ () C:\Users\Heinz Ingenillem\AppData\Roaming\WrapAnGo_Install.log
2014-01-03 16:01 - 2014-01-03 16:01 - 0003584 _____ () C:\Users\Heinz Ingenillem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-03 19:41 - 2014-11-03 19:41 - 0004096 ____H () C:\Users\Heinz Ingenillem\AppData\Local\keyfile3.drm
2016-08-02 16:55 - 2016-08-02 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-01-12 20:10 - 2016-01-12 20:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-11-15 17:43 - 2010-01-16 07:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-13 22:54

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
durchgeführt von Heinz Ingenillem (19-02-2017 10:41:39)
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-12 22:18:40)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3457901039-3679683318-3372754741-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3457901039-3679683318-3372754741-503 - Limited - Disabled)
Gast (S-1-5-21-3457901039-3679683318-3372754741-501 - Limited - Disabled)
Heinz Ingenillem (S-1-5-21-3457901039-3679683318-3372754741-1000 - Administrator - Enabled) => C:\Users\Heinz Ingenillem
HomeGroupUser$ (S-1-5-21-3457901039-3679683318-3372754741-1003 - Limited - Enabled)
_ocster_backup_ (S-1-5-21-3457901039-3679683318-3372754741-1015 - Administrator - Enabled) => C:\Users\_ocster_backup_

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.113 - ACD Systems International)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo WinOptimizer 2017 (HKLM-x32\...\{4209F371-6CE9-533C-2CDC-94E053273B35}_is1) (Version: 14.00.04 - Ashampoo GmbH & Co. KG)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
AusweisApp2 (HKLM-x32\...\{8BC126FD-2F56-4B56-9363-54C3D0027BC6}) (Version: 1.10.1 - Governikus GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Software Updater (HKLM-x32\...\{115347FE-037B-4F4D-86F2-057FEF294C7A}) (Version: 1.2.4.459 - Avira Operations GmbH & Co. KG)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon iP4600 series Benutzerregistrierung (HKLM-x32\...\Canon iP4600 series Benutzerregistrierung) (Version:  - )
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Canon iP5300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300) (Version:  - )
Canon iP5300 Benutzerregistrierung (HKLM-x32\...\Canon iP5300 Benutzerregistrierung) (Version:  - )
Canon MG2400 series Benutzerregistrierung (HKLM-x32\...\Canon MG2400 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Canon Setup Utility 2.3 (HKLM-x32\...\Canon Setup Utility 2.3) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM-x32\...\Easy-PrintToolBox) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2010.0504.2152.37420 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0.0.13 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.11 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Leawo PowerPoint to Video Converter version 2.6.0.68 (HKLM-x32\...\{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1) (Version: 2.6.0.68 - Leawo Software)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}) (Version: 8.10.124 - Nero AG)
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 7.25 - Ocster GmbH & Co. KG)
Olympus Sonority (HKLM-x32\...\{40CAF5AE-4E70-46C8-8AD8-4A036D32525C}) (Version: 1.4.3 - OLYMPUS IMAGING CORP.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
SDI011 dual interface reader (HKLM-x32\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.7.3288.0 (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\WEB.DE Application {sync-000021}) (Version: 1.7.3288.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5100 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01D00FCF-8E0A-4DF4-BB45-65DEBB77994B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {08B1E403-5E99-4442-9FBC-1CDE805C3869} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {0A24FA2F-60BF-4E04-ACBB-48EB340D72B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {0C01A385-94F4-40FB-828C-3AE9B5B7EDFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {1DCF2261-D94C-4022-B42D-B0EC8BDFECCB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2034FBDC-8133-4EA8-9C3C-BB160A466B29} - System32\Tasks\{28BBA9C6-1BD6-46B6-9A93-026BC367C8F9} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2016-07-13] (Microsoft Corporation)
Task: {2A6F5C87-BF01-4333-ABCB-37922D1CA12E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2BF400FA-81A6-4D07-864C-F4AE79BDB6E9} - System32\Tasks\{65C49899-C1D3-43A4-8AC6-15C82D58B2BF} => C:\Program Files (x86)\RebateInformer\RebateInf.exe 
Task: {2EEB3F91-8212-4744-B228-C79E6B96A875} - System32\Tasks\{7CF24B5F-6A18-4BEE-96BC-3FE94E39E534} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Temp\Temp1_SSEStandard_18.06.zip\SSEStandard_18.06.exe" <==== ACHTUNG
Task: {33651EEF-49A0-4D78-96CA-5991A5F9063B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {35D11107-D724-4016-A04D-1ADE966D6E81} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3F8C6B78-458F-4271-9CFC-F64153FA42A7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {402D168B-1F82-4DF2-A80D-1CBFEFEEDE4F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4621CC95-D313-4AA0-9F85-62FC71D9B3CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {490321FD-8935-46A0-AF88-9DB6D215F631} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {5418157C-D269-406C-9D4D-4898D3A3A5BB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {59F6559E-68DD-4267-8358-37E5D15F09FF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {5CF36949-FD5A-41EB-AE31-449EAB146F26} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {5DFFBBE7-BABA-43B4-BB03-AD5EA78D7B0C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {5EFBF41A-7D39-41A3-B3BE-442F3D003ACE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {628E68EC-6937-4D81-8BA8-B4D751BCD6F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {65BB4E39-7BAD-46EB-812D-78AFEE646FC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6788AA78-C2FB-4C17-9B41-5C59B6E76ED7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6AACFC53-422D-4D2E-A5CF-067A17F74F19} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {72479FFC-3E62-4666-A953-BD7F1134974A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {72C40A44-95A0-4A58-8222-687BD60CC79A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {730B76AF-FE46-42D9-BF5C-96A6DDCF0100} - System32\Tasks\{4AEE5819-BA08-466D-A743-4345307EBC4D} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2016-07-13] (Microsoft Corporation)
Task: {764F7340-D9D3-43CC-A7DD-C1BB080EA534} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {79F64FB6-7BA3-4578-879E-92F4792E7F9E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {7D72BB89-F85C-4CF8-84E3-30478B59A8D0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {8424B9FA-D071-447D-87A1-20C01E696C87} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {8B94A08B-9398-4C96-9D21-AB8C85537179} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {8C555340-9B75-4360-AEEC-01B72B5D356A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8EA67017-8342-4EFB-A291-CBCEFAF0C228} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {9202F68C-D5DE-4A4F-8E9D-99E29782ED82} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {AAB32179-5564-420E-B8FF-E7F375301F18} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {ACE02E70-0F36-495E-953C-7A41766E5872} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {B02169B2-D495-4791-BD94-78C32FDC7A91} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B602A9BB-767F-4377-8BCA-893668DFB543} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B6944183-5896-491D-9611-0F1C4279B21E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {C022B5A4-B15C-434E-97AB-57C9102DA3A5} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2015-01-12] (1&1 Mail & Media GmbH)
Task: {C1CA1891-3770-4CD5-BADA-DA07D43AB181} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {CDF034BE-CB0F-4606-B2B5-2CAE65C9DF85} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {D0C44C76-5D6B-4CE3-9B6A-F3A13A1EAC73} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {D412E901-1A14-4D35-BD35-011A2D918339} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {D5BA1EAD-DF18-424A-9E2B-692090952414} - \StartPoint Updater -> Keine Datei <==== ACHTUNG
Task: {D722B035-31A5-4EE4-BF54-DF5404720178} - System32\Tasks\{6A0ACE63-D1C9-4353-B7B5-EB11A33494D0} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUHBORG7\AVM_FRITZ!WLAN_Repeater_450E_Assistent.exe" -d "C:\Users\Heinz Ingenillem\Desktop"
Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => %ProgramFiles%\Samsung\Samsung Update Plus\SUPBackground.exe 
Task: {DE1283F7-400A-49D3-ABE9-EE84C8AB1184} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {E085489E-3B83-4689-A4A6-7C10F88F196B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {E34AB574-45B8-491A-B358-7B58957E651E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {EF6E1105-EF8C-40FB-B3F3-6429FD276456} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {F43D55E3-0586-46F5-811A-8F17C7F45332} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {FBB123CA-4231-4E0C-B703-51415B467FE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Heinz Ingenillem\Desktop\WEB.DE.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.web.de/tb/ie_desktop_portal

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-01 02:04 - 2009-03-05 10:54 - 00311296 _____ () C:\Windows\SysWOW64\Rezip.exe
2015-03-05 14:19 - 2015-03-05 14:19 - 00023864 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe
2015-03-05 14:19 - 2015-03-05 14:19 - 00109368 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 11391800 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00166584 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 05945656 _____ () c:\Program Files\Ocster Backup\bin\ox.dll
2015-03-05 11:49 - 2015-03-05 11:49 - 00324096 _____ () c:\Program Files\Ocster Backup\bin\party.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00249656 _____ () c:\Program Files\Ocster Backup\bin\crumb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00053560 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00561336 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00368952 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00223032 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00154936 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00528696 _____ () c:\Program Files\Ocster Backup\bin\veem.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00022528 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00060728 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll
2015-03-05 10:46 - 2015-03-05 10:46 - 00081920 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00024248 _____ () c:\Program Files\Ocster Backup\bin\lz4util.dll
2015-03-05 11:43 - 2015-03-05 11:43 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00041272 _____ () c:\Program Files\Ocster Backup\bin\lz4.dll
2015-03-05 13:22 - 2015-03-05 13:22 - 00053760 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-14 09:35 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-14 09:35 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-25 15:33 - 2016-07-25 15:33 - 00959168 _____ () C:\Users\Heinz Ingenillem\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-01-14 10:50 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-19 09:21 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-14 09:32 - 2016-09-07 05:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-14 09:31 - 2016-09-07 05:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 09:32 - 2016-09-07 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-14 09:32 - 2016-09-07 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00314680 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
2015-03-05 14:18 - 2015-03-05 14:18 - 06714168 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 05945656 _____ () C:\Program Files\Ocster Backup\bin\ox.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00423096 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00157880 _____ () C:\Program Files\Ocster Backup\bin\featback.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 11391800 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll
2015-03-05 11:49 - 2015-03-05 11:49 - 00324096 _____ () C:\Program Files\Ocster Backup\bin\party.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00561336 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00368952 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00223032 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00166584 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll
2015-03-05 10:46 - 2015-03-05 10:46 - 00081920 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00249656 _____ () C:\Program Files\Ocster Backup\bin\crumb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00053560 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00154936 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00528696 _____ () C:\Program Files\Ocster Backup\bin\veem.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00022528 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00060728 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00024248 _____ () C:\Program Files\Ocster Backup\bin\lz4util.dll
2015-03-05 11:43 - 2015-03-05 11:43 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00041272 _____ () C:\Program Files\Ocster Backup\bin\lz4.dll
2015-03-05 13:22 - 2015-03-05 13:22 - 00053760 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe
2016-04-20 15:53 - 2016-04-20 15:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2010-06-01 02:09 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2016-07-25 15:33 - 2016-07-25 15:33 - 00679624 _____ () C:\Users\Heinz Ingenillem\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2017-02-10 18:24 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-10 18:24 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-04-20 15:53 - 2016-04-20 15:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 15:53 - 2016-04-20 15:53 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\127.0.0.1 -> hxxp://127.0.0.1

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz Ingenillem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 4.lnk => C:\Windows\pss\Device Detector 4.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heinz Ingenillem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Easy-PrintToolBox => C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: FilmFanatic AppIntegrator 32-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: FilmFanatic AppIntegrator 64-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: FilmFanatic EPM Support => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pamedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: FilmFanatic Search Scope Monitor => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: MailCheck IE Broker => "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RadioRage EPM Support => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: RadioRage Home Page Guard 64 bit => "C:\PROGRA~2\RADIOR~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader 64 => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon64.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: Zwinky EPM Support => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Zwinky Home Page Guard 64 bit => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Zwinky Search Scope Monitor => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon.exe
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader 64 => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "MailCheck IE Broker"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "InboxAce EPM Support"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudPhotos"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{285D78E1-792F-4615-8558-9777F6E9EBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9D95CD9-4C56-4A3A-9200-137567F5B33F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F89C9CD6-4BA6-415D-A834-CED45EB2EEBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C41CD77F-AAB4-4299-8808-E94262CD7D34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BFDE1792-FBD0-4E46-8F7F-92A6257ABEB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D70DF084-73A0-40C2-9E88-3D246405CB23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{873A7583-6E55-4526-9C4C-82D9B7B6611A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{401A9B2D-00C4-45C1-819D-A17B357EEC34}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{78C72CD4-D0B0-4A43-AA44-2EB29E5F7BB3}] => (Allow) svchost.exe
FirewallRules: [{14E32182-A762-4CF9-A196-6DF63EE1F4D1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{177E6684-8727-4206-9BD0-29B4D5C441C8}] => (Allow) LPort=5353
FirewallRules: [{B67EBE6D-7E1F-4078-8D03-C63E917396E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8A24F57F-2D0E-4AE7-B484-0B5BFDCDF705}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{756B7AD2-1806-4273-A6F3-198922C37772}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{059A1D1B-193A-4B08-8DCB-AE1F6A279DE6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{121C53BF-8781-47A7-B5CE-EACD3CAEA4FC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{AB081C22-CE3D-40D0-B280-52D158DD38F8}] => (Allow) LPort=5357
FirewallRules: [{0BF7AF74-C8EB-42AB-B563-B6587AE57E74}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.10.1\AusweisApp2.exe
FirewallRules: [{582803D0-0D99-4CCD-8D64-D805771FCB85}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CE5F1A57-9222-40B0-82F5-8FB82CA79AE8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{507440BE-4932-4130-8821-3D59FAD6228F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

18-02-2017 16:57:10 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/18/2017 04:57:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/18/2017 04:43:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/18/2017 04:43:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/18/2017 04:39:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10804641

Error: (02/18/2017 04:39:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10804641

Error: (02/18/2017 04:39:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2017 01:39:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5531

Error: (02/18/2017 01:39:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5531

Error: (02/18/2017 01:39:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/18/2017 01:39:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4141


Systemfehler:
=============
Error: (02/18/2017 03:59:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/18/2017 01:00:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Manager für heruntergeladene Karten" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 09:58:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (02/17/2017 09:58:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.

Error: (02/17/2017 09:58:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/17/2017 09:56:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_15a55c3 erreicht.


CodeIntegrity:
===================================
  Date: 2016-10-30 22:19:20.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-27 17:01:42.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-27 12:24:36.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-25 20:08:04.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:08:09.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:04:25.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-13 10:14:31.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-16 10:30:24.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 10:22:23.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-23 12:07:02.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 63%
Installierter physikalischer RAM: 2986.16 MB
Verfügbarer physikalischer RAM: 1095.12 MB
Summe virtueller Speicher: 6058.16 MB
Verfügbarer virtueller Speicher: 3837.95 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:215.78 GB) (Free:46.82 GB) NTFS
Drive d: () (Fixed) (Total:62.21 GB) (Free:44.17 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4394EB81)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=62.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
__________________

Alt 19.02.2017, 10:54   #4
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Code:
ATTFilter
10:46:24.0088 0x0ec0  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
10:46:30.0059 0x0ec0  ============================================================
10:46:30.0059 0x0ec0  Current date / time: 2017/02/19 10:46:30.0059
10:46:30.0059 0x0ec0  SystemInfo:
10:46:30.0059 0x0ec0  
10:46:30.0059 0x0ec0  OS Version: 10.0.10586 ServicePack: 0.0
10:46:30.0074 0x0ec0  Product type: Workstation
10:46:30.0074 0x0ec0  ComputerName: HEINZLAPTOP
10:46:30.0074 0x0ec0  UserName: Heinz Ingenillem
10:46:30.0074 0x0ec0  Windows directory: C:\WINDOWS
10:46:30.0074 0x0ec0  System windows directory: C:\WINDOWS
10:46:30.0074 0x0ec0  Running under WOW64
10:46:30.0074 0x0ec0  Processor architecture: Intel x64
10:46:30.0074 0x0ec0  Number of processors: 4
10:46:30.0074 0x0ec0  Page size: 0x1000
10:46:30.0074 0x0ec0  Boot type: Normal boot
10:46:30.0074 0x0ec0  CodeIntegrityOptions = 0x00000001
10:46:30.0074 0x0ec0  ============================================================
10:46:30.0496 0x0ec0  KLMD registered as C:\WINDOWS\system32\drivers\84184616.sys
10:46:30.0496 0x0ec0  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.633, osProperties = 0x19
10:46:30.0896 0x0ec0  System UUID: {60544BD8-A397-73F9-6D91-4067A9BEC970}
10:46:31.0669 0x0ec0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:46:31.0685 0x0ec0  ============================================================
10:46:31.0685 0x0ec0  \Device\Harddisk0\DR0:
10:46:31.0685 0x0ec0  MBR partitions:
10:46:31.0685 0x0ec0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
10:46:31.0685 0x0ec0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x1AF90000
10:46:31.0685 0x0ec0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D7C2800, BlocksNum 0x7C6C000
10:46:31.0685 0x0ec0  ============================================================
10:46:31.0738 0x0ec0  C: <-> \Device\Harddisk0\DR0\Partition2
10:46:31.0906 0x0ec0  D: <-> \Device\Harddisk0\DR0\Partition3
10:46:31.0906 0x0ec0  ============================================================
10:46:31.0906 0x0ec0  Initialize success
10:46:31.0906 0x0ec0  ============================================================
10:46:35.0569 0x007c  ============================================================
10:46:35.0569 0x007c  Scan started
10:46:35.0569 0x007c  Mode: Manual; 
10:46:35.0569 0x007c  ============================================================
10:46:35.0569 0x007c  KSN ping started
10:46:35.0669 0x007c  KSN ping finished: true
10:46:43.0170 0x007c  ================ Scan system memory ========================
10:46:43.0170 0x007c  System memory - ok
10:46:43.0170 0x007c  ================ Scan services =============================
10:46:44.0470 0x007c  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
10:46:44.0486 0x007c  1394ohci - ok
10:46:44.0539 0x007c  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
10:46:44.0539 0x007c  3ware - ok
10:46:44.0739 0x007c  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
10:46:44.0755 0x007c  ACPI - ok
10:46:44.0908 0x007c  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
10:46:44.0924 0x007c  acpiex - ok
10:46:44.0970 0x007c  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
10:46:44.0970 0x007c  acpipagr - ok
10:46:45.0023 0x007c  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
10:46:45.0023 0x007c  AcpiPmi - ok
10:46:45.0055 0x007c  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
10:46:45.0055 0x007c  acpitime - ok
10:46:45.0123 0x007c  [ 2F0683FD2DF1D92E891CACA14B45A8C1, B4A8D6A183FA0B7D642FAD6B51C19FEC998481E1C49480D2B391E5D8B55F5BBD ] adfs            C:\WINDOWS\system32\drivers\adfs.sys
10:46:45.0139 0x007c  adfs - ok
10:46:45.0570 0x007c  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:46:45.0587 0x007c  Adobe LM Service - ok
10:46:45.0971 0x007c  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:46:45.0971 0x007c  AdobeARMservice - ok
10:46:47.0026 0x007c  [ 9B3355B29942AF67F014EA90CE1EA960, FBB155F72984045BCD99CC2059B9EDAABD3A52104C3864A290D8A355991F94D3 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:46:47.0026 0x007c  AdobeFlashPlayerUpdateSvc - ok
10:46:47.0688 0x007c  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
10:46:47.0710 0x007c  ADP80XX - ok
10:46:47.0809 0x007c  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\WINDOWS\system32\drivers\afd.sys
10:46:47.0957 0x007c  AFD - ok
10:46:48.0025 0x007c  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
10:46:48.0025 0x007c  agp440 - ok
10:46:48.0125 0x007c  [ 655491B1173E0F6322F6972A596B93F7, 9AF06B8B9881D535C47582F456A1BF448397B3A28CA33D3E14B4F0E077C7FE53 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
10:46:48.0141 0x007c  ahcache - ok
10:46:48.0188 0x007c  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
10:46:48.0188 0x007c  AJRouter - ok
10:46:48.0257 0x007c  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\WINDOWS\System32\alg.exe
10:46:48.0272 0x007c  ALG - ok
10:46:48.0510 0x007c  [ 7FE59496114A48A64E98E3218664A3E6, 1C11EE3686CB7F57783A5A5F56CCED71F61A46B26B0F4C4D04B1B37E8AC5A7D1 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
10:46:48.0526 0x007c  AMD External Events Utility - ok
10:46:48.0589 0x007c  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
10:46:48.0589 0x007c  AmdK8 - ok
10:46:49.0710 0x007c  [ E66C25946B3D9268D8E10D3769CF4719, C273A59D3A29549E3C8BBF896015CA0E5D64A4ECCD6C2FF360927773DA736022 ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
10:46:49.0940 0x007c  amdkmdag - ok
10:46:50.0149 0x007c  [ D1D66D1D42E53B53AFC7598058E71796, 12A1C8D895891F89745493091174D3FF5A9953F21427E7E1BE1120DA762E0CBD ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
10:46:50.0149 0x007c  amdkmdap - ok
10:46:50.0203 0x007c  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
10:46:50.0203 0x007c  AmdPPM - ok
10:46:50.0234 0x007c  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
10:46:50.0234 0x007c  amdsata - ok
10:46:50.0272 0x007c  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
10:46:50.0287 0x007c  amdsbs - ok
10:46:50.0319 0x007c  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
10:46:50.0319 0x007c  amdxata - ok
10:46:51.0534 0x007c  [ 98D7647EF729503A60EF870DA5C21D0D, 7E36E8E3D9D0BD940DC225E1DB7EFD90F76F7BE8DCAD9782255556C31D6FD476 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
10:46:51.0550 0x007c  AntiVirMailService - ok
10:46:51.0719 0x007c  [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
10:46:51.0735 0x007c  AntiVirSchedulerService - ok
10:46:51.0804 0x007c  [ 229E752A26B53E155524D6530B95CDD4, B4D3DEA52860143D16A57EBA31CD3394B8B4FEA642EB3A736C8388447AB7E0E9 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
10:46:51.0820 0x007c  AntiVirService - ok
10:46:52.0452 0x007c  [ F2B26CD2305E917B1EA1BF49E0C59E31, 8CCE64C68B80D56C7604DB6ABD187F66C624462328F4886C607F0A46D8E9DE92 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
10:46:52.0474 0x007c  AntiVirWebService - ok
10:46:52.0637 0x007c  [ ADFFD587A8CBDCEB0566521ACEF707DB, 17CF539B17FAAF4CC4306B6D2BBD36D80C93FB49A614293D7351A92445C6C1D0 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
10:46:52.0652 0x007c  AppHostSvc - ok
10:46:52.0690 0x007c  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\WINDOWS\system32\drivers\appid.sys
10:46:52.0690 0x007c  AppID - ok
10:46:52.0774 0x007c  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
10:46:52.0774 0x007c  AppIDSvc - ok
10:46:52.0806 0x007c  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
10:46:52.0806 0x007c  Appinfo - ok
10:46:53.0305 0x007c  [ 7D811EA7A2AAA49B0446D42CBC1CD338, AFECE5E44E48F756C7EB81D95C9237552AF8A9C02CBE756E0F3D3C6524DE49AD ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:46:53.0305 0x007c  Apple Mobile Device Service - ok
10:46:53.0490 0x007c  [ 30692A2A8317B77E7C9AF0E9D000D43B, 0E9C0C4ADE18CB3FA2895754D311E568B9FC05B4040CD8BB2372A70362EC5650 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
10:46:53.0521 0x007c  AppReadiness - ok
10:46:54.0037 0x007c  [ E657B463C873D4F03221C2C6601B6D6C, 3B605061E21FCE011A30DC77D7FC251172D03D0BB8615D617BAD4997C488D002 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
10:46:54.0074 0x007c  AppXSvc - ok
10:46:54.0137 0x007c  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
10:46:54.0137 0x007c  arcsas - ok
10:46:54.0921 0x007c  [ 00B0FDD484914F388B5441285FDE24CB, 90AA8A12BB235BFC3A924F0E23BCEE8742817E3BC5A85E49D8AF8B52E8158ECB ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:46:54.0927 0x007c  aspnet_state - ok
10:46:54.0962 0x007c  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
10:46:54.0964 0x007c  AsyncMac - ok
10:46:54.0977 0x007c  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
10:46:54.0979 0x007c  atapi - ok
10:46:55.0033 0x007c  [ 77C149E6D702737B2E372DEE166FAEF8, D18FEAE9D915D5F25B787B755F9C6321A9C9506D4F563DD637E3586401E36053 ] AtiHdmiService  C:\WINDOWS\system32\drivers\AtiHdmi.sys
10:46:55.0034 0x007c  AtiHdmiService - ok
10:46:55.0104 0x007c  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
10:46:55.0104 0x007c  AudioEndpointBuilder - ok
10:46:55.0176 0x007c  [ 83268B5C98979F36B4251FA8C1201EAD, FE5E328A08D8FB53CB5DA492B4E0767FC25EED3DC825D49BF7A41A5FB65E3809 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
10:46:55.0240 0x007c  Audiosrv - ok
10:46:55.0373 0x007c  [ 19A629CC661BBB49E25203B9626354F9, 9FDE67E19CE0B5973441A11EB0D5CD8187C1B47B3A2C866FD6BD939D31F42924 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:46:55.0376 0x007c  avgntflt - ok
10:46:55.0407 0x007c  [ B34C86461D03F33E9B1A57699DCABED3, 127A63A3AEC796DDF7E19432CAF523CA23051058752B9772244655797B3B4CDB ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:46:55.0407 0x007c  avipbb - ok
10:46:55.0492 0x007c  [ 2AEE4D1D7E668F1CCF97EDE93509B0EE, B082B3BBB27D3C8B26A754508C3B98BA803FEA707898FF18A120D6A2679098DF ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
10:46:55.0500 0x007c  Avira.ServiceHost - ok
10:46:55.0577 0x007c  [ 8D2830B4A88B957890AC292686140E2D, 5B645D67EC327E074C0A01B2CDF2FDBF376B6F869E2724F2699A7DEF4AA366D2 ] AviraUpdaterService C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
10:46:55.0578 0x007c  AviraUpdaterService - ok
10:46:55.0614 0x007c  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:46:55.0617 0x007c  avkmgr - ok
10:46:55.0634 0x007c  [ 899D89FDF015BBAF628076987D74C295, 7534A10F652FBE559431B9B1C6BC13874E8BC7438D7AFD7553F96811FD3E59BD ] avnetflt        C:\WINDOWS\system32\DRIVERS\avnetflt.sys
10:46:55.0650 0x007c  avnetflt - ok
10:46:55.0675 0x007c  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
10:46:55.0676 0x007c  AxInstSV - ok
10:46:55.0723 0x007c  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
10:46:55.0817 0x007c  b06bdrv - ok
10:46:55.0855 0x007c  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
10:46:55.0855 0x007c  BasicDisplay - ok
10:46:55.0876 0x007c  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
10:46:55.0876 0x007c  BasicRender - ok
10:46:55.0986 0x007c  [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
10:46:55.0999 0x007c  bcbtums - ok
10:46:57.0192 0x007c  [ 43AD3D3E7674833FCA9A7C4E7180AD54, 81CBF3146853FCCA26C14D23160892BD892269C5BB8B2167837339372BD38DA2 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl664.sys
10:46:57.0376 0x007c  BCM43XX - ok
10:46:57.0908 0x007c  [ ACB44407FF63C3A5A22AB5782F209604, 86BE221F07EB49D2149710CCCE4F0C24677560FEFD41F093C6D2BA0C962CF5C3 ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
10:46:57.0955 0x007c  BcmBtRSupport - ok
10:46:57.0996 0x007c  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
10:46:57.0996 0x007c  bcmfn - ok
10:46:58.0027 0x007c  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
10:46:58.0027 0x007c  bcmfn2 - ok
10:46:58.0155 0x007c  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
10:46:58.0155 0x007c  BDESVC - ok
10:46:58.0208 0x007c  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
10:46:58.0208 0x007c  Beep - ok
10:46:58.0408 0x007c  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE             C:\WINDOWS\System32\bfe.dll
10:46:58.0424 0x007c  BFE - ok
10:46:58.0793 0x007c  [ D768F4B49DB81E7A665FDB2029B0893F, 2ACAFDE99604E479A185FCD92C27247DB135545568F3BCEB23A6440B1A025BF6 ] BITS            C:\WINDOWS\System32\qmgr.dll
10:46:58.0824 0x007c  BITS - ok
10:46:59.0075 0x007c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:46:59.0092 0x007c  Bonjour Service - ok
10:46:59.0124 0x007c  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
10:46:59.0139 0x007c  bowser - ok
10:46:59.0192 0x007c  [ 453207816AB95A0376887BE01FAE30E1, 102CA59ED06C6A7D69AA3094DDC550400C50CDF5B7F066522BF0031B8EC7B708 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
10:46:59.0239 0x007c  BrokerInfrastructure - ok
10:46:59.0323 0x007c  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser         C:\WINDOWS\System32\browser.dll
10:46:59.0339 0x007c  Browser - ok
10:46:59.0376 0x007c  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
10:46:59.0376 0x007c  BthAvrcpTg - ok
10:46:59.0408 0x007c  [ 72CC1F3397B4438C8B8830F004075038, FBB7F9E7E22F14D31E4BDEB0F32D7D59DEF86FA91117C030E318CDFE0E054EA5 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
10:46:59.0423 0x007c  BthEnum - ok
10:46:59.0439 0x007c  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
10:46:59.0439 0x007c  BthHFEnum - ok
10:46:59.0455 0x007c  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
10:46:59.0455 0x007c  bthhfhid - ok
10:46:59.0492 0x007c  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
10:46:59.0492 0x007c  BthHFSrv - ok
10:46:59.0539 0x007c  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
10:46:59.0539 0x007c  BTHMODEM - ok
10:46:59.0577 0x007c  [ 0A23A12396CE5AE78E13F8E2ADF9AE35, EDD14B90DDB5E0F566399F42317DED71BDEDFEACAE87F16813E97BA296595E04 ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
10:46:59.0577 0x007c  BthPan - ok
10:46:59.0624 0x007c  [ 2442F8CED09E5E4A8F1AA04C5DB22771, C1D072502B0FE2A39BD0A2E724FD8955C1199F681C605ECB3F2558AE2EC1A450 ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
10:46:59.0674 0x007c  BTHPORT - ok
10:46:59.0708 0x007c  [ CEEC73833A4C6B31E2F376A3FD4DA73E, F09FC6EAB8D9769DBAD0931CC7C7F5DFE1562D3EE09CE0EF086AA73D4B62E076 ] bthserv         C:\WINDOWS\system32\bthserv.dll
10:46:59.0708 0x007c  bthserv - ok
10:46:59.0739 0x007c  [ FA7EE4E3DCF4C1159D4E78147D8F1A7B, 27FA5245D0FDE880E6D5D450EF7F28C3EDC6AA03BB9EBA7F9B088A21D4CFBED0 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
10:46:59.0739 0x007c  BTHUSB - ok
10:46:59.0793 0x007c  [ BC279FCEE9FC8CBF991D5DE539771AA9, 5DE007672BFBFA78C44CC08251F495420402AFF4AD01541AA84AD37BD4A58190 ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
10:46:59.0808 0x007c  btwampfl - ok
10:46:59.0854 0x007c  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
10:46:59.0857 0x007c  buttonconverter - ok
10:46:59.0900 0x007c  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
10:46:59.0916 0x007c  CapImg - ok
10:46:59.0947 0x007c  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
10:46:59.0947 0x007c  cdfs - ok
10:46:59.0999 0x007c  [ 88E3BA684A7B1247762E1D401076D4C2, 88375BD1970848A71B9CF8C7C73ECA2E4A65E57D80D0C36F41547D381441A552 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
10:47:00.0010 0x007c  CDPSvc - ok
10:47:00.0131 0x007c  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
10:47:00.0144 0x007c  cdrom - ok
10:47:00.0231 0x007c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
10:47:00.0234 0x007c  CertPropSvc - ok
10:47:00.0333 0x007c  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
10:47:00.0333 0x007c  circlass - ok
10:47:00.0379 0x007c  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
10:47:00.0379 0x007c  CLFS - ok
10:47:00.0594 0x007c  [ B7DF3A93F4702A8D9B805F24FA8BE6B5, A258B274DAAF42803396A5BF33FA89BAF940BB18B958E701AC97A4537FA63398 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
10:47:00.0641 0x007c  ClipSVC - ok
10:47:00.0694 0x007c  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
10:47:00.0694 0x007c  CmBatt - ok
10:47:00.0894 0x007c  [ 7C44AE95C76EB2EA549F1202A3F8089D, F936936911E73B665254B50F6AA4855796C5EC6200972189FF8B266085803E53 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
10:47:00.0909 0x007c  CNG - ok
10:47:00.0941 0x007c  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
10:47:00.0956 0x007c  cnghwassist - ok
10:47:01.0057 0x007c  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
10:47:01.0057 0x007c  CompositeBus - ok
10:47:01.0076 0x007c  COMSysApp - ok
10:47:01.0125 0x007c  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
10:47:01.0125 0x007c  condrv - ok
10:47:01.0179 0x007c  [ 120B0DF5427D88345026964929F8E300, 227786B6782C8AED2C0400FAC0A6B792B69CE2FF2A6E76754B7A68024B4BCC59 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
10:47:01.0194 0x007c  CoreMessagingRegistrar - ok
10:47:01.0279 0x007c  [ 9E79A2208A9ED205A7383CBC92C28053, 2E6599DF30DF19BD7BE6FEF1B21FED7F349A3F2306CC5CFDB767ABA7283E8A55 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
10:47:01.0294 0x007c  CryptSvc - ok
10:47:01.0341 0x007c  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\WINDOWS\system32\drivers\dam.sys
10:47:01.0341 0x007c  dam - ok
10:47:01.0379 0x007c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
10:47:01.0395 0x007c  dbupdate - ok
10:47:01.0395 0x007c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
10:47:01.0395 0x007c  dbupdatem - ok
10:47:01.0410 0x007c  dbx - ok
10:47:01.0479 0x007c  [ 2C5A991F0320D95BAC80D0C31F43A79E, CC7887132AF15C77676A3186429FE0071DCC8DC9C6252314D99C02E54867BE10 ] DbxSvc          C:\WINDOWS\system32\DbxSvc.exe
10:47:01.0479 0x007c  DbxSvc - ok
10:47:01.0541 0x007c  [ 68E07DF3E6D1DFED440B82D3D33542B1, A80C25C2B884F0A725B8256E985D670FCFBE9C870A0380C22B51BB140820B4A8 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
10:47:01.0557 0x007c  DcomLaunch - ok
10:47:01.0679 0x007c  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
10:47:01.0694 0x007c  DcpSvc - ok
10:47:01.0757 0x007c  [ AEADFE9C3D3FBB3BE619AB369AE069B6, E7911628446C170375C70538192165F7DD9DF39B9098B4B2404E6521DBD191AE ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
10:47:01.0794 0x007c  defragsvc - ok
10:47:02.0010 0x007c  [ 0CADF20D9CBB7EEB26ACA0B5FDF01FB1, 2556861FB94F9942B2CA29A7E33F28883CECED56A2A5973F29A94C5D85219579 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
10:47:02.0026 0x007c  DeviceAssociationService - ok
10:47:02.0079 0x007c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
10:47:02.0079 0x007c  DeviceInstall - ok
10:47:02.0126 0x007c  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
10:47:02.0126 0x007c  DevQueryBroker - ok
10:47:02.0157 0x007c  [ A4FC5B8A300394F7E219B173E2BF3A46, 8D4691E992BBC4A94EC13ED7B79C016C527CDE3AE13F21CB8E4897C863567684 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
10:47:02.0157 0x007c  Dfsc - ok
10:47:02.0242 0x007c  [ D51B32BA3897F630D99713B74B40D6A2, 5EB136A8248E6FA1316CFA273D9DC8F9C8E8CCB9AC00AE23C1337FBF5F6FDBEC ] DfSdkS          C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\DfsdkS64.exe
10:47:02.0266 0x007c  DfSdkS - ok
10:47:02.0295 0x007c  [ D461D2BECEFA661291EB1B748A8D2CCB, 7275859FCDE58DE6C0C683AFDAD910EB4602336CC724EEE42495A8839213469D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
10:47:02.0310 0x007c  Dhcp - ok
10:47:02.0526 0x007c  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
10:47:02.0526 0x007c  diagnosticshub.standardcollector.service - ok
10:47:02.0642 0x007c  [ D58F44F1396F81CC12C6470BB3FD6E3B, 3DEA70CF36197E30F6E84A0EA76E0CC63EF5F60C8733F582709BCDFA57D3E213 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
10:47:02.0711 0x007c  DiagTrack - ok
10:47:02.0742 0x007c  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
10:47:02.0742 0x007c  disk - ok
10:47:02.0810 0x007c  [ 126FCA1567A012BAEA80FC4F8068A48F, 74907F56CC88AA0DD345E271DBB1F8B6EB1618F798B895CDF441123E582E9A16 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
10:47:02.0826 0x007c  DmEnrollmentSvc - ok
10:47:02.0857 0x007c  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
10:47:02.0857 0x007c  dmvsc - ok
10:47:02.0879 0x007c  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
10:47:02.0879 0x007c  dmwappushservice - ok
10:47:02.0926 0x007c  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
10:47:02.0926 0x007c  Dnscache - ok
10:47:02.0942 0x007c  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
10:47:02.0957 0x007c  dot3svc - ok
10:47:02.0979 0x007c  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\WINDOWS\system32\dps.dll
10:47:02.0995 0x007c  DPS - ok
10:47:03.0042 0x007c  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\System32\drivers\drmkaud.sys
10:47:03.0058 0x007c  drmkaud - ok
10:47:03.0981 0x007c  [ 29CCFF428E5EB70AE429C3DA8968E1EC, 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F ] DrvAgent64      C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
10:47:03.0981 0x007c  DrvAgent64 - ok
10:47:04.0043 0x007c  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
10:47:04.0043 0x007c  DsmSvc - ok
10:47:04.0080 0x007c  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
10:47:04.0080 0x007c  DsSvc - ok
10:47:04.0212 0x007c  [ 1BCBC80D05B8DA0BB64837D83C2DF85C, 0149D5EC9CAD5A0FAAEDC450C9F4A08497425CC3DA12351C4360E42B82178577 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
10:47:04.0312 0x007c  DXGKrnl - ok
10:47:04.0359 0x007c  [ 1FBC5FF75CE1B6DCC61DA0352E7C91AA, 4705B8DB74E73945066363F72B20B0942F1AB7EB56AA523817F5F9D477D84D99 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
10:47:04.0359 0x007c  Eaphost - ok
10:47:05.0295 0x007c  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
10:47:05.0411 0x007c  ebdrv - ok
10:47:05.0480 0x007c  [ 28F844500ADA77447835BC586F15AAAE, A0368E0928E7AB459F7DF3E9C0ECAFDD33F5DAC6A7122689FA6CF4B55AFB4D15 ] EFS             C:\WINDOWS\System32\lsass.exe
10:47:05.0480 0x007c  EFS - ok
10:47:05.0527 0x007c  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
10:47:05.0527 0x007c  EhStorClass - ok
10:47:05.0581 0x007c  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
10:47:05.0596 0x007c  EhStorTcgDrv - ok
10:47:05.0628 0x007c  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
10:47:05.0628 0x007c  embeddedmode - ok
10:47:05.0679 0x007c  [ B8B197787331426271457525DA7FC04D, 27EE1DA1211B506E06077656FDE55A140041CF91095EFF95F7A10120E60004D2 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
10:47:05.0680 0x007c  EntAppSvc - ok
10:47:05.0696 0x007c  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
10:47:05.0696 0x007c  ErrDev - ok
10:47:05.0743 0x007c  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\WINDOWS\system32\es.dll
10:47:05.0759 0x007c  EventSystem - ok
10:47:05.0781 0x007c  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
10:47:05.0797 0x007c  exfat - ok
10:47:05.0912 0x007c  [ C330883C06E2D4CE4F6982F048265D37, 26044DE176056B7F5BF2A50A659243CFD7F25CFEE035B3A3C3165B3699872926 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
10:47:05.0928 0x007c  fastfat - ok
10:47:05.0997 0x007c  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\WINDOWS\system32\fxssvc.exe
10:47:06.0044 0x007c  Fax - ok
10:47:06.0076 0x007c  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
10:47:06.0079 0x007c  fdc - ok
10:47:06.0112 0x007c  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
10:47:06.0112 0x007c  fdPHost - ok
10:47:06.0128 0x007c  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
10:47:06.0128 0x007c  FDResPub - ok
10:47:06.0181 0x007c  [ C27C39D56B11C2DF2257CC466375A52B, 9111EE70CEA432290196E2DF34EB1151821DD223160D6F1C3E96F80AB16343B1 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
10:47:06.0181 0x007c  fhsvc - ok
10:47:06.0212 0x007c  [ 8F2523C9D8F1448FF2156452AF60FA00, 1D39CA54F5F1E62385D9EC041F9445BDDCB63740859B9418AE904FDF3D8388ED ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
10:47:06.0228 0x007c  FileCrypt - ok
10:47:06.0259 0x007c  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
10:47:06.0259 0x007c  FileInfo - ok
10:47:06.0281 0x007c  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
10:47:06.0297 0x007c  Filetrace - ok
10:47:06.0312 0x007c  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
10:47:06.0312 0x007c  flpydisk - ok
10:47:06.0344 0x007c  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
10:47:06.0359 0x007c  FltMgr - ok
10:47:06.0460 0x007c  [ FFF49D397DC82F804BD36A13B974A174, 5D29152A0A4A74036C13A52905335AFAD7E7F46B8EBB350415793D9B10164634 ] FontCache       C:\WINDOWS\system32\FntCache.dll
10:47:06.0528 0x007c  FontCache - ok
10:47:06.0789 0x007c  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:47:06.0791 0x007c  FontCache3.0.0.0 - ok
10:47:06.0824 0x007c  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
10:47:06.0827 0x007c  FsDepends - ok
10:47:06.0849 0x007c  [ 53DAB1791917A72738539AD25C4EED7F, 3DE667E8B894EE1A1A814AF2153901AFE2A320BDB3B2A51330D987636B1BC6BE ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr.sys
10:47:06.0849 0x007c  fssfltr - ok
10:47:06.0913 0x007c  [ 206AD9A89BF05DFA1621F1FC7B82592D, EAEE557535D865232237898858F5AE35F868065A1F79BBB48A2173124E2B6F63 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:47:06.0928 0x007c  fsssvc - ok
10:47:06.0979 0x007c  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:47:06.0980 0x007c  Fs_Rec - ok
10:47:07.0197 0x007c  [ 50DFE05C698E9B0A63D95E3D669A105C, 3A7D5AE4A01B90C2ECF22AD2783A84C2329EAB9BACFA5237A7DCC3DC5995A864 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
10:47:07.0212 0x007c  fvevol - ok
10:47:07.0259 0x007c  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
10:47:07.0259 0x007c  gagp30kx - ok
10:47:07.0497 0x007c  [ 3FCE1DA0F96C183D605BDF11C70B1176, FBF7DC215ED74FE01D82B211767CA1CBB8374209000C0E180216E90DA936A347 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
10:47:07.0580 0x007c  Garmin Device Interaction Service - ok
10:47:07.0597 0x007c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
10:47:07.0597 0x007c  GEARAspiWDM - ok
10:47:07.0644 0x007c  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
10:47:07.0660 0x007c  gencounter - ok
10:47:07.0682 0x007c  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
10:47:07.0682 0x007c  genericusbfn - ok
10:47:07.0713 0x007c  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
10:47:07.0713 0x007c  GPIOClx0101 - ok
10:47:07.0798 0x007c  [ B89C353AFC8F56D961D07FF1FE7B4BCD, C4491A1E33E0151AF3D7589769D4DCFABC68518A22393A7584FB573B47643B2F ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
10:47:07.0844 0x007c  gpsvc - ok
10:47:07.0882 0x007c  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
10:47:07.0882 0x007c  GpuEnergyDrv - ok
10:47:07.0944 0x007c  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
10:47:07.0944 0x007c  grmnusb - ok
10:47:08.0160 0x007c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:47:08.0160 0x007c  gupdate - ok
10:47:08.0160 0x007c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:47:08.0176 0x007c  gupdatem - ok
10:47:08.0297 0x007c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:47:08.0312 0x007c  gusvc - ok
10:47:08.0328 0x007c  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
10:47:08.0344 0x007c  HDAudBus - ok
10:47:08.0359 0x007c  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
10:47:08.0359 0x007c  HidBatt - ok
10:47:08.0413 0x007c  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
10:47:08.0413 0x007c  HidBth - ok
10:47:08.0460 0x007c  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
10:47:08.0460 0x007c  hidi2c - ok
10:47:08.0460 0x007c  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
10:47:08.0477 0x007c  hidinterrupt - ok
10:47:08.0481 0x007c  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
10:47:08.0481 0x007c  HidIr - ok
10:47:08.0528 0x007c  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\WINDOWS\system32\hidserv.dll
10:47:08.0528 0x007c  hidserv - ok
10:47:08.0560 0x007c  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
10:47:08.0560 0x007c  HidUsb - ok
10:47:08.0597 0x007c  [ EDE31817FC0A574E7CC3AF7E544C8951, DC8D07A15525E1CA52C5F6DFAEB2585807D45FC3400EAC9E27DC27E46B5B480F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
10:47:08.0613 0x007c  HomeGroupListener - ok
10:47:08.0660 0x007c  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
10:47:08.0681 0x007c  HomeGroupProvider - ok
10:47:08.0713 0x007c  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
10:47:08.0713 0x007c  HpSAMD - ok
10:47:08.0782 0x007c  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
10:47:08.0797 0x007c  HTTP - ok
10:47:08.0844 0x007c  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
10:47:08.0844 0x007c  hwpolicy - ok
10:47:08.0860 0x007c  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
10:47:08.0860 0x007c  hyperkbd - ok
10:47:08.0897 0x007c  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
10:47:08.0897 0x007c  i8042prt - ok
10:47:08.0928 0x007c  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
10:47:08.0928 0x007c  iai2c - ok
10:47:08.0944 0x007c  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
10:47:08.0960 0x007c  iaLPSS2i_I2C - ok
10:47:08.0981 0x007c  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
10:47:08.0981 0x007c  iaLPSSi_GPIO - ok
10:47:08.0997 0x007c  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
10:47:08.0997 0x007c  iaLPSSi_I2C - ok
10:47:09.0059 0x007c  [ A5F72BB0D024E7E463344105BE613AE4, 22B1DED17118C85ACC1F57996FA13428FFE8C96051FAF5212A7E37430F4C62E8 ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
10:47:09.0079 0x007c  iaStor - ok
10:47:09.0259 0x007c  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
10:47:09.0281 0x007c  iaStorAV - ok
10:47:09.0328 0x007c  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
10:47:09.0328 0x007c  iaStorV - ok
10:47:09.0360 0x007c  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
10:47:09.0380 0x007c  ibbus - ok
10:47:09.0396 0x007c  [ 57C88C15CEC97318F580D7F4327AAA46, FD3AD83576804DA819F48E3E198FE470420E730F6118AD0E719A91E67C80D3FE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
10:47:09.0412 0x007c  icssvc - ok
10:47:09.0412 0x007c  IEEtwCollectorService - ok
10:47:09.0659 0x007c  [ 25EE06F7B8E0AD4FC7C48E9379F85BFC, 21F0C230A16FAA4CE0BF015F0A005561C48BD4AF718EEB0FE264182644C63273 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
10:47:09.0696 0x007c  IKEEXT - ok
10:47:10.0812 0x007c  [ 8DEDB08D32562867A3E83F0184F39ED4, 48D5A490C436386BA9BD0F9173E96346118C5E584099F2F31B0E931FF96BB4B9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
10:47:10.0981 0x007c  IntcAzAudAddService - ok
10:47:11.0028 0x007c  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
10:47:11.0028 0x007c  intelide - ok
10:47:11.0044 0x007c  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
10:47:11.0044 0x007c  intelpep - ok
10:47:11.0097 0x007c  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
10:47:11.0097 0x007c  intelppm - ok
10:47:11.0113 0x007c  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\WINDOWS\system32\drivers\ioqos.sys
10:47:11.0113 0x007c  IoQos - ok
10:47:11.0160 0x007c  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:47:11.0160 0x007c  IpFilterDriver - ok
10:47:11.0229 0x007c  [ 5AAB28A6AC2AAC9F66D4EAB6695D0474, BDAB1D04989788EA945C7FE0DE962F0FEC672D9703C271F8469822A91D7462B9 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
10:47:11.0282 0x007c  iphlpsvc - ok
10:47:11.0329 0x007c  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
10:47:11.0329 0x007c  IPMIDRV - ok
10:47:11.0345 0x007c  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
10:47:11.0360 0x007c  IPNAT - ok
10:47:11.0545 0x007c  [ 97C9EBB84A761D48DC17E0E6B913C164, D195A8410E1FEED1A0EE9C5F5AF6F5FC861284765A38D460D496CE1048501905 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:47:11.0561 0x007c  iPod Service - ok
10:47:11.0614 0x007c  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
10:47:11.0614 0x007c  IRENUM - ok
10:47:11.0629 0x007c  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
10:47:11.0629 0x007c  isapnp - ok
10:47:11.0661 0x007c  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
10:47:11.0681 0x007c  iScsiPrt - ok
10:47:11.0698 0x007c  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
10:47:11.0698 0x007c  kbdclass - ok
10:47:11.0714 0x007c  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
10:47:11.0730 0x007c  kbdhid - ok
10:47:11.0730 0x007c  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
10:47:11.0730 0x007c  kdnic - ok
10:47:11.0745 0x007c  [ 28F844500ADA77447835BC586F15AAAE, A0368E0928E7AB459F7DF3E9C0ECAFDD33F5DAC6A7122689FA6CF4B55AFB4D15 ] KeyIso          C:\WINDOWS\system32\lsass.exe
10:47:11.0761 0x007c  KeyIso - ok
10:47:11.0783 0x007c  [ 38DADD5178E0299A1BB5A805B2136DEC, D6372DA2376C5D35611B0DF9427628A845878ED1AD410759804D1D306E996DD1 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
10:47:11.0798 0x007c  KSecDD - ok
10:47:11.0814 0x007c  [ C2138FE291C8235C3A26CD04EE629163, 33A840893B104BFCF111C99F8C23B283EF26D8E1BB523BDA0259F6B56B60874D ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
10:47:11.0830 0x007c  KSecPkg - ok
10:47:11.0861 0x007c  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
10:47:11.0861 0x007c  ksthunk - ok
10:47:11.0898 0x007c  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
10:47:11.0913 0x007c  KtmRm - ok
10:47:11.0960 0x007c  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
10:47:11.0960 0x007c  LanmanServer - ok
10:47:11.0982 0x007c  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
10:47:11.0998 0x007c  LanmanWorkstation - ok
10:47:12.0045 0x007c  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
10:47:12.0045 0x007c  lfsvc - ok
10:47:12.0061 0x007c  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
10:47:12.0061 0x007c  LicenseManager - ok
10:47:12.0082 0x007c  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
10:47:12.0082 0x007c  lltdio - ok
10:47:12.0113 0x007c  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
10:47:12.0113 0x007c  lltdsvc - ok
10:47:12.0145 0x007c  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
10:47:12.0145 0x007c  lmhosts - ok
10:47:12.0198 0x007c  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
10:47:12.0198 0x007c  LSI_SAS - ok
10:47:12.0213 0x007c  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
10:47:12.0213 0x007c  LSI_SAS2i - ok
10:47:12.0245 0x007c  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
10:47:12.0245 0x007c  LSI_SAS3i - ok
10:47:12.0260 0x007c  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
10:47:12.0260 0x007c  LSI_SSS - ok
10:47:12.0459 0x007c  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\WINDOWS\System32\lsm.dll
10:47:12.0481 0x007c  LSM - ok
10:47:12.0559 0x007c  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
10:47:12.0559 0x007c  luafv - ok
10:47:12.0581 0x007c  [ 1F90F7FF05BE19803FD4C028C4304F34, 015A0F77B97C56396F22874E11FDDED465739BB956C968F1475D3F3CC629A1D7 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
10:47:12.0597 0x007c  MapsBroker - ok
10:47:12.0612 0x007c  [ 8F22037D3F5A6BB676525D825A1388B9, 2AAC748D46136DFA1BE45150BF0AB7707D45391CAC1F63B964D341D11B135C91 ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
10:47:12.0612 0x007c  MBAMSwissArmy - ok
10:47:12.0813 0x007c  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:47:12.0828 0x007c  MDM - ok
10:47:12.0877 0x007c  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
10:47:12.0880 0x007c  megasas - ok
10:47:12.0913 0x007c  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
10:47:12.0960 0x007c  megasr - ok
10:47:13.0013 0x007c  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
10:47:13.0013 0x007c  MessagingService - ok
10:47:13.0529 0x007c  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:47:13.0544 0x007c  Microsoft Office Groove Audit Service - ok
10:47:13.0613 0x007c  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
10:47:13.0645 0x007c  mlx4_bus - ok
10:47:13.0660 0x007c  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
10:47:13.0677 0x007c  MMCSS - ok
10:47:13.0714 0x007c  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
10:47:13.0729 0x007c  Modem - ok
10:47:13.0745 0x007c  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
10:47:13.0745 0x007c  monitor - ok
10:47:13.0782 0x007c  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
10:47:13.0782 0x007c  mouclass - ok
10:47:13.0813 0x007c  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
10:47:13.0813 0x007c  mouhid - ok
10:47:13.0829 0x007c  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
10:47:13.0845 0x007c  mountmgr - ok
10:47:13.0898 0x007c  [ E96D4881189E3241A80EE54EFAB02E00, 13DC3174A2A5CF20C63C3EA5E2FF4060B15B40B02CCB29B41EC7A53047B69D9F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:47:13.0898 0x007c  MozillaMaintenance - ok
10:47:13.0913 0x007c  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
10:47:13.0929 0x007c  mpsdrv - ok
10:47:13.0982 0x007c  [ 0B28F2ACE5103586D322AD98FAA01309, CE3053DEB6E452C6DCDFD371CF113EB0D740DED6C1C537CB749D1BE5E97FAB09 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
10:47:14.0044 0x007c  MpsSvc - ok
10:47:14.0178 0x007c  [ 2B9A1FF2450BAF7A795941BE471F16EF, DD213BACDAE4E3C4F89BFE54BCE77B2F66D12AA85949147AE8A31049876CAA3E ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
10:47:14.0182 0x007c  MQAC - ok
10:47:14.0198 0x007c  [ 4B08308D8A2B21E96D77ABA478CB081E, 08373CEB7E538E08FD158DDF279CE3E99D083AB45C8FF028FC85786CC593163E ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
10:47:14.0213 0x007c  MRxDAV - ok
10:47:14.0245 0x007c  [ E7D59C52DE0C19C3179114D028EAA4B7, 0D2C137CFEFBBD5DB0EF8B8E5F5041F3E2C80CB46A4162FD9102D63DF48C8B7C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:47:14.0260 0x007c  mrxsmb - ok
10:47:14.0360 0x007c  [ 734D21F5B05D05DA2F85BE7EEF77DD43, 3B8BC89BE48DEA6138D5E35E8150D2DD003D0895F3EAF3EE485CB089E26D014D ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
10:47:14.0378 0x007c  mrxsmb10 - ok
10:47:14.0414 0x007c  [ 600D5CC9DD2AE16691C71DCD4DAF8F1D, 06777F594A1A0C054A7F662E518AC914670C0028B8843887A6DFE2891F052905 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
10:47:14.0414 0x007c  mrxsmb20 - ok
10:47:14.0483 0x007c  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
10:47:14.0483 0x007c  MsBridge - ok
10:47:14.0530 0x007c  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
10:47:14.0530 0x007c  MSDTC - ok
10:47:14.0561 0x007c  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
10:47:14.0561 0x007c  Msfs - ok
10:47:14.0599 0x007c  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
10:47:14.0599 0x007c  msgpiowin32 - ok
10:47:14.0614 0x007c  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
10:47:14.0614 0x007c  mshidkmdf - ok
10:47:14.0646 0x007c  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
10:47:14.0646 0x007c  mshidumdf - ok
10:47:14.0661 0x007c  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
10:47:14.0661 0x007c  msisadrv - ok
10:47:14.0745 0x007c  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
10:47:14.0745 0x007c  MSiSCSI - ok
10:47:14.0761 0x007c  msiserver - ok
10:47:14.0783 0x007c  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
10:47:14.0783 0x007c  MSKSSRV - ok
10:47:14.0845 0x007c  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
10:47:14.0845 0x007c  MsLldp - ok
10:47:14.0883 0x007c  [ 30130E99810283026C5FA2F57A4BB488, 3CF97CC2F63A7CDEA19C8B2DD73EED161309A7C334FF80567C18423F2DA34249 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
10:47:14.0898 0x007c  MSMQ - ok
10:47:14.0998 0x007c  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
10:47:14.0998 0x007c  MSPCLOCK - ok
10:47:15.0045 0x007c  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
10:47:15.0045 0x007c  MSPQM - ok
10:47:15.0198 0x007c  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
10:47:15.0230 0x007c  MsRPC - ok
10:47:15.0279 0x007c  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
10:47:15.0282 0x007c  mssmbios - ok
10:47:15.0361 0x007c  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
10:47:15.0361 0x007c  MSTEE - ok
10:47:15.0429 0x007c  [ D65DB6F9285AF96151C937ABF027AEA8, 8BBB3DDB824C589663F81DED0C3D04EDAFFFDA64DBDF6F32217401523C9D51E5 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
10:47:15.0429 0x007c  MTConfig - ok
10:47:15.0497 0x007c  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
10:47:15.0497 0x007c  Mup - ok
10:47:15.0529 0x007c  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
10:47:15.0544 0x007c  mvumis - ok
10:47:15.0713 0x007c  [ 549DFD8240CF20BFBD88AD9D89325DBF, D2553AEA91524E7EBCE902D175BCE3A14C594FB0B5E1310E2D9171AF903CF51C ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
10:47:15.0744 0x007c  NativeWifiP - ok
10:47:15.0845 0x007c  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
10:47:15.0861 0x007c  NcaSvc - ok
10:47:15.0898 0x007c  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\WINDOWS\System32\ncbservice.dll
10:47:15.0914 0x007c  NcbService - ok
10:47:15.0961 0x007c  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
10:47:15.0983 0x007c  NcdAutoSetup - ok
10:47:15.0998 0x007c  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
10:47:15.0998 0x007c  ndfltr - ok
10:47:16.0361 0x007c  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
10:47:16.0383 0x007c  NDIS - ok
10:47:16.0398 0x007c  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
10:47:16.0414 0x007c  NdisCap - ok
10:47:16.0461 0x007c  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
10:47:16.0461 0x007c  NdisImPlatform - ok
10:47:16.0498 0x007c  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:47:16.0514 0x007c  NdisTapi - ok
10:47:16.0529 0x007c  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
10:47:16.0529 0x007c  Ndisuio - ok
10:47:16.0545 0x007c  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
10:47:16.0545 0x007c  NdisVirtualBus - ok
10:47:16.0580 0x007c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
10:47:16.0582 0x007c  NdisWan - ok
10:47:16.0598 0x007c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:47:16.0598 0x007c  ndiswanlegacy - ok
10:47:16.0644 0x007c  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
10:47:16.0660 0x007c  ndproxy - ok
10:47:16.0682 0x007c  [ 883A36E2FF7FA3E1281CB575579FE3AF, F1BE02B13C090E2E36BD211055FC980E79BD14F72042773A3619A5143AAEE485 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
10:47:16.0698 0x007c  Ndu - ok
10:47:17.0013 0x007c  [ 6D4028D458EAAA1782099750790DC8C9, 0D863A61D049235D5BBEC998185814B798674AD861DEBF0C903D28E310CE2768 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
10:47:17.0145 0x007c  Nero BackItUp Scheduler 3 - ok
10:47:17.0213 0x007c  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\WINDOWS\System32\drivers\netaapl64.sys
10:47:17.0213 0x007c  Netaapl - ok
10:47:17.0244 0x007c  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
10:47:17.0244 0x007c  NetBIOS - ok
10:47:17.0313 0x007c  [ C03E926B0E7D66D68994067231DC3246, 1895BE28921431AA78BEF9AFE01411FE8CDA570867E527E4D925E6FAA35D8BC0 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
10:47:17.0329 0x007c  NetBT - ok
10:47:17.0360 0x007c  [ 28F844500ADA77447835BC586F15AAAE, A0368E0928E7AB459F7DF3E9C0ECAFDD33F5DAC6A7122689FA6CF4B55AFB4D15 ] Netlogon        C:\WINDOWS\system32\lsass.exe
10:47:17.0360 0x007c  Netlogon - ok
10:47:17.0513 0x007c  [ 20A3341C586525486349C759E83C0E0A, 92BDF987AC79404BF3828372B8065FDDE15AC7D46073CDF8D28E98901FA2FA74 ] Netman          C:\WINDOWS\System32\netman.dll
10:47:17.0513 0x007c  Netman - ok
10:47:17.0581 0x007c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:47:17.0613 0x007c  NetMsmqActivator - ok
10:47:17.0629 0x007c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:47:17.0629 0x007c  NetPipeActivator - ok
10:47:17.0814 0x007c  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
10:47:17.0845 0x007c  netprofm - ok
10:47:17.0960 0x007c  [ D8CAB1807EA429C2C647FBC33C30CC88, 8D7CD300A5345444ED39F7BD81B64DEDC4457AF66B5993E9F6A250AE6AD02130 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
10:47:17.0982 0x007c  NetSetupSvc - ok
10:47:17.0998 0x007c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:47:18.0013 0x007c  NetTcpActivator - ok
10:47:18.0013 0x007c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:47:18.0013 0x007c  NetTcpPortSharing - ok
10:47:18.0160 0x007c  [ 0FB83658FBB2C5A18AB98C5C94DB9FAF, 2D15A49F47D8185D7914D26916D1237FCBE2F8351A64877CDDDDE26E766C3D2F ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
10:47:18.0181 0x007c  NgcCtnrSvc - ok
10:47:18.0229 0x007c  [ FD35B4E83326317C5DAEBE1A8A67F3FC, 23E3C1CCD5EB397F417B40BF6DAFF5BFC160627BEF130A9376BC123D774DE818 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
10:47:18.0283 0x007c  NgcSvc - ok
10:47:18.0361 0x007c  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
10:47:18.0379 0x007c  NlaSvc - ok
10:47:18.0661 0x007c  [ D36107465E716CF2335A25C54B6D11C2, B4A3415B221FC12A58F2067358CFB124D48C359363D5A1FDC784F655D73D0405 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
10:47:18.0683 0x007c  NMIndexingService - ok
10:47:18.0761 0x007c  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
10:47:18.0761 0x007c  Npfs - ok
10:47:18.0799 0x007c  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
10:47:18.0815 0x007c  npsvctrig - ok
10:47:18.0846 0x007c  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\WINDOWS\system32\nsisvc.dll
10:47:18.0846 0x007c  nsi - ok
10:47:18.0862 0x007c  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
10:47:18.0880 0x007c  nsiproxy - ok
10:47:19.0516 0x007c  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
10:47:19.0616 0x007c  NTFS - ok
10:47:19.0685 0x007c  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
10:47:19.0685 0x007c  Null - ok
         

Alt 19.02.2017, 10:57   #5
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Code:
ATTFilter
10:47:19.0738 0x007c  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
10:47:19.0743 0x007c  nvraid - ok
10:47:19.0784 0x007c  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
10:47:19.0788 0x007c  nvstor - ok
10:47:19.0816 0x007c  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
10:47:19.0816 0x007c  nv_agp - ok
10:47:20.0085 0x007c  [ A6C158301E58535FC12C230E4DB7A030, 19D91E35033C72155EDE197A4A6CF7B9245A8AEA5BE627342DE628087D2129D4 ] ocster_backup   c:\Program Files\Ocster Backup\bin\backupService-ox.exe
10:47:20.0085 0x007c  ocster_backup - ok
10:47:20.0148 0x007c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:47:20.0163 0x007c  odserv - ok
10:47:20.0368 0x007c  [ 9312B411D728AAABA8B5C6B6D2DA35F6, D3FF266E281DDEEAFDD7D9751C51D024344A10D74FDEE717A3D7987EDD675210 ] Olympus DVR Service C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe
10:47:20.0384 0x007c  Olympus DVR Service - ok
10:47:20.0427 0x007c  [ 62C35022062C6C2CE797E74DD4952BD8, 691277A1119F4197FB8157294614C01C69ED27F7CE644CF0A1182F0912C59B29 ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
10:47:20.0433 0x007c  OneSyncSvc - ok
10:47:20.0501 0x007c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:47:20.0501 0x007c  ose - ok
10:47:20.0563 0x007c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
10:47:20.0635 0x007c  p2pimsvc - ok
10:47:20.0686 0x007c  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
10:47:20.0701 0x007c  p2psvc - ok
10:47:20.0748 0x007c  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
10:47:20.0748 0x007c  Parport - ok
10:47:20.0801 0x007c  [ D330D74B5F99309B5CCA30AE41C57CDE, AE5186CB4B639A5241BF0D17FE8A73D6DAFA505C31E250EA225CD498C8A4A07E ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
10:47:20.0817 0x007c  partmgr - ok
10:47:20.0886 0x007c  [ E44B9B6F5E842C0E4D63E2644CDE2370, FCDB910434CF67E442793636564E6D4250809BEB0CD72DB036B101A583AC5736 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
10:47:20.0901 0x007c  PcaSvc - ok
10:47:20.0964 0x007c  [ 3F89E96BDA0A24A3D2DBB7CE1E625589, 63AAF83128B8AE279BC37331D2B27133EB9DE9C61392ADF18278A301697D0307 ] pci             C:\WINDOWS\system32\drivers\pci.sys
10:47:20.0986 0x007c  pci - ok
10:47:21.0033 0x007c  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
10:47:21.0033 0x007c  pciide - ok
10:47:21.0064 0x007c  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
10:47:21.0080 0x007c  pcmcia - ok
10:47:21.0102 0x007c  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
10:47:21.0102 0x007c  pcw - ok
10:47:21.0133 0x007c  [ 34DDBE73E42A4EDED7BEFF66F270C1A4, 420D6EC5B514423C4583839D4E185F7D71989C7BC8A854B0FCC54EE03A972381 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
10:47:21.0133 0x007c  pdc - ok
10:47:21.0248 0x007c  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
10:47:21.0286 0x007c  PEAUTH - ok
10:47:21.0364 0x007c  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
10:47:21.0364 0x007c  percsas2i - ok
10:47:21.0402 0x007c  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
10:47:21.0402 0x007c  percsas3i - ok
10:47:21.0549 0x007c  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
10:47:21.0549 0x007c  PerfHost - ok
10:47:21.0733 0x007c  [ 53A15E033D640133CBC60DA29057393B, 5439CE20198C08C14A18E1D2C6FB78CCA6819D28F3E03200C0F892BC84ED9930 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
10:47:21.0764 0x007c  PhoneSvc - ok
10:47:21.0865 0x007c  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
10:47:21.0887 0x007c  PimIndexMaintenanceSvc - ok
10:47:22.0065 0x007c  [ 5D2DF0392FFD0BA4FF27F503999997C2, C4BD5145151AB08403E5B2B30894E6B95E7E4888EB3E89542FC039DD775A27C0 ] pla             C:\WINDOWS\system32\pla.dll
10:47:22.0149 0x007c  pla - ok
10:47:22.0218 0x007c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
10:47:22.0234 0x007c  PlugPlay - ok
10:47:22.0265 0x007c  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
10:47:22.0265 0x007c  PNRPAutoReg - ok
10:47:22.0301 0x007c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
10:47:22.0312 0x007c  PNRPsvc - ok
10:47:22.0449 0x007c  [ D67052BD0DA9C17BCBBF8AB5B6D354EE, 7FE9B414C74CF69E531B27C506216F7F5CBE00B67E90305A4A4A2ECADAA4F349 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
10:47:22.0464 0x007c  PolicyAgent - ok
10:47:22.0503 0x007c  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\WINDOWS\system32\umpo.dll
10:47:22.0519 0x007c  Power - ok
10:47:22.0563 0x007c  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
10:47:22.0567 0x007c  PptpMiniport - ok
10:47:23.0565 0x007c  [ 8E284670A19FAB11857D054A738D140E, E654D540C7897367E784F9E910FAC147A15C0E457A5E4D394170B05D0E09E7B4 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
10:47:23.0665 0x007c  PrintNotify - ok
10:47:23.0749 0x007c  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
10:47:23.0749 0x007c  Processor - ok
10:47:23.0811 0x007c  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
10:47:23.0814 0x007c  ProfSvc - ok
10:47:23.0861 0x007c  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
10:47:23.0880 0x007c  Psched - ok
10:47:23.0918 0x007c  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\WINDOWS\system32\qwave.dll
10:47:23.0934 0x007c  QWAVE - ok
10:47:23.0993 0x007c  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
10:47:23.0997 0x007c  QWAVEdrv - ok
10:47:24.0033 0x007c  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:47:24.0033 0x007c  RasAcd - ok
10:47:24.0087 0x007c  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
10:47:24.0103 0x007c  RasAgileVpn - ok
10:47:24.0134 0x007c  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:47:24.0149 0x007c  RasAuto - ok
10:47:24.0187 0x007c  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
10:47:24.0187 0x007c  Rasl2tp - ok
10:47:24.0433 0x007c  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:47:24.0465 0x007c  RasMan - ok
10:47:24.0487 0x007c  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:47:24.0487 0x007c  RasPppoe - ok
10:47:24.0502 0x007c  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
10:47:24.0502 0x007c  RasSstp - ok
10:47:24.0549 0x007c  [ 39B52DF786378EA1F72BE193D483941F, E42733CAF3564BF6BD112EAB9EC31541E8ED5033F34C640DDE20EBF4AD9ACEB8 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:47:24.0565 0x007c  rdbss - ok
10:47:24.0618 0x007c  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
10:47:24.0618 0x007c  rdpbus - ok
10:47:24.0650 0x007c  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
10:47:24.0650 0x007c  RDPDR - ok
10:47:24.0749 0x007c  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
10:47:24.0766 0x007c  RdpVideoMiniport - ok
10:47:24.0787 0x007c  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
10:47:24.0803 0x007c  rdyboost - ok
10:47:25.0165 0x007c  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
10:47:25.0185 0x007c  ReFSv1 - ok
10:47:25.0250 0x007c  [ 23247F380832FB1BCF835587170B3E1F, 6F81F56381906CD4ED46E426EEA516FEF30EB1F4765AA4311116C9AB93A15892 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:47:25.0303 0x007c  RemoteAccess - ok
10:47:25.0387 0x007c  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:47:25.0403 0x007c  RemoteRegistry - ok
10:47:25.0619 0x007c  [ 704F04824DEF12C5ED051A6CCC0A16A4, E9FD52E015F9BD2C25FB929366E0D38D10FF3F6ED865EA65EB7820DCBE113ECE ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
10:47:25.0650 0x007c  RetailDemo - ok
10:47:25.0819 0x007c  [ F85AE59A52885F4B09AADAFB23001A3B, CE722F19C0F916BC9EC1B7B28A479C71504190271B54B4B9ACA82922B484FEA0 ] Rezip           C:\Windows\SysWOW64\Rezip.exe
10:47:25.0819 0x007c  Rezip - ok
10:47:25.0866 0x007c  [ 5DCB6746E9880DED87EC2A239ED64EB4, 45ED65A9C103C07B202BAC6EB66C45F619B84F61C1E38C71CBF4F3C94E67FA3D ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
10:47:25.0884 0x007c  RFCOMM - ok
10:47:25.0904 0x007c  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
10:47:25.0920 0x007c  RpcEptMapper - ok
10:47:25.0951 0x007c  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:47:25.0951 0x007c  RpcLocator - ok
10:47:26.0066 0x007c  [ 68E07DF3E6D1DFED440B82D3D33542B1, A80C25C2B884F0A725B8256E985D670FCFBE9C870A0380C22B51BB140820B4A8 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:47:26.0088 0x007c  RpcSs - ok
10:47:26.0167 0x007c  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
10:47:26.0167 0x007c  rspndr - ok
10:47:26.0219 0x007c  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
10:47:26.0219 0x007c  s3cap - ok
10:47:26.0286 0x007c  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\Windows\system32\Drivers\SABI.sys
10:47:26.0287 0x007c  SABI - ok
10:47:26.0335 0x007c  [ 28F844500ADA77447835BC586F15AAAE, A0368E0928E7AB459F7DF3E9C0ECAFDD33F5DAC6A7122689FA6CF4B55AFB4D15 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:47:26.0335 0x007c  SamSs - ok
10:47:26.0420 0x007c  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
10:47:26.0420 0x007c  sbp2port - ok
10:47:26.0467 0x007c  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
10:47:26.0489 0x007c  SCardSvr - ok
10:47:26.0536 0x007c  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
10:47:26.0536 0x007c  ScDeviceEnum - ok
10:47:26.0588 0x007c  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
10:47:26.0588 0x007c  scfilter - ok
10:47:26.0666 0x007c  [ DE23637D300F44F2ECE9E776FD174617, 90503183A6C353D0DE103771CB2A59CD04976E447B1F676572A3B870A829BBE0 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:47:26.0688 0x007c  Schedule - ok
10:47:26.0735 0x007c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
10:47:26.0751 0x007c  SCPolicySvc - ok
10:47:26.0788 0x007c  [ F7CB59B1758135DA71CDBDC478170C99, 72DD13DD3A5BEEB4444723A5E743D8AD31122211236EEBACE972AF7A2686A5CE ] SD11CL64        C:\WINDOWS\system32\DRIVERS\SD11CL64.sys
10:47:26.0788 0x007c  SD11CL64 - ok
10:47:26.0820 0x007c  [ B32F13993145E815D7280C6F55B9523B, A3269AA65F89F9F0BFD5C98F66DDEA3FB92D1C097FA11959593A2074E7460DE3 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
10:47:26.0835 0x007c  sdbus - ok
10:47:26.0904 0x007c  [ 316A555A88EE4B2A2B6064D7205CDACD, 9BE8E986C51CBC9B5F49B8D6DD79AAA3591469C1047AFA2762F717C0A72AE0FA ] SDI01164        C:\WINDOWS\system32\DRIVERS\SDI01164.SYS
10:47:26.0904 0x007c  SDI01164 - ok
10:47:26.0951 0x007c  [ 723C6C3DE056D3EB76F7520BEF5947B4, 49FFDAD56BBD652404A587F282867161BAE6D9E61BC2C819DDC75CE10A8E3C63 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
10:47:26.0951 0x007c  SDRSVC - ok
10:47:26.0989 0x007c  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
10:47:27.0005 0x007c  sdstor - ok
10:47:27.0020 0x007c  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
10:47:27.0020 0x007c  seclogon - ok
10:47:27.0051 0x007c  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
10:47:27.0051 0x007c  SENS - ok
10:47:27.0120 0x007c  [ F6A6B608881AAEED7A3ACA7806A7E74C, 653782C984E4C6F1A4BC6B4C7EF840C9263166DA9EE324BB072A1E7FFC25BED3 ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
10:47:27.0152 0x007c  SensorDataService - ok
10:47:27.0290 0x007c  [ 0F940F413D9F88E432C42D0F2ABE2BBB, 201BF2C7FCFF66DDB85F693FFD6C1E3303F8EEF6DC1154D0D99D38E6C5247130 ] SensorService   C:\WINDOWS\system32\SensorService.dll
10:47:27.0290 0x007c  SensorService - ok
10:47:27.0337 0x007c  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
10:47:27.0352 0x007c  SensrSvc - ok
10:47:27.0368 0x007c  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
10:47:27.0386 0x007c  SerCx - ok
10:47:27.0421 0x007c  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
10:47:27.0437 0x007c  SerCx2 - ok
10:47:27.0468 0x007c  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
10:47:27.0468 0x007c  Serenum - ok
10:47:27.0506 0x007c  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\WINDOWS\System32\drivers\serial.sys
10:47:27.0506 0x007c  Serial - ok
10:47:27.0522 0x007c  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
10:47:27.0522 0x007c  sermouse - ok
10:47:27.0569 0x007c  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
10:47:27.0586 0x007c  SessionEnv - ok
10:47:27.0622 0x007c  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
10:47:27.0637 0x007c  sfloppy - ok
10:47:27.0768 0x007c  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:47:27.0791 0x007c  SharedAccess - ok
10:47:27.0869 0x007c  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:47:27.0891 0x007c  ShellHWDetection - ok
10:47:27.0938 0x007c  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
10:47:27.0938 0x007c  SiSRaid2 - ok
10:47:27.0954 0x007c  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
10:47:27.0969 0x007c  SiSRaid4 - ok
10:47:28.0007 0x007c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:47:28.0007 0x007c  SkypeUpdate - ok
10:47:28.0091 0x007c  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\WINDOWS\System32\smphost.dll
10:47:28.0091 0x007c  smphost - ok
10:47:28.0148 0x007c  [ 01177453C9F498EABD49CCF1E50437C8, CF8886916A93AB35E164D3F92337A2F7EF0475673CAB533EC56CBF24FB7F5231 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
10:47:28.0182 0x007c  SmsRouter - ok
10:47:28.0218 0x007c  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
10:47:28.0233 0x007c  SNMPTRAP - ok
10:47:28.0322 0x007c  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
10:47:28.0338 0x007c  spaceport - ok
10:47:28.0354 0x007c  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
10:47:28.0354 0x007c  SpbCx - ok
10:47:28.0407 0x007c  [ 199C8C07241F1A14C5B0527647A6D2D7, 7A704F750BDEF21507230EAE437DAB565FDB0909177F05B8FC48DBF925E631A9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
10:47:28.0438 0x007c  Spooler - ok
10:47:29.0887 0x007c  [ 8D5EBE968C95BDD31F65F74C3236B19E, 7178007B02A0BDC60EA757B9CA1C855436C41946267A4F400A85C8F18C4217D6 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
10:47:30.0154 0x007c  sppsvc - ok
10:47:30.0228 0x007c  [ B5C5436E7DEA7048822809D16B6E861D, 608641408574CA07A23B2B94A096BC5D2D28828E33B5C2F86CBEA0E49CCE57A5 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:47:30.0244 0x007c  srv - ok
10:47:30.0292 0x007c  [ ACCFA2FAAF77F5F9D72D3496B36057A8, C874CFB46C732ABEAB5B2A1751E043AA32E5D8DA78C526368986E878A547897A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
10:47:30.0339 0x007c  srv2 - ok
10:47:30.0393 0x007c  [ FEABA2601AD0D819760F84D1A3ECE5AF, 838127FC6C54F643ADFE1BFBBBF5AA66A1C82272DB9AFAA5B3B14731834BC307 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
10:47:30.0408 0x007c  srvnet - ok
10:47:30.0471 0x007c  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:47:30.0490 0x007c  SSDPSRV - ok
10:47:30.0524 0x007c  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
10:47:30.0540 0x007c  SstpSvc - ok
10:47:30.0842 0x007c  [ A443DC17F146CDC8A39CDAB989A49CC2, A4F4371FE536F2DB8A76B04544B7364C1E9663C323D4B33858C8B9B33573AEFC ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
10:47:30.0956 0x007c  StateRepository - ok
10:47:31.0056 0x007c  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
10:47:31.0056 0x007c  stexstor - ok
10:47:31.0093 0x007c  [ 2834415C4EDD6CE35CB3CFEC50E08469, 28426616C709457DF38B5E2B4B9666C1255B81D2097589A95AAABD1BFACD302A ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
10:47:31.0094 0x007c  StillCam - ok
10:47:31.0172 0x007c  [ 031E6ABABF940133B92613E7BDF3A169, E47F1FCAA399BB4D0BDC37A1D124E63B26B17C1333073A3FD2E680AE3B5A0068 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
10:47:31.0209 0x007c  stisvc - ok
10:47:31.0294 0x007c  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
10:47:31.0309 0x007c  storahci - ok
10:47:31.0341 0x007c  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
10:47:31.0341 0x007c  storflt - ok
10:47:31.0372 0x007c  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
10:47:31.0393 0x007c  stornvme - ok
10:47:31.0456 0x007c  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
10:47:31.0456 0x007c  storqosflt - ok
10:47:31.0510 0x007c  [ 0C3826B2DB8D45A6B577007EFA0D24C2, 0DBF01031597C33E85BABF1491CF903222C06175CBC39B4056D170F90674592F ] StorSvc         C:\WINDOWS\system32\storsvc.dll
10:47:31.0594 0x007c  StorSvc - ok
10:47:31.0626 0x007c  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
10:47:31.0626 0x007c  storufs - ok
10:47:31.0657 0x007c  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
10:47:31.0657 0x007c  storvsc - ok
10:47:31.0694 0x007c  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\WINDOWS\system32\svsvc.dll
10:47:31.0694 0x007c  svsvc - ok
10:47:31.0710 0x007c  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
10:47:31.0710 0x007c  swenum - ok
10:47:31.0895 0x007c  [ 2EAC7BF69DC104F9AC913D5E00550334, 0698A48B45EF23D39370797D567326596687A3A5FA5D757374DE5BB93E9E4ACC ] swprv           C:\WINDOWS\System32\swprv.dll
10:47:31.0910 0x007c  swprv - ok
10:47:31.0942 0x007c  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
10:47:31.0957 0x007c  Synth3dVsc - ok
10:47:32.0094 0x007c  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
10:47:32.0110 0x007c  SysMain - ok
10:47:32.0226 0x007c  [ FA8E0A9C648035CA1B47C9DA77EDB7EA, 4097AB89D2DB4741B138F3939AED4C5DB00BA124BF66E5DC2218ACF3A37513A3 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
10:47:32.0241 0x007c  SystemEventsBroker - ok
10:47:32.0293 0x007c  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
10:47:32.0295 0x007c  TabletInputService - ok
10:47:32.0326 0x007c  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:47:32.0326 0x007c  TapiSrv - ok
10:47:32.0695 0x007c  [ CF63BF6AAEDF721E37F9E216FD321B8E, 73FF268E5DBCEFA9C5322420729E0EAA4F74A7C51E6ED3C988134AC5E875A74C ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
10:47:32.0795 0x007c  Tcpip - ok
10:47:32.0888 0x007c  [ CF63BF6AAEDF721E37F9E216FD321B8E, 73FF268E5DBCEFA9C5322420729E0EAA4F74A7C51E6ED3C988134AC5E875A74C ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
10:47:32.0927 0x007c  Tcpip6 - ok
10:47:32.0995 0x007c  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
10:47:32.0995 0x007c  tcpipreg - ok
10:47:33.0042 0x007c  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
10:47:33.0042 0x007c  tdx - ok
10:47:33.0142 0x007c  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
10:47:33.0142 0x007c  terminpt - ok
10:47:33.0242 0x007c  [ 410EC733547D7FE5709D108015088460, CA12E46D6DB2897223C2113AE01D805E3E6CDE9ACAE17A1749DFB40CDE7A8736 ] TermService     C:\WINDOWS\System32\termsrv.dll
10:47:33.0295 0x007c  TermService - ok
10:47:33.0327 0x007c  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
10:47:33.0327 0x007c  Themes - ok
10:47:33.0358 0x007c  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
10:47:33.0374 0x007c  TieringEngineService - ok
10:47:33.0442 0x007c  [ 004E2395FE15814BD8250430F5EEC523, 2649AA073FAF0F72835BD834465231C6A44BF5BB31DE0E18A3844BC967AE1C92 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
10:47:33.0495 0x007c  tiledatamodelsvc - ok
10:47:33.0526 0x007c  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
10:47:33.0526 0x007c  TimeBroker - ok
10:47:33.0573 0x007c  [ 87B9ABB965F7AF987D52791F0DD1663D, 6E42F764D47ACAD644E5F547E503B7AEA8D700C335674D1B0EB5493914F747E7 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
10:47:33.0573 0x007c  TPM - ok
10:47:33.0611 0x007c  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
10:47:33.0626 0x007c  TrkWks - ok
10:47:33.0673 0x007c  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
10:47:33.0673 0x007c  TrustedInstaller - ok
10:47:33.0727 0x007c  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
10:47:33.0727 0x007c  tsusbflt - ok
10:47:33.0774 0x007c  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
10:47:33.0774 0x007c  TsUsbGD - ok
10:47:33.0811 0x007c  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
10:47:33.0811 0x007c  tunnel - ok
10:47:33.0842 0x007c  [ 127925766866C52F147A2FFC0C0358A5, DCDF38A456E0BAAEE1E54FD67C3DEB4A036F116036FBD28073201B6C27C2C2DD ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
10:47:33.0858 0x007c  tzautoupdate - ok
10:47:33.0892 0x007c  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
10:47:33.0895 0x007c  uagp35 - ok
10:47:33.0911 0x007c  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
10:47:33.0911 0x007c  UASPStor - ok
10:47:33.0942 0x007c  [ 82D3B1F4D80057826AA649D78147DE36, 344A738F6866BFD3095BB802206DDB2F9E9AD89DC39CAA7DE96455F410683829 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
10:47:33.0942 0x007c  UcmCx0101 - ok
10:47:33.0974 0x007c  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
10:47:33.0974 0x007c  UcmUcsi - ok
10:47:33.0995 0x007c  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
10:47:34.0011 0x007c  Ucx01000 - ok
10:47:34.0027 0x007c  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
10:47:34.0027 0x007c  UdeCx - ok
10:47:34.0074 0x007c  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
10:47:34.0074 0x007c  udfs - ok
10:47:34.0111 0x007c  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
10:47:34.0111 0x007c  UEFI - ok
10:47:34.0158 0x007c  [ 05DD22294A4F3F89E52351C7721E6D2C, 300A7D4BD5F26814CF73400E01DEB810CA3F91BD190B3D37B74ADF080F582829 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
10:47:34.0158 0x007c  Ufx01000 - ok
10:47:34.0196 0x007c  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
10:47:34.0196 0x007c  UfxChipidea - ok
10:47:34.0227 0x007c  [ 0B1013A5204A6B9EEB38F4EE1E430CE6, 9E04DB9BCAB951F87D1D142818BDDE1526BA9FEBD5C8C6351E47EC7F00BEE036 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
10:47:34.0243 0x007c  ufxsynopsys - ok
10:47:34.0293 0x007c  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
10:47:34.0296 0x007c  UI0Detect - ok
10:47:34.0312 0x007c  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
10:47:34.0312 0x007c  uliagpkx - ok
10:47:34.0343 0x007c  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
10:47:34.0343 0x007c  umbus - ok
10:47:34.0359 0x007c  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
10:47:34.0359 0x007c  UmPass - ok
10:47:34.0395 0x007c  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
10:47:34.0395 0x007c  UmRdpService - ok
10:47:34.0458 0x007c  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
10:47:34.0496 0x007c  UnistoreSvc - ok
10:47:34.0659 0x007c  [ ADF8DBE1212418207F6D5F6F4E8A9E07, 8999DA19B3C6BC5475AD1F55366DBA547B856FB2833552A708A223DF720CDC15 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:47:34.0674 0x007c  upnphost - ok
10:47:34.0727 0x007c  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
10:47:34.0727 0x007c  UrsChipidea - ok
10:47:34.0742 0x007c  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
10:47:34.0742 0x007c  UrsCx01000 - ok
10:47:34.0758 0x007c  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
10:47:34.0758 0x007c  UrsSynopsys - ok
10:47:34.0792 0x007c  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
10:47:34.0794 0x007c  USBAAPL64 - ok
10:47:34.0812 0x007c  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
10:47:34.0827 0x007c  usbccgp - ok
10:47:34.0843 0x007c  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
10:47:34.0843 0x007c  usbcir - ok
10:47:34.0859 0x007c  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
10:47:34.0859 0x007c  usbehci - ok
10:47:34.0895 0x007c  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
10:47:34.0911 0x007c  usbhub - ok
10:47:34.0958 0x007c  [ E7463CE8579A0418A98BE9BE42C647D7, 923CD51C82FCF9DC4E9EEA99E53634EE07EBF62FB5DFC337F01309D7D5C7622C ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
10:47:34.0973 0x007c  USBHUB3 - ok
10:47:35.0011 0x007c  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
10:47:35.0011 0x007c  usbohci - ok
10:47:35.0058 0x007c  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
10:47:35.0058 0x007c  usbprint - ok
10:47:35.0074 0x007c  [ D67B6A4A6FB99D29444C2DBA2B636799, 62BC778D60593B2AB0DA13C4DB3EA5971895AE09DA06E8AB2D03973C940C890C ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:47:35.0074 0x007c  usbscan - ok
10:47:35.0111 0x007c  [ 4AAD6547953D373A1EB5B2DF583D868B, 4E3DCEC9644550996C314FCC39F885DDE4AA7AD821B8596D96C5BEA5D60795F7 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
10:47:35.0111 0x007c  usbser - ok
10:47:35.0143 0x007c  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
10:47:35.0143 0x007c  USBSTOR - ok
10:47:35.0158 0x007c  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
10:47:35.0158 0x007c  usbuhci - ok
10:47:35.0192 0x007c  [ 4B13B61CBB9CC3CB373C60B930D648F5, C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
10:47:35.0196 0x007c  usbvideo - ok
10:47:35.0227 0x007c  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
10:47:35.0227 0x007c  USBXHCI - ok
10:47:35.0474 0x007c  [ 612E13635C9DCFD6F3C926A8C393F20E, 6A4FCEA17B9E36C46AAEB14DF92AFFA372E719BC5B292CB8BC1E791A456A0587 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
10:47:35.0511 0x007c  UserDataSvc - ok
10:47:35.0574 0x007c  [ 4500C83EE55F99487FBF0C03280B0628, F9CFB057CEE9AC562A8665CB2E56E686F0C34EFADF29ED058461456F129D1E00 ] UserManager     C:\WINDOWS\System32\usermgr.dll
10:47:35.0611 0x007c  UserManager - ok
10:47:35.0642 0x007c  [ 6ACE7489410ED99F68F1C13D307C6E1A, B5533735ED3F34719D5B83E032511102555499D5F00A92831A190D7156B36124 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
10:47:35.0658 0x007c  UsoSvc - ok
10:47:35.0673 0x007c  [ 28F844500ADA77447835BC586F15AAAE, A0368E0928E7AB459F7DF3E9C0ECAFDD33F5DAC6A7122689FA6CF4B55AFB4D15 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
10:47:35.0673 0x007c  VaultSvc - ok
10:47:35.0695 0x007c  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
10:47:35.0711 0x007c  vdrvroot - ok
10:47:35.0758 0x007c  [ EAD55A7EC50B0E93B73ABDA29E387548, E69625AA34F6A002C612376DDB756ACE161C23DEAC79A7811F862B1B8A670C78 ] vds             C:\WINDOWS\System32\vds.exe
10:47:35.0796 0x007c  vds - ok
10:47:35.0827 0x007c  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
10:47:35.0827 0x007c  VerifierExt - ok
10:47:35.0858 0x007c  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
10:47:35.0896 0x007c  vhdmp - ok
10:47:35.0911 0x007c  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
10:47:35.0911 0x007c  vhf - ok
10:47:35.0927 0x007c  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
10:47:35.0927 0x007c  vmbus - ok
10:47:35.0943 0x007c  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
10:47:35.0943 0x007c  VMBusHID - ok
10:47:36.0012 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
10:47:36.0074 0x007c  vmicguestinterface - ok
10:47:36.0096 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
10:47:36.0112 0x007c  vmicheartbeat - ok
10:47:36.0127 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
10:47:36.0143 0x007c  vmickvpexchange - ok
10:47:36.0159 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
10:47:36.0174 0x007c  vmicrdv - ok
10:47:36.0195 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
10:47:36.0196 0x007c  vmicshutdown - ok
10:47:36.0212 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
10:47:36.0227 0x007c  vmictimesync - ok
10:47:36.0243 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmicvmsession   C:\WINDOWS\System32\ICSvc.dll
10:47:36.0258 0x007c  vmicvmsession - ok
10:47:36.0274 0x007c  [ 31EFC43DA99BB96A35CE091F2FCAE58A, 925E7B7F5DC72EFFD1D6EF530BA9F088AF7B6A56486FB79BFBEECD9E428230AE ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
10:47:36.0291 0x007c  vmicvss - ok
10:47:36.0312 0x007c  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
10:47:36.0328 0x007c  volmgr - ok
10:47:36.0359 0x007c  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
10:47:36.0375 0x007c  volmgrx - ok
10:47:36.0412 0x007c  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
10:47:36.0428 0x007c  volsnap - ok
10:47:36.0493 0x007c  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
10:47:36.0496 0x007c  vpci - ok
10:47:36.0528 0x007c  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
10:47:36.0543 0x007c  vsmraid - ok
10:47:36.0794 0x007c  [ 47721869B78A3B2B347419541A87046C, C0B1BF63393F1B777D29AE589273A585713E0672B3FD1EF37021DDC727733E99 ] VSS             C:\WINDOWS\system32\vssvc.exe
10:47:36.0828 0x007c  VSS - ok
10:47:36.0960 0x007c  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
10:47:36.0960 0x007c  VSTXRAID - ok
10:47:37.0012 0x007c  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
10:47:37.0012 0x007c  vwifibus - ok
10:47:37.0028 0x007c  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
10:47:37.0028 0x007c  vwififlt - ok
10:47:37.0059 0x007c  [ 3BE5AAC930447FD18D4A8255A2FEC95C, A517357188FE4A5BD98A3CDB2165ACCE96CCE4BE2B90DDBEAF70B6DDF393F506 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
10:47:37.0059 0x007c  vwifimp - ok
10:47:37.0112 0x007c  [ 22CF3668BA7C3B037B3918678293B2BD, D24E33229EE86F5D371890C166F89FFCE1AA7DD3DE9F75101088A2A404AD485B ] W32Time         C:\WINDOWS\system32\w32time.dll
10:47:37.0159 0x007c  W32Time - ok
10:47:37.0228 0x007c  [ CDA9A00B16808D7A5BBB66287B89EE21, B25F98F26B0153E5DD5C744539CB6ACAFAA13E0F7B5D140C1844158B79BC9006 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
10:47:37.0228 0x007c  w3logsvc - ok
10:47:37.0296 0x007c  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] W3SVC           C:\WINDOWS\system32\inetsrv\iisw3adm.dll
10:47:37.0312 0x007c  W3SVC - ok
10:47:37.0328 0x007c  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
10:47:37.0328 0x007c  WacomPen - ok
10:47:37.0375 0x007c  [ 6B705C7A38A3C8152789D48A9B3ACBFF, 1CFFC535F6CDF87553DA1F3A5E2E34660973E7F39338CE271F050170331189D3 ] WalletService   C:\WINDOWS\system32\WalletService.dll
10:47:37.0397 0x007c  WalletService - ok
10:47:37.0459 0x007c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:47:37.0459 0x007c  wanarp - ok
10:47:37.0475 0x007c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:47:37.0475 0x007c  wanarpv6 - ok
10:47:37.0528 0x007c  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
10:47:37.0544 0x007c  WAS - ok
10:47:37.0898 0x007c  [ 4E32080374906CE25329F784F43FE7BB, CC3545A399279DB433BB104E7084B51AD4D339F121BEA51351776B0C3D39BE51 ] wbengine        C:\WINDOWS\system32\wbengine.exe
10:47:37.0945 0x007c  wbengine - ok
10:47:38.0129 0x007c  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
10:47:38.0145 0x007c  WbioSrvc - ok
10:47:38.0345 0x007c  [ DA9765B81341D7BBDAA68528768E6EDA, AB9497850D5666D67CD5EE58B7A121D59A9C5AC54F93315DD6A07D9ECB2E2DC2 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
10:47:38.0361 0x007c  Wcmsvc - ok
10:47:38.0546 0x007c  [ DD510082B0D2FBA111689EB8274BA336, EAD9824DA28EFB0440D0D4D5CF88F6AE802AD8BA7A915CED814161901C179998 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
10:47:38.0561 0x007c  wcncsvc - ok
10:47:38.0599 0x007c  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
10:47:38.0599 0x007c  WcsPlugInService - ok
10:47:38.0646 0x007c  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
10:47:38.0646 0x007c  WdBoot - ok
10:47:38.0715 0x007c  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
10:47:38.0794 0x007c  Wdf01000 - ok
10:47:38.0815 0x007c  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
10:47:38.0815 0x007c  WdFilter - ok
10:47:38.0846 0x007c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
10:47:38.0846 0x007c  WdiServiceHost - ok
10:47:38.0846 0x007c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
10:47:38.0861 0x007c  WdiSystemHost - ok
10:47:38.0915 0x007c  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
10:47:38.0961 0x007c  wdiwifi - ok
10:47:39.0015 0x007c  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
10:47:39.0015 0x007c  WdNisDrv - ok
10:47:39.0061 0x007c  WdNisSvc - ok
10:47:39.0146 0x007c  [ 4C38FCAC3F7A43D77D59877F2AA656D7, 5F3CC3D3B284F959C3C08E882211E61DF4F9AAACDD16ED4E8D70EFA768E41E4C ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:47:39.0162 0x007c  WebClient - ok
10:47:39.0200 0x007c  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
10:47:39.0200 0x007c  Wecsvc - ok
10:47:39.0231 0x007c  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
10:47:39.0247 0x007c  WEPHOSTSVC - ok
10:47:39.0262 0x007c  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
10:47:39.0278 0x007c  wercplsupport - ok
10:47:39.0297 0x007c  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
10:47:39.0299 0x007c  WerSvc - ok
10:47:39.0362 0x007c  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
10:47:39.0362 0x007c  WFPLWFS - ok
10:47:39.0399 0x007c  [ 71DAE1FD62444A54301EA132FF737564, 9646AEE1F0CE2DC9B04C4F612019C02C7A7143A898EE3A834986ECD8B0FB1F93 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
10:47:39.0399 0x007c  WiaRpc - ok
10:47:39.0461 0x007c  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
10:47:39.0461 0x007c  WIMMount - ok
10:47:39.0461 0x007c  WinDefend - ok
10:47:39.0499 0x007c  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
10:47:39.0499 0x007c  WindowsTrustedRT - ok
10:47:39.0515 0x007c  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
10:47:39.0515 0x007c  WindowsTrustedRTProxy - ok
10:47:39.0561 0x007c  [ F47621DCAE21E1D94BC7F29F0FB3E9F2, A5AEF6337C93EEECF27F195A641EC940614091555D5F9F1168868A9BA22C9191 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
10:47:39.0615 0x007c  WinHttpAutoProxySvc - ok
10:47:39.0699 0x007c  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
10:47:39.0699 0x007c  WinMad - ok
10:47:39.0761 0x007c  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:47:39.0777 0x007c  Winmgmt - ok
10:47:40.0515 0x007c  [ CF0CDB6987DA95350D43721758455B40, 97699778961ACA19E3F1811E571C814EDB6228CB8EF8B05CAFED3559DD2A0A9C ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
10:47:40.0631 0x007c  WinRM - ok
10:47:40.0678 0x007c  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
10:47:40.0694 0x007c  WINUSB - ok
10:47:40.0715 0x007c  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
10:47:40.0715 0x007c  WinVerbs - ok
10:47:40.0831 0x007c  [ AC8197386BEF74AA844FFAE75C3A4DCC, 6985615B74CF660712A62E0AA1558379AEDBC5106E160002A1B0F9CB69D18B3C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
10:47:40.0947 0x007c  WlanSvc - ok
10:47:41.0531 0x007c  [ 8D344C87273C429F373F8E17965401D8, B9A515E8E968485B95CE14BC07F5D57467B8C7CB148F52ED5DE486C48A3FB80B ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
10:47:41.0615 0x007c  wlidsvc - ok
10:47:41.0647 0x007c  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
10:47:41.0647 0x007c  WmiAcpi - ok
10:47:41.0762 0x007c  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
10:47:41.0762 0x007c  wmiApSrv - ok
10:47:41.0799 0x007c  WMPNetworkSvc - ok
10:47:41.0900 0x007c  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
10:47:41.0915 0x007c  Wof - ok
10:47:42.0461 0x007c  [ 174061E5CCDB9427C995D9E2C8936221, 34FAA82B774229DBC65279DF0385A2C56792EA7AF1C55DE539B46B455C14F6D8 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
10:47:42.0515 0x007c  workfolderssvc - ok
10:47:42.0577 0x007c  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
10:47:42.0596 0x007c  wpcfltr - ok
10:47:42.0631 0x007c  [ 45FA01F8B7971ACB65202038E34D04A3, 9B2C2ABC7DB716295B0BD0AF04DA08E6B4200D7CF1C7DB59DD8FD8FEBD56D94C ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
10:47:42.0631 0x007c  WPDBusEnum - ok
10:47:42.0678 0x007c  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
10:47:42.0678 0x007c  WpdUpFltr - ok
10:47:42.0699 0x007c  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
10:47:42.0715 0x007c  WpnService - ok
10:47:42.0731 0x007c  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
10:47:42.0731 0x007c  ws2ifsl - ok
10:47:42.0777 0x007c  [ 5B813FADEA5BE9195F01C83287F823F7, B186175B12AF444F987FE9F0F9D329A0F9186C06E3D228824E0929BB0084853F ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
10:47:42.0777 0x007c  wscsvc - ok
10:47:42.0831 0x007c  [ F517CB0182B1DA5C0E0FC6B548FF60CC, F09CA4172D611487F157973C808627F04B0CF0A71CE19D49280BFBEA4AE6027B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
10:47:42.0831 0x007c  WSDPrintDevice - ok
10:47:42.0846 0x007c  [ 3A3294E2E5CBFC51999180C06051DDE9, 2EEE0A5BEBB366E4C12245E8175685CF2173E260B482A8EEB7F8255BA43C6CE3 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
10:47:42.0846 0x007c  WSDScan - ok
10:47:42.0862 0x007c  WSearch - ok
10:47:43.0762 0x007c  [ BAC89DCD30C53AE213F7EA1A6719F401, 8A240A1303A7133D7A01D749D865671E78886A7DA63EEF00A33C2AD3328BE870 ] WSService       C:\WINDOWS\System32\WSService.dll
10:47:43.0901 0x007c  WSService - ok
10:47:44.0263 0x007c  [ 4D0E671755DB778A1F3687778008B6E2, 09AE7485DC9060AF5283D4F5FFD2121AE2885F957733412DE3DA39D397891F0B ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
10:47:44.0332 0x007c  wuauserv - ok
10:47:44.0379 0x007c  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
10:47:44.0379 0x007c  WudfPf - ok
10:47:44.0416 0x007c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\system32\drivers\WudfRd.sys
10:47:44.0416 0x007c  WUDFRd - ok
10:47:44.0462 0x007c  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
10:47:44.0462 0x007c  wudfsvc - ok
10:47:44.0498 0x007c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
10:47:44.0501 0x007c  WUDFWpdFs - ok
10:47:44.0501 0x007c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
10:47:44.0516 0x007c  WUDFWpdMtp - ok
10:47:44.0878 0x007c  [ 0E844C711760A680528B9E2727A1C385, E40E599B2202922EA023CB511ADBE4B1C31D86286996392C2194CBFFF39EDAF9 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
10:47:44.0900 0x007c  WwanSvc - ok
10:47:45.0216 0x007c  [ 130AA463B4C1E0DAABF0A3A20E3ECE7C, 97CBD02ACE346308682230595E305BA7844C31550E6D8C2212418D6FA1CC67BE ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
10:47:45.0262 0x007c  XblAuthManager - ok
10:47:45.0500 0x007c  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
10:47:45.0532 0x007c  XblGameSave - ok
10:47:45.0632 0x007c  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
10:47:45.0648 0x007c  xboxgip - ok
10:47:45.0947 0x007c  [ 6284743AFD613A1DAF20FA5FE3FBF9BB, 0010DA848A470613C2F70B6815E608B23E1AEABCAE3FF966F0957890D8F20F8E ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
10:47:45.0979 0x007c  XboxNetApiSvc - ok
10:47:46.0000 0x007c  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
10:47:46.0016 0x007c  xinputhid - ok
10:47:46.0047 0x007c  [ A4810E10EEA510A5B503A639A1ACB42E, FDA9D5CD481443882CA5B7E386EA78BF3115A0B9980E0B46A9B67A553F0B4709 ] yukonw8         C:\WINDOWS\System32\drivers\yk63x64.sys
10:47:46.0047 0x007c  yukonw8 - ok
10:47:46.0047 0x007c  ================ Scan global ===============================
10:47:46.0101 0x007c  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\WINDOWS\system32\basesrv.dll
10:47:46.0132 0x007c  [ 6CA8B7E935286A3D3794E14DDE069C4E, BB2E4525759FA6193BBFCC7DAEB59998980BF3A211A91263195938F63ADB602A ] C:\WINDOWS\system32\winsrv.dll
10:47:46.0163 0x007c  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
10:47:46.0216 0x007c  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
10:47:46.0232 0x007c  [ Global ] - ok
10:47:46.0232 0x007c  ================ Scan MBR ==================================
10:47:46.0247 0x007c  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
10:47:47.0116 0x007c  \Device\Harddisk0\DR0 - ok
10:47:47.0116 0x007c  ================ Scan VBR ==================================
10:47:47.0132 0x007c  [ 8DA69701677759ED3EC6212CF546D5F3 ] \Device\Harddisk0\DR0\Partition1
10:47:47.0132 0x007c  \Device\Harddisk0\DR0\Partition1 - ok
10:47:47.0163 0x007c  [ 513626D991DDAC3540D3377B0BD01A97 ] \Device\Harddisk0\DR0\Partition2
10:47:47.0163 0x007c  \Device\Harddisk0\DR0\Partition2 - ok
10:47:47.0198 0x007c  [ 22C1019F6FB2C13C9E469BE28844AECF ] \Device\Harddisk0\DR0\Partition3
10:47:47.0201 0x007c  \Device\Harddisk0\DR0\Partition3 - ok
10:47:47.0201 0x007c  ================ Scan generic autorun ======================
10:47:50.0671 0x007c  [ C6992F5730886B6977313918583D13C7, 5D75DBF4D272BD4A8DDF40C7D9D8044621EFD12AB4303DBF90538AFBE2FEFD42 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:47:51.0158 0x007c  RtHDVCpl - ok
10:47:51.0457 0x007c  [ 06D07267D3A5A1D655B1AEF4F69F1E8F, 56FF6E00A1D54BEA9DB50D10A54999B5681B807F8EF3B305586B9E41DA2680ED ] C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
10:47:51.0473 0x007c  Ocster Backup - ok
10:47:51.0511 0x007c  [ 5677C8C60F4659E8626AC9036EEF38DF, 1C7D3EC3BCB3E34900DD9556A3EBAF449C68585DC8E07682E680790497105B8B ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
10:47:51.0526 0x007c  Classic Start Menu - ok
10:47:51.0626 0x007c  [ 258E2CD2C4984A977106C9EF7CA8AF69, D8F6409D5F5782CC27D159D18E914A3DB59D8644D7017CA6F84F0CF30E95174C ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
10:47:51.0626 0x007c  Avira SystrayStartTrigger - ok
10:47:51.0942 0x007c  [ 1BC31F797516DC7B7446B62A849D5905, 49B35A41F1C3739800CBA2A559C2AEFE89FBC090F8305681AF3B379B639E16AA ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
10:47:51.0957 0x007c  avgnt - ok
10:47:53.0095 0x007c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:47:53.0357 0x007c  OneDriveSetup - ok
10:47:55.0074 0x007c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:47:55.0229 0x007c  OneDriveSetup - ok
10:47:55.0633 0x007c  [ E3DC3242F876F03DA070FC97B2E91309, 457B59CDD0D2540774489147427DC1262966CCA6E9FAC9E32D5D9627BD8E3523 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
10:47:55.0633 0x007c  iCloudServices - ok
10:47:55.0671 0x007c  [ 0057713EEC6C6CECCACEC44DAC1ACFA0, B014D2B39DDF8DA4DA52C41F2E8F7D268A94D1A26E4BDEDD44D231F506D7A867 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
10:47:55.0671 0x007c  ApplePhotoStreams - ok
10:47:57.0066 0x007c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:47:57.0213 0x007c  OneDriveSetup - ok
10:47:57.0399 0x007c  [ CB396B37F21C205F00ACE39CF999295A, FD8CB2426D4B9F13480DD823F0479E75316F6486262E88E420398A2C7AB91F57 ] C:\Program Files (x86)\Windows Mail\wab.exe
10:47:57.0453 0x007c  WAB Migrate - ok
10:47:58.0368 0x007c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:47:58.0521 0x007c  OneDriveSetup - ok
10:47:58.0532 0x007c  Waiting for KSN requests completion. In queue: 12
10:47:59.0565 0x007c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.24.143 ), 0x41000 ( enabled : updated )
10:47:59.0596 0x007c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.589 ), 0x60100 ( disabled : updated )
10:47:59.0611 0x007c  Win FW state via NFP2: enabled ( trusted )
10:47:59.0727 0x007c  ============================================================
10:47:59.0727 0x007c  Scan finished
10:47:59.0727 0x007c  ============================================================
10:47:59.0746 0x0554  Detected object count: 0
10:47:59.0746 0x0554  Actual detected object count: 0
         
Ich musste die TDSSKiller.3.1.0.12_19.02.2017_10.46.24_log.txt in zwei Teilen posten, da sie zu lang war ...
Dort ist nicht gefunden worden..
Danke !!


Alt 19.02.2017, 14:21   #6
M-K-D-B
/// TB-Ausbilder
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Servus,




Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • Image File Execution Options Schlüssel
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM nach dem Neustart, klicke auf Berichte.
  • Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
  • Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.





Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von MBAM,
  • die Logdatei von JRT,
  • die beiden neuen Logdateien von FRST.
__________________
--> Online Pay GmbH zip datei geöffnet ! Trojaner ?

Alt 19.02.2017, 16:26   #7
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Code:
ATTFilter
# AdwCleaner v6.043 - Bericht erstellt am 19/02/2017 um 15:16:50
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Lokal]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Heinz Ingenillem - HEINZLAPTOP
# Gestartet von : C:\Users\Heinz Ingenillem\Desktop\AdwCleaner_6.043 (2).exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Keine schädlichen Ordner gefunden.


***** [ Dateien ] *****

Keine schädlichen Dateien gefunden.


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.


***** [ Registrierungsdatenbank ] *****

Keine schädlichen Elemente in der Registrierungsdatenbank gefunden.


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [19329 Bytes] - [16/02/2017 00:29:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [17584 Bytes] - [16/02/2017 00:28:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [1363 Bytes] - [19/02/2017 15:16:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1436 Bytes] ##########
         
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 19.02.17
Scan-Zeit: 15:23
Protokolldatei: malware.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1064
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: HEINZLAPTOP\Heinz Ingenillem

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 526827
Abgelaufene Zeit: 22 Min., 4 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{3775afd7-5921-4571-968f-85a631203d1c}, In Quarantäne, [342], [168271],1.0.1064
PUP.Optional.MindSpark, HKLM\SOFTWARE\CLASSES\CLSID\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}, In Quarantäne, [342], [168383],1.0.1064

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.AshampooDriverUpdater, C:\PROGRAMDATA\ASHAMPOO\ICO_ASHAMPOO_DEALS.ICO, In Quarantäne, [2744], [354924],1.0.1064

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by Heinz Ingenillem (Administrator) on 16.02.2017 at  0:36:01,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5 

Successfully deleted: C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\extensions\safesearchplus@avira.com\search.xml (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\EasySpeedUpManager (Task)
Successfully deleted: C:\Program Files (x86)\GUT3CB1.tmp (File) 
Successfully deleted: C:\Program Files (x86)\GUT63F1.tmp (File) 
Successfully deleted: C:\Program Files (x86)\GUTC00E.tmp (File) 

Deleted the following from C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\prefs.js
user_pref(extensions.unitedinternet.email.runonceNewUsersShown, true);
user_pref(extensions.xpiState, {\app-profile\:{\abs@avira.com\:{\d\:\C:\\\\Users\\\\Heinz Ingenillem\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bhI9c



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2017 at  0:41:00,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017 01
durchgeführt von Heinz Ingenillem (Administrator) auf HEINZLAPTOP (19-02-2017 16:09:17)
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Geladene Profile: Heinz Ingenillem & _ocster_backup_ &  (Verfügbare Profile: Heinz Ingenillem & _ocster_backup_ & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\WINDOWS\System32\BtwRSupportService.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
() C:\WINDOWS\SysWOW64\Rezip.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(mst software GmbH, Germany) C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\DfSdkS64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\WINDOWS\System32\SrTasks.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [314680 2015-03-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351381\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423087\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152353138\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152425383\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{14992797-037e-4166-974e-034f215f4baa}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7a97b070-ded8-46fa-8171-1a9e8bd8143d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{c60de602-45b1-48f4-a158-c236ba4ac340}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f268a70c-eeb8-49f8-9ca1-e64ca81f7bbc}: [DhcpNameServer] 139.7.30.126 139.7.30.125

Internet Explorer:
==================
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {0DCDFC37-895F-4FA4-B0F6-2AD2E7300CE6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {1199CB04-489F-4507-9B08-5B83FDFE7FDB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {34F7AB04-0A5C-470D-8E55-23822898DBCF} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {5005F082-B204-4B9E-9272-AFB4116CD6F7} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {AB730F28-1225-4D0D-B2C8-DEEE451B6E32} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> {0DCDFC37-895F-4FA4-B0F6-2AD2E7300CE6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> {1199CB04-489F-4507-9B08-5B83FDFE7FDB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> {34F7AB04-0A5C-470D-8E55-23822898DBCF} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> {5005F082-B204-4B9E-9272-AFB4116CD6F7} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> {AB730F28-1225-4D0D-B2C8-DEEE451B6E32} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> {0DCDFC37-895F-4FA4-B0F6-2AD2E7300CE6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> {1199CB04-489F-4507-9B08-5B83FDFE7FDB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> {34F7AB04-0A5C-470D-8E55-23822898DBCF} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> {5005F082-B204-4B9E-9272-AFB4116CD6F7} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> {AB730F28-1225-4D0D-B2C8-DEEE451B6E32} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default [2017-02-16]
FF Homepage: Mozilla\Firefox\Profiles\bhI9ckTj.default -> chrome://unitedtb/content/newtab/startpage.xhtml
FF Extension: (Avira Browser Safety) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\abs@avira.com [2017-02-16]
FF Extension: (Avira Browser Safety) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\abs@avira.com.xpi [2016-01-26]
FF Extension: (WEB.DE MailCheck) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\browser-mailcheck@web.de [2015-10-26]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\safesearchplus@avira.com [2017-02-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default [2017-02-19]
CHR Extension: (Google Docs) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google Drive) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google-Suche) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-13]
CHR Extension: (Avira Browserschutz) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-13]
CHR Extension: (Google Mail) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-24] (Adobe Systems) [Datei ist nicht signiert]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [25232 2016-12-09] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
R3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23864 2015-03-05] ()
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [Datei ist nicht signiert]
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-06-03] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-19] (Malwarebytes)
S3 SD11CL64; C:\WINDOWS\system32\DRIVERS\SD11CL64.sys [96512 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01164; C:\WINDOWS\system32\DRIVERS\SDI01164.SYS [75904 2011-01-24] (SCM Microsystems Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2015-10-30] (Marvell)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-19 16:02 - 2017-02-19 16:02 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT.exe
2017-02-19 15:58 - 2017-02-19 15:58 - 00001570 _____ C:\Users\Heinz Ingenillem\Desktop\mbam.txt
2017-02-19 15:22 - 2017-02-19 15:22 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-19 15:22 - 2017-02-19 15:22 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-19 15:22 - 2017-02-19 15:22 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-19 15:22 - 2017-02-19 15:22 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-19 15:21 - 2017-02-19 15:21 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-19 15:21 - 2017-02-19 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-19 15:21 - 2017-02-19 15:21 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-19 15:21 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-19 15:20 - 2017-02-19 15:21 - 55566792 _____ (Malwarebytes ) C:\Users\Heinz Ingenillem\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-19 15:08 - 2017-02-19 15:09 - 04015056 _____ C:\Users\Heinz Ingenillem\Desktop\AdwCleaner_6.043 (2).exe
2017-02-19 10:46 - 2017-02-19 15:08 - 00263598 _____ C:\TDSSKiller.3.1.0.12_19.02.2017_10.46.24_log.txt
2017-02-19 10:41 - 2017-02-19 10:43 - 00053535 _____ C:\Users\Heinz Ingenillem\Desktop\Addition.txt
2017-02-19 10:39 - 2017-02-19 16:09 - 00037683 _____ C:\Users\Heinz Ingenillem\Desktop\FRST.txt
2017-02-19 10:38 - 2017-02-19 16:09 - 00000000 ____D C:\FRST
2017-02-19 10:37 - 2017-02-19 10:46 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Heinz Ingenillem\Desktop\tdsskiller.exe
2017-02-19 10:36 - 2017-02-19 10:38 - 02422784 _____ (Farbar) C:\Users\Heinz Ingenillem\Desktop\FRST64.exe
2017-02-17 21:57 - 2017-02-17 21:57 - 02948080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 21:55 - 2017-02-17 21:55 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_pbgd8h0r37udghjpqtvx_wd (1).exe
2017-02-17 21:55 - 2017-02-17 21:55 - 00091224 _____ C:\Users\Heinz Ingenillem\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-17 21:53 - 2017-02-17 21:53 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_bmukzkars024s21kf9hc_wd.exe
2017-02-17 21:44 - 2017-02-17 21:44 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_pbgd8h0r37udghjpqtvx_wd.exe
2017-02-16 01:12 - 2017-02-19 15:57 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-16 01:12 - 2017-02-16 01:12 - 00001565 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2017).lnk
2017-02-16 01:12 - 2017-02-16 01:12 - 00001329 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2017.lnk
2017-02-16 01:12 - 2017-02-16 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-16 01:12 - 2017-02-16 01:12 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2017-02-16 01:12 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2017-02-16 01:03 - 2017-02-16 01:04 - 22028168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Heinz Ingenillem\Downloads\ashampoo_winoptimizer_2017_25315.exe
2017-02-16 00:41 - 2017-02-19 16:08 - 00000848 _____ C:\Users\Heinz Ingenillem\Desktop\JRT.txt
2017-02-16 00:35 - 2017-02-16 00:35 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT81.exe
2017-02-16 00:35 - 2017-02-16 00:35 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT81 (1).exe
2017-02-16 00:22 - 2017-02-19 15:16 - 00000000 ____D C:\AdwCleaner
2017-02-16 00:21 - 2017-02-16 00:22 - 04015056 _____ C:\Users\Heinz Ingenillem\Downloads\adwcleaner_6.043 (1).exe
2017-02-16 00:21 - 2017-02-16 00:21 - 04015056 _____ C:\Users\Heinz Ingenillem\Downloads\adwcleaner_6.043.exe
2017-02-08 11:25 - 2017-02-08 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 15:32 - 2017-02-06 15:32 - 00001209 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-01-30 18:09 - 2017-01-30 18:10 - 00690080 _____ (Dropbox, Inc.) C:\Users\Heinz Ingenillem\Downloads\DropboxInstaller (3).exe
2017-01-24 19:37 - 2017-01-24 19:37 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-24 19:37 - 2017-01-24 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-24 19:36 - 2017-01-24 19:37 - 00000000 ____D C:\Program Files\iTunes
2017-01-24 19:36 - 2017-01-24 19:36 - 00000000 ____D C:\Program Files\iPod
2017-01-24 19:32 - 2017-01-24 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-19 15:48 - 2012-12-19 18:29 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-19 15:22 - 2014-12-17 19:33 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-19 15:21 - 2014-12-17 19:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-19 15:15 - 2015-12-24 12:11 - 00001258 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-19 14:46 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-19 10:38 - 2012-11-16 17:27 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BD2C414F-711A-4261-85AF-8BC95FBA7768}
2017-02-18 18:15 - 2015-12-24 12:11 - 00001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-18 17:25 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 22:30 - 2016-08-02 16:38 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\ClassicShell
2017-02-17 22:05 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 21:57 - 2016-01-12 22:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 21:57 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-17 21:56 - 2016-09-25 22:27 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\D54FC705-5AAC-4D60-B100-8972879436F5.aplzod
2017-02-16 01:24 - 2016-01-12 20:04 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-16 00:49 - 2015-08-26 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-16 00:49 - 2012-12-22 20:49 - 00000000 ____D C:\ProgramData\Avira
2017-02-16 00:49 - 2012-12-22 20:49 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-16 00:29 - 2014-02-06 19:30 - 00000000 ____D C:\Program Files (x86)\iolo
2017-02-16 00:22 - 2013-11-06 17:24 - 00003518 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-02-15 22:53 - 2016-01-12 20:14 - 00000000 ____D C:\Users\_ocster_backup_
2017-02-10 18:24 - 2013-04-11 20:51 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-10 18:24 - 2013-04-11 20:51 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 11:25 - 2015-12-24 12:15 - 00000000 ___RD C:\Users\Heinz Ingenillem\Dropbox
2017-02-08 11:25 - 2015-12-24 12:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 15:32 - 2014-06-11 21:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-06 15:17 - 2012-11-26 10:10 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Ocster Backup
2017-02-03 14:31 - 2015-12-24 12:07 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Dropbox
2017-01-30 18:10 - 2015-12-24 12:11 - 00004318 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-01-30 18:10 - 2015-12-24 12:11 - 00004086 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-01-24 23:54 - 2016-09-25 22:25 - 00000000 ___RD C:\Users\Heinz Ingenillem\iCloudDrive
2017-01-24 23:54 - 2013-10-27 15:59 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Apple Computer
2017-01-24 19:36 - 2013-10-27 15:56 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-24 13:28 - 2016-01-14 10:17 - 00000000 ____D C:\Users\DefaultAppPool

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-03 16:04 - 2014-01-03 16:04 - 0000325 _____ () C:\Users\Heinz Ingenillem\AppData\Roaming\mplex-log.log
2015-10-22 10:51 - 2015-10-22 10:52 - 1154916 _____ () C:\Users\Heinz Ingenillem\AppData\Roaming\WrapAnGo_Install.log
2014-01-03 16:01 - 2014-01-03 16:01 - 0003584 _____ () C:\Users\Heinz Ingenillem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-03 19:41 - 2014-11-03 19:41 - 0004096 ____H () C:\Users\Heinz Ingenillem\AppData\Local\keyfile3.drm
2016-08-02 16:55 - 2016-08-02 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-01-12 20:10 - 2016-01-12 20:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-11-15 17:43 - 2010-01-16 07:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-13 22:54

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-02-2017 01
durchgeführt von Heinz Ingenillem (19-02-2017 16:12:17)
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-12 22:18:40)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3457901039-3679683318-3372754741-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3457901039-3679683318-3372754741-503 - Limited - Disabled)
Gast (S-1-5-21-3457901039-3679683318-3372754741-501 - Limited - Disabled)
Heinz Ingenillem (S-1-5-21-3457901039-3679683318-3372754741-1000 - Administrator - Enabled) => C:\Users\Heinz Ingenillem
HomeGroupUser$ (S-1-5-21-3457901039-3679683318-3372754741-1003 - Limited - Enabled)
_ocster_backup_ (S-1-5-21-3457901039-3679683318-3372754741-1015 - Administrator - Enabled) => C:\Users\_ocster_backup_

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.113 - ACD Systems International)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon Kindle (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon Kindle (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo WinOptimizer 2017 (HKLM-x32\...\{4209F371-6CE9-533C-2CDC-94E053273B35}_is1) (Version: 14.00.04 - Ashampoo GmbH & Co. KG)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
AusweisApp2 (HKLM-x32\...\{8BC126FD-2F56-4B56-9363-54C3D0027BC6}) (Version: 1.10.1 - Governikus GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Software Updater (HKLM-x32\...\{115347FE-037B-4F4D-86F2-057FEF294C7A}) (Version: 1.2.4.459 - Avira Operations GmbH & Co. KG)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon iP4600 series Benutzerregistrierung (HKLM-x32\...\Canon iP4600 series Benutzerregistrierung) (Version:  - )
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Canon iP5300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300) (Version:  - )
Canon iP5300 Benutzerregistrierung (HKLM-x32\...\Canon iP5300 Benutzerregistrierung) (Version:  - )
Canon MG2400 series Benutzerregistrierung (HKLM-x32\...\Canon MG2400 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Canon Setup Utility 2.3 (HKLM-x32\...\Canon Setup Utility 2.3) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM-x32\...\Easy-PrintToolBox) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2010.0504.2152.37420 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0.0.13 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.11 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Leawo PowerPoint to Video Converter version 2.6.0.68 (HKLM-x32\...\{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1) (Version: 2.6.0.68 - Leawo Software)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}) (Version: 8.10.124 - Nero AG)
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 7.25 - Ocster GmbH & Co. KG)
Olympus Sonority (HKLM-x32\...\{40CAF5AE-4E70-46C8-8AD8-4A036D32525C}) (Version: 1.4.3 - OLYMPUS IMAGING CORP.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
SDI011 dual interface reader (HKLM-x32\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.7.3288.0 (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\WEB.DE Application {sync-000021}) (Version: 1.7.3288.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.7.3288.0 (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\WEB.DE Application {sync-000021}) (Version: 1.7.3288.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.7.3288.0 (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\WEB.DE Application {sync-000021}) (Version: 1.7.3288.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5100 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01D00FCF-8E0A-4DF4-BB45-65DEBB77994B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {08B1E403-5E99-4442-9FBC-1CDE805C3869} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {0A24FA2F-60BF-4E04-ACBB-48EB340D72B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {0C01A385-94F4-40FB-828C-3AE9B5B7EDFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {1DCF2261-D94C-4022-B42D-B0EC8BDFECCB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2034FBDC-8133-4EA8-9C3C-BB160A466B29} - System32\Tasks\{28BBA9C6-1BD6-46B6-9A93-026BC367C8F9} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2016-07-13] (Microsoft Corporation)
Task: {2A6F5C87-BF01-4333-ABCB-37922D1CA12E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2BF400FA-81A6-4D07-864C-F4AE79BDB6E9} - System32\Tasks\{65C49899-C1D3-43A4-8AC6-15C82D58B2BF} => C:\Program Files (x86)\RebateInformer\RebateInf.exe 
Task: {2EEB3F91-8212-4744-B228-C79E6B96A875} - System32\Tasks\{7CF24B5F-6A18-4BEE-96BC-3FE94E39E534} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Temp\Temp1_SSEStandard_18.06.zip\SSEStandard_18.06.exe" <==== ACHTUNG
Task: {33651EEF-49A0-4D78-96CA-5991A5F9063B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {35D11107-D724-4016-A04D-1ADE966D6E81} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3F8C6B78-458F-4271-9CFC-F64153FA42A7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {402D168B-1F82-4DF2-A80D-1CBFEFEEDE4F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {4621CC95-D313-4AA0-9F85-62FC71D9B3CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {490321FD-8935-46A0-AF88-9DB6D215F631} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {5418157C-D269-406C-9D4D-4898D3A3A5BB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {59F6559E-68DD-4267-8358-37E5D15F09FF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {5CF36949-FD5A-41EB-AE31-449EAB146F26} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {5DFFBBE7-BABA-43B4-BB03-AD5EA78D7B0C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {5EFBF41A-7D39-41A3-B3BE-442F3D003ACE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {628E68EC-6937-4D81-8BA8-B4D751BCD6F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {65BB4E39-7BAD-46EB-812D-78AFEE646FC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6788AA78-C2FB-4C17-9B41-5C59B6E76ED7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6AACFC53-422D-4D2E-A5CF-067A17F74F19} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {72479FFC-3E62-4666-A953-BD7F1134974A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {72C40A44-95A0-4A58-8222-687BD60CC79A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {730B76AF-FE46-42D9-BF5C-96A6DDCF0100} - System32\Tasks\{4AEE5819-BA08-466D-A743-4345307EBC4D} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2016-07-13] (Microsoft Corporation)
Task: {764F7340-D9D3-43CC-A7DD-C1BB080EA534} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {79F64FB6-7BA3-4578-879E-92F4792E7F9E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {7D72BB89-F85C-4CF8-84E3-30478B59A8D0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {8424B9FA-D071-447D-87A1-20C01E696C87} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {8B94A08B-9398-4C96-9D21-AB8C85537179} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {8C555340-9B75-4360-AEEC-01B72B5D356A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {8EA67017-8342-4EFB-A291-CBCEFAF0C228} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {9202F68C-D5DE-4A4F-8E9D-99E29782ED82} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {AAB32179-5564-420E-B8FF-E7F375301F18} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {ACE02E70-0F36-495E-953C-7A41766E5872} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {B02169B2-D495-4791-BD94-78C32FDC7A91} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B602A9BB-767F-4377-8BCA-893668DFB543} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B6944183-5896-491D-9611-0F1C4279B21E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {C022B5A4-B15C-434E-97AB-57C9102DA3A5} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2015-01-12] (1&1 Mail & Media GmbH)
Task: {C1CA1891-3770-4CD5-BADA-DA07D43AB181} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {CDF034BE-CB0F-4606-B2B5-2CAE65C9DF85} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {D0C44C76-5D6B-4CE3-9B6A-F3A13A1EAC73} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {D412E901-1A14-4D35-BD35-011A2D918339} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {D5BA1EAD-DF18-424A-9E2B-692090952414} - \StartPoint Updater -> Keine Datei <==== ACHTUNG
Task: {D722B035-31A5-4EE4-BF54-DF5404720178} - System32\Tasks\{6A0ACE63-D1C9-4353-B7B5-EB11A33494D0} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUHBORG7\AVM_FRITZ!WLAN_Repeater_450E_Assistent.exe" -d "C:\Users\Heinz Ingenillem\Desktop"
Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => %ProgramFiles%\Samsung\Samsung Update Plus\SUPBackground.exe 
Task: {DE1283F7-400A-49D3-ABE9-EE84C8AB1184} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {E085489E-3B83-4689-A4A6-7C10F88F196B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {E34AB574-45B8-491A-B358-7B58957E651E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {EF6E1105-EF8C-40FB-B3F3-6429FD276456} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {F43D55E3-0586-46F5-811A-8F17C7F45332} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {FBB123CA-4231-4E0C-B703-51415B467FE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Heinz Ingenillem\Desktop\WEB.DE.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.web.de/tb/ie_desktop_portal

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-01 02:04 - 2009-03-05 10:54 - 00311296 _____ () C:\Windows\SysWOW64\Rezip.exe
2015-03-05 14:19 - 2015-03-05 14:19 - 00023864 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe
2015-03-05 14:19 - 2015-03-05 14:19 - 00109368 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 11391800 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00166584 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 05945656 _____ () c:\Program Files\Ocster Backup\bin\ox.dll
2015-03-05 11:49 - 2015-03-05 11:49 - 00324096 _____ () c:\Program Files\Ocster Backup\bin\party.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00249656 _____ () c:\Program Files\Ocster Backup\bin\crumb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00053560 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00561336 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00368952 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00223032 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00154936 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00528696 _____ () c:\Program Files\Ocster Backup\bin\veem.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00022528 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00060728 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll
2015-03-05 10:46 - 2015-03-05 10:46 - 00081920 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00024248 _____ () c:\Program Files\Ocster Backup\bin\lz4util.dll
2015-03-05 11:43 - 2015-03-05 11:43 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00041272 _____ () c:\Program Files\Ocster Backup\bin\lz4.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-14 09:35 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-14 09:35 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-25 15:33 - 2016-07-25 15:33 - 00959168 _____ () C:\Users\Heinz Ingenillem\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-20 15:53 - 2016-04-20 15:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-02-19 15:21 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-19 15:21 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-19 15:21 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-01-14 10:50 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-19 09:21 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-14 09:32 - 2016-09-07 05:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-14 09:31 - 2016-09-07 05:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 09:32 - 2016-09-07 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-14 09:32 - 2016-09-07 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-20 15:53 - 2016-04-20 15:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 15:53 - 2016-04-20 15:53 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-02-10 18:24 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-10 18:24 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\127.0.0.1 -> hxxp://127.0.0.1
IE trusted site: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\127.0.0.1 -> hxxp://127.0.0.1
IE trusted site: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\127.0.0.1 -> hxxp://127.0.0.1

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz Ingenillem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz Ingenillem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz Ingenillem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152353138\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152425383\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 4.lnk => C:\Windows\pss\Device Detector 4.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heinz Ingenillem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Easy-PrintToolBox => C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: FilmFanatic AppIntegrator 32-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: FilmFanatic AppIntegrator 64-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: FilmFanatic EPM Support => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pamedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: FilmFanatic Search Scope Monitor => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: MailCheck IE Broker => "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RadioRage EPM Support => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: RadioRage Home Page Guard 64 bit => "C:\PROGRA~2\RADIOR~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader 64 => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon64.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
MSCONFIG\startupreg: Zwinky EPM Support => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Zwinky Home Page Guard 64 bit => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Zwinky Search Scope Monitor => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon.exe
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader 64 => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "MailCheck IE Broker"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "InboxAce EPM Support"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\...\StartupApproved\Run: => "iCloudPhotos"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{285D78E1-792F-4615-8558-9777F6E9EBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9D95CD9-4C56-4A3A-9200-137567F5B33F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F89C9CD6-4BA6-415D-A834-CED45EB2EEBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C41CD77F-AAB4-4299-8808-E94262CD7D34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BFDE1792-FBD0-4E46-8F7F-92A6257ABEB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D70DF084-73A0-40C2-9E88-3D246405CB23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{873A7583-6E55-4526-9C4C-82D9B7B6611A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{401A9B2D-00C4-45C1-819D-A17B357EEC34}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{78C72CD4-D0B0-4A43-AA44-2EB29E5F7BB3}] => (Allow) svchost.exe
FirewallRules: [{14E32182-A762-4CF9-A196-6DF63EE1F4D1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{177E6684-8727-4206-9BD0-29B4D5C441C8}] => (Allow) LPort=5353
FirewallRules: [{B67EBE6D-7E1F-4078-8D03-C63E917396E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8A24F57F-2D0E-4AE7-B484-0B5BFDCDF705}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{756B7AD2-1806-4273-A6F3-198922C37772}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{059A1D1B-193A-4B08-8DCB-AE1F6A279DE6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{121C53BF-8781-47A7-B5CE-EACD3CAEA4FC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{AB081C22-CE3D-40D0-B280-52D158DD38F8}] => (Allow) LPort=5357
FirewallRules: [{0BF7AF74-C8EB-42AB-B563-B6587AE57E74}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.10.1\AusweisApp2.exe
FirewallRules: [{582803D0-0D99-4CCD-8D64-D805771FCB85}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CE5F1A57-9222-40B0-82F5-8FB82CA79AE8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{507440BE-4932-4130-8821-3D59FAD6228F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

18-02-2017 16:57:10 Geplanter Prüfpunkt
19-02-2017 16:02:39 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/19/2017 04:03:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/19/2017 03:29:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HEINZLAPTOP)
Description: Bei der Aktivierung der App „Microsoft.Windows.Photos_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2147023170. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/19/2017 03:22:30 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/19/2017 03:22:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/19/2017 11:16:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/19/2017 11:15:47 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/18/2017 04:57:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/18/2017 04:43:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/18/2017 04:43:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/18/2017 04:39:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10804641


Systemfehler:
=============
Error: (02/18/2017 03:59:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/18/2017 01:00:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Manager für heruntergeladene Karten" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 10:31:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_40e09" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/17/2017 09:58:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Garmin Device Interaction Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (02/17/2017 09:58:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Device Interaction Service erreicht.

Error: (02/17/2017 09:58:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/17/2017 09:56:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Synchronisierungshost_15a55c3 erreicht.


CodeIntegrity:
===================================
  Date: 2016-10-30 22:19:20.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-27 17:01:42.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-27 12:24:36.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-25 20:08:04.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:08:09.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:04:25.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-13 10:14:31.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-16 10:30:24.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 10:22:23.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-23 12:07:02.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 82%
Installierter physikalischer RAM: 2986.16 MB
Verfügbarer physikalischer RAM: 518.92 MB
Summe virtueller Speicher: 6058.16 MB
Verfügbarer virtueller Speicher: 2508.03 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:215.78 GB) (Free:46.4 GB) NTFS
Drive d: () (Fixed) (Total:62.21 GB) (Free:44.17 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4394EB81)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=62.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
So..habe hoffentlich alles richtig gemacht und hoffe das mein Rechner nicht infiziert ist !

Alt 20.02.2017, 20:38   #8
M-K-D-B
/// TB-Ausbilder
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Servus,


wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
Task: {01D00FCF-8E0A-4DF4-BB45-65DEBB77994B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0C01A385-94F4-40FB-828C-3AE9B5B7EDFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {1DCF2261-D94C-4022-B42D-B0EC8BDFECCB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2A6F5C87-BF01-4333-ABCB-37922D1CA12E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2BF400FA-81A6-4D07-864C-F4AE79BDB6E9} - System32\Tasks\{65C49899-C1D3-43A4-8AC6-15C82D58B2BF} => C:\Program Files (x86)\RebateInformer\RebateInf.exe 
C:\Program Files (x86)\RebateInformer
Task: {2EEB3F91-8212-4744-B228-C79E6B96A875} - System32\Tasks\{7CF24B5F-6A18-4BEE-96BC-3FE94E39E534} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Temp\Temp1_SSEStandard_18.06.zip\SSEStandard_18.06.exe" <==== ACHTUNG
Task: {402D168B-1F82-4DF2-A80D-1CBFEFEEDE4F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {490321FD-8935-46A0-AF88-9DB6D215F631} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6AACFC53-422D-4D2E-A5CF-067A17F74F19} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {72C40A44-95A0-4A58-8222-687BD60CC79A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8C555340-9B75-4360-AEEC-01B72B5D356A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D5BA1EAD-DF18-424A-9E2B-692090952414} - \StartPoint Updater -> Keine Datei <==== ACHTUNG
Task: {D722B035-31A5-4EE4-BF54-DF5404720178} - System32\Tasks\{6A0ACE63-D1C9-4353-B7B5-EB11A33494D0} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUHBORG7\AVM_FRITZ!WLAN_Repeater_450E_Assistent.exe" -d "C:\Users\Heinz Ingenillem\Desktop"
Task: {E085489E-3B83-4689-A4A6-7C10F88F196B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {E34AB574-45B8-491A-B358-7B58957E651E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
MSCONFIG\startupreg: FilmFanatic AppIntegrator 32-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: FilmFanatic AppIntegrator 64-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: FilmFanatic EPM Support => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pamedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: FilmFanatic Search Scope Monitor => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RadioRage EPM Support => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: RadioRage Home Page Guard 64 bit => "C:\PROGRA~2\RADIOR~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader 64 => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon64.exe
MSCONFIG\startupreg: Zwinky EPM Support => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Zwinky Home Page Guard 64 bit => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Zwinky Search Scope Monitor => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon.exe
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader 64 => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 20.02.2017, 22:18   #9
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von Heinz Ingenillem (20-02-2017 22:09:11) Run:1
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Geladene Profile: Heinz Ingenillem & _ocster_backup_ &  (Verfügbare Profile: Heinz Ingenillem & _ocster_backup_ & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
Task: {01D00FCF-8E0A-4DF4-BB45-65DEBB77994B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {0C01A385-94F4-40FB-828C-3AE9B5B7EDFA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {1DCF2261-D94C-4022-B42D-B0EC8BDFECCB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {2A6F5C87-BF01-4333-ABCB-37922D1CA12E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {2BF400FA-81A6-4D07-864C-F4AE79BDB6E9} - System32\Tasks\{65C49899-C1D3-43A4-8AC6-15C82D58B2BF} => C:\Program Files (x86)\RebateInformer\RebateInf.exe 
C:\Program Files (x86)\RebateInformer
Task: {2EEB3F91-8212-4744-B228-C79E6B96A875} - System32\Tasks\{7CF24B5F-6A18-4BEE-96BC-3FE94E39E534} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Temp\Temp1_SSEStandard_18.06.zip\SSEStandard_18.06.exe" <==== ACHTUNG
Task: {402D168B-1F82-4DF2-A80D-1CBFEFEEDE4F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {490321FD-8935-46A0-AF88-9DB6D215F631} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6AACFC53-422D-4D2E-A5CF-067A17F74F19} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {72C40A44-95A0-4A58-8222-687BD60CC79A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {8C555340-9B75-4360-AEEC-01B72B5D356A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D5BA1EAD-DF18-424A-9E2B-692090952414} - \StartPoint Updater -> Keine Datei <==== ACHTUNG
Task: {D722B035-31A5-4EE4-BF54-DF5404720178} - System32\Tasks\{6A0ACE63-D1C9-4353-B7B5-EB11A33494D0} => pcalua.exe -a "C:\Users\Heinz Ingenillem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BUHBORG7\AVM_FRITZ!WLAN_Repeater_450E_Assistent.exe" -d "C:\Users\Heinz Ingenillem\Desktop"
Task: {E085489E-3B83-4689-A4A6-7C10F88F196B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {E34AB574-45B8-491A-B358-7B58957E651E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
MSCONFIG\startupreg: FilmFanatic AppIntegrator 32-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: FilmFanatic AppIntegrator 64-bit => C:\PROGRA~2\FILMFA~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: FilmFanatic EPM Support => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pamedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: FilmFanatic Search Scope Monitor => "C:\PROGRA~2\FILMFA~2\bar\1.bin\pasrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RadioRage EPM Support => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: RadioRage Home Page Guard 64 bit => "C:\PROGRA~2\RADIOR~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: RadioRage Search Scope Monitor => "C:\PROGRA~2\RADIOR~2\bar\1.bin\4jsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon.exe
MSCONFIG\startupreg: RadioRage_4j Browser Plugin Loader 64 => C:\PROGRA~2\RADIOR~2\bar\1.bin\4jbrmon64.exe
MSCONFIG\startupreg: Zwinky EPM Support => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: Zwinky Home Page Guard 64 bit => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\AppIntegrator64.exe"
MSCONFIG\startupreg: Zwinky Search Scope Monitor => "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon.exe
MSCONFIG\startupreg: Zwinky_5q Browser Plugin Loader 64 => C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Prozesse erfolgreich geschlossen.
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\SOFTWARE\Policies\Microsoft\Internet Explorer => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01D00FCF-8E0A-4DF4-BB45-65DEBB77994B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01D00FCF-8E0A-4DF4-BB45-65DEBB77994B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C01A385-94F4-40FB-828C-3AE9B5B7EDFA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C01A385-94F4-40FB-828C-3AE9B5B7EDFA} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DCF2261-D94C-4022-B42D-B0EC8BDFECCB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DCF2261-D94C-4022-B42D-B0EC8BDFECCB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A6F5C87-BF01-4333-ABCB-37922D1CA12E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A6F5C87-BF01-4333-ABCB-37922D1CA12E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BF400FA-81A6-4D07-864C-F4AE79BDB6E9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BF400FA-81A6-4D07-864C-F4AE79BDB6E9} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{65C49899-C1D3-43A4-8AC6-15C82D58B2BF} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{65C49899-C1D3-43A4-8AC6-15C82D58B2BF} => Schlüssel erfolgreich entfernt
"C:\Program Files (x86)\RebateInformer" => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EEB3F91-8212-4744-B228-C79E6B96A875} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EEB3F91-8212-4744-B228-C79E6B96A875} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{7CF24B5F-6A18-4BEE-96BC-3FE94E39E534} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7CF24B5F-6A18-4BEE-96BC-3FE94E39E534} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{402D168B-1F82-4DF2-A80D-1CBFEFEEDE4F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{402D168B-1F82-4DF2-A80D-1CBFEFEEDE4F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{490321FD-8935-46A0-AF88-9DB6D215F631} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{490321FD-8935-46A0-AF88-9DB6D215F631} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6AACFC53-422D-4D2E-A5CF-067A17F74F19} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AACFC53-422D-4D2E-A5CF-067A17F74F19} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{72C40A44-95A0-4A58-8222-687BD60CC79A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72C40A44-95A0-4A58-8222-687BD60CC79A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8C555340-9B75-4360-AEEC-01B72B5D356A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C555340-9B75-4360-AEEC-01B72B5D356A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5BA1EAD-DF18-424A-9E2B-692090952414} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5BA1EAD-DF18-424A-9E2B-692090952414} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartPoint Updater => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D722B035-31A5-4EE4-BF54-DF5404720178} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D722B035-31A5-4EE4-BF54-DF5404720178} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\{6A0ACE63-D1C9-4353-B7B5-EB11A33494D0} => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6A0ACE63-D1C9-4353-B7B5-EB11A33494D0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E085489E-3B83-4689-A4A6-7C10F88F196B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E085489E-3B83-4689-A4A6-7C10F88F196B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E34AB574-45B8-491A-B358-7B58957E651E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E34AB574-45B8-491A-B358-7B58957E651E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FilmFanatic AppIntegrator 32-bit => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FilmFanatic AppIntegrator 64-bit => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FilmFanatic EPM Support => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FilmFanatic Search Scope Monitor => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RadioRage EPM Support => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RadioRage Home Page Guard 64 bit => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RadioRage Search Scope Monitor => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RadioRage_4j Browser Plugin Loader => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RadioRage_4j Browser Plugin Loader 64 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zwinky EPM Support => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zwinky Home Page Guard 64 bit => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zwinky Search Scope Monitor => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zwinky_5q Browser Plugin Loader => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Zwinky_5q Browser Plugin Loader 64 => Schlüssel erfolgreich entfernt

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152351747\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wert erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02192017152423926\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wert erfolgreich entfernt


========= Ende von RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= Ende von CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 526174957 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -1090228 B
Edge => 9380461 B
Chrome => 24399413 B
Firefox => 8146374 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 814 B
NetworkService => 0 B
Heinz Ingenillem => 275089266 B
_ocster_backup_ => 0 B
DefaultAppPool => 6168 B

RecycleBin => 0 B
EmptyTemp: => 803.1 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 22:11:01 ====
         

Alt 21.02.2017, 15:54   #10
M-K-D-B
/// TB-Ausbilder
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Fehlen noch die anderen Schritte...
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 21.02.2017, 20:10   #11
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3c7fff2855965b4185b6c2abf52d6b4a
# end=init
# utc_time=2017-02-20 09:19:54
# local_time=2017-02-20 10:19:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32470
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3c7fff2855965b4185b6c2abf52d6b4a
# end=updated
# utc_time=2017-02-20 09:23:31
# local_time=2017-02-20 10:23:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3c7fff2855965b4185b6c2abf52d6b4a
# engine=32470
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-21 01:30:24
# local_time=2017-02-21 02:30:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 97 128219 38491559 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 13785151 41454767 0 0
# scanned=473192
# found=2
# cleaned=0
# scan_time=14812
sh=DB4E28B7C4C2501FE11773B02E219F507A930B34 ft=1 fh=3695d9e27bec7ee5 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\Heinz Ingenillem\Downloads\Classic Shell - CHIP-Installer.exe.vir"
sh=50A70061340F7ECABFC522C68FBA74FF6CC622B7 ft=1 fh=44f86d506d20ad8c vn="Win32/Adware.Cydoor Anwendung" ac=I fn="D:\FESTPLATTE\WINDOWS\SYSTEM32\cd_clint.dll"
         
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : HEINZLAPTOP
   Windows . . . . . . . : 10.0.0.10586.X64/4
   User name . . . . . . : HEINZLAPTOP\Heinz Ingenillem
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-02-21 19:49:20
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 18s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 176

   Objects scanned . . . : 2.510.312
   Files scanned . . . . : 138.683
   Remnants scanned  . . : 826.800 files / 1.544.829 keys

Suspicious files ____________________________________________________________

   C:\Users\Heinz Ingenillem\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.422.784 bytes
      Age  . . . . . . . : 2.4 days (2017-02-19 10:36:20)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C2280BABEB08B58E46141BA6BE499ACA4779C2DE22910F8C56BCD041AD8E07D6
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Heinz Ingenillem\Desktop\FRST64.exe
      Size . . . . . . . : 2.422.784 bytes
      Age  . . . . . . . : 0.9 days (2017-02-20 22:08:35)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 49CE8654FAF2CE65F8A87A16D0C202D3679C5A9A1F971D670DF2C67827F77500
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.3s C:\Users\Heinz Ingenillem\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
         -0.3s C:\Users\Heinz Ingenillem\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
          0.0s C:\Users\Heinz Ingenillem\Desktop\FRST64.exe
          1.2s C:\Users\Heinz Ingenillem\Desktop\FRST-OlderVersion\


Malware remnants ____________________________________________________________

   HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ (Adware.Playook)

Potential Unwanted Programs _________________________________________________

   C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS (DriverRestore)
      Size . . . . . . . : 20.872 bytes
      Age  . . . . . . . : 914.2 days (2014-08-22 16:04:31)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F
      Product  . . . . . : DriverAgent
      Publisher  . . . . : Phoenix Technologies
      Description  . . . : DriverAgent Direct I/O for 64-bit Windows
      Version  . . . . . : 6.0
      Copyright  . . . . : EnTech Taiwan, 1997-2009
      RSA Key Size . . . : 2048
      Service  . . . . . : DrvAgent64
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -4.0
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\DrvAgent64\

   HKLM\SOFTWARE\Classes\CLSID\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}\ (MindSpark)
   HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector.1\ (MindSpark)
   HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{00A9855C-9193-44D7-B206-5AC035147E44}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{039CF632-1F0F-437F-B48F-051E92E70980}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{15D6A7F5-0A22-4CE0-BA41-54BB5F62C02F}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{2FDB59A0-4024-4CED-94CF-B01E217DE4E5}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{30884828-9192-4B42-956C-75717FF8766D}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{30AE6757-B1D4-4CD5-8FEC-A9B6A545EF64}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{32BD8BA2-EBB8-4131-A771-4FF3DDE7FEF8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{367DFE4B-7078-41FE-B1DD-6A6318C7DFF9}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{37B204F8-CD97-409B-BDBF-41C0EC0DFF24}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{38C1B7DA-9876-4DEA-B740-19C4F57CE8E8}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{3B3CA1AE-28B7-4D93-82C0-0B424E22B4F0}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{3C8E293A-99C8-45E1-93A3-77DAB6BB7928}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{446BBEE0-5506-48F4-B0FC-01B35D887DE8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{516434A0-985D-4312-843C-C92B3E19FC2D}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{65267FD2-5B4E-48F7-A918-8E2697AEBB39}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{69470931-F756-4CF7-A02C-A701C2B1F453}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{6D32BB6F-7969-48BF-836A-C14CDFC72D72}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{6E1CC883-54EB-47D3-96BC-B586CB8C2BD9}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{6E3D1C6D-690C-4108-ADEE-A61DD73F1F41}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{76745572-7E46-4795-9BFF-38EEDB8ADE5A}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{7AA25D2F-B798-4050-BD09-640EEDC774A8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{7AFA5495-6C01-4BB8-AE21-C3BD6AB2F17C}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{8098DA46-D5D4-4FE5-82E8-9915FD5F4870}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{80D8F301-753E-4552-A349-4C4D7A0F5831}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{82069639-C517-4207-AB3F-8A3022B1D595}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{89202E29-EEA2-451E-A6A0-205D32C6762F}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{89E881AC-8277-4EEB-81CB-FA23453FE835}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{8D453B92-39B9-49D3-8265-263ECCF0B9C3}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{A0C2126B-5729-45CD-8F45-D549DF4D50D8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{A126B97A-C84F-40EE-B9D0-1276892A879E}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A1448C6E-0452-4550-B852-A1CE666D4907}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{A93A372A-0AD5-4939-A228-7F4152124EA6}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{AA01DD23-7B56-483E-9655-0613D0FC7479}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{AC73709C-65EF-462E-A665-D893C2655BA3}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{AE8842CE-166D-49AC-A455-97E1E9F4FB09}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{AF48FD80-B19A-4589-A8B5-0F3C9922BC8C}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{B25A203C-23F4-4332-8C3E-C9F5B2573F7D}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{B47151A4-CF8B-4481-A41A-BCF127431C01}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{B6395E0E-3DB2-40F8-94D8-DA605C52BCA5}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{B721505E-F0C2-45E9-A0EB-D4EA951B4263}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{CAF2DE16-C6A0-41F9-9859-1557D7FA2C95}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{CC58604C-3BD5-4D3F-B391-4F6DA0B387D3}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{CCA39EF6-65F5-4FB1-9210-1F3C4ABBD39B}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D0992644-B7E0-41BE-A279-8F9564303169}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D4C6D911-00C3-4B4C-A13B-F1DC381CB8E9}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{D579E3FE-AE7E-476D-86D6-0950C22D90AD}\ (ZwinkyToolbar)
   HKLM\SOFTWARE\Classes\Interface\{D57E34F7-4964-4A31-B7FD-82EE88C1F351}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D7130148-0EF2-47BB-BAE8-E31D879E08F1}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D71C4580-C7B1-47CD-8A9C-4C575BE02790}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D8DC06AF-7BC3-460D-9C7E-A4594FA453DF}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{D93A719B-39C7-44B5-9450-D70045169D75}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{DDA4185E-AACE-4554-8BD8-6410B066E315}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{DF0CC8C4-AC0E-432D-83E0-FE5D1C60DBBB}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{E083908B-BD7D-414D-A96B-5D3345593181}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{E42D4E52-3FE9-41D3-A7AF-13B664C75DDC}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{E46C7038-E23E-4310-889F-04050999876E}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{E4C503B1-56BE-4A06-812D-748718247ACF}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{ED51BFC0-F800-4201-87D3-9F2559679037}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{EDF57AF7-8A46-4735-98F3-AE96B3BAF6C5}\ (ZwinkyToolbar)
   HKLM\SOFTWARE\Classes\Interface\{EE54BA06-C150-4BF3-B3F3-D156767FBA12}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{EEA25A88-7BCC-46CA-BF20-B85EBA1CEEB2}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{F2B8FCF4-73EA-4D12-AAFE-72909AFBA0A4}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{F2EAA98F-F182-4F5C-B38E-A371BB0BDCF1}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{F5270989-F4C2-469D-A107-AE3192A21E85}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{F95EE953-EA40-4277-9D5A-C5D2DD7118A7}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{FA7B5E21-57B6-4527-8863-6221854EDAA6}\ (RadioRage)
   HKLM\SOFTWARE\Classes\Interface\{FC65300A-DC43-4D86-B153-E59CF6E74216}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{FD98D4FF-3371-4F27-9EC4-9A790A589A26}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42}\ (MindSpark)
   HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1\ (RadioRage)
   HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector\ (RadioRage)
   HKLM\SOFTWARE\Classes\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC}\ (MindSpark)
   HKLM\SOFTWARE\Classes\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205}\ (MindSpark)
   HKLM\SOFTWARE\Classes\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85}\ (MindSpark)
   HKLM\SOFTWARE\Classes\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE}\ (MindSpark)
   HKLM\SOFTWARE\Classes\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E}\ (MindSpark)
   HKLM\SOFTWARE\Classes\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B}\ (MindSpark)
   HKLM\SOFTWARE\Classes\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7f5aebd9-3d48-43be-abca-0aefd286c4cd}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a7583d7e-f1b5-415b-8021-f63aef937dd1}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{00A9855C-9193-44D7-B206-5AC035147E44}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{70C69E3F-6EBD-4914-B480-859A52042FF4}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{798C273C-9B95-405C-9226-A18BFCA068B3}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0992644-B7E0-41BE-A279-8F9564303169}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B}\ (MindSpark)
   HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B}\ (MindSpark)
   HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector.1\ (MindSpark)
   HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector\ (MindSpark)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076c037f-c081-4fd9-a82a-fd4f00a419e9}\ (MindSpark)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0a7ef307-3a60-4970-a10d-f5b729a3e669}\ (MindSpark)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{387abd54-5e83-4e03-b020-6a6e5eafe1f4}\ (MindSpark)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A0368956-D0FA-4F97-BA34-0B4AC5331EEE}\ (MindSpark)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cf580322-4320-4755-b65d-7d27ee5baf5b}\ (MindSpark)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3}\ (RadioRage)
   HKLM\SYSTEM\ControlSet001\Services\DrvAgent64\ (DriverRestore)
   HKLM\SYSTEM\CurrentControlSet\Services\DrvAgent64\ (DriverRestore)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}\ (RadioRage)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}\ (RadioRage)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}\ (RadioRage)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}\ (RadioRage)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}\ (RadioRage)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}\ (RadioRage)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19}\ (MindSpark)
   HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}\ (MindSpark)
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
durchgeführt von Heinz Ingenillem (Administrator) auf HEINZLAPTOP (21-02-2017 20:06:38)
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Geladene Profile: Heinz Ingenillem & _ocster_backup_ & DefaultAppPool &  (Verfügbare Profile: Heinz Ingenillem & _ocster_backup_ & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Microsoft Corporation) C:\WINDOWS\System32\mqsvc.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\WINDOWS\SysWOW64\Rezip.exe
(Broadcom Corporation.) C:\WINDOWS\System32\BtwRSupportService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Ocster Backup\bin\backupService-ox.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Ocster Backup\bin\oxHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-18] (Realtek Semiconductor)
HKLM\...\Run: [Ocster Backup] => C:\Program Files\Ocster Backup\bin\backupClient-ox.exe [314680 2015-03-05] ()
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020051247\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020057335\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files\Common Files\1&1 Sync\1&1SyncShellExtension64_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 1] -> {02B2B772-B8A8-4DA4-9B18-42551A54A1A8} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 2] -> {0575AB16-E932-4160-8936-4DBE195BDBD7} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 3] -> {0E9EF89A-96D3-4DE6-B2F8-E9548AA5321E} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ 1&1 Sync Overlay 4] -> {1A4AFFE1-B2F9-483D-B627-D9A339DBFD34} => C:\Program Files (x86)\Common Files\1&1 Sync\1&1SyncShellExtension_1_0_0_3_20150812000227471.dll [2015-07-23] (1&1 Mail & Media GmbH)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{14992797-037e-4166-974e-034f215f4baa}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{7a97b070-ded8-46fa-8171-1a9e8bd8143d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{c60de602-45b1-48f4-a158-c236ba4ac340}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f268a70c-eeb8-49f8-9ca1-e64ca81f7bbc}: [DhcpNameServer] 139.7.30.126 139.7.30.125

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {0DCDFC37-895F-4FA4-B0F6-2AD2E7300CE6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {1199CB04-489F-4507-9B08-5B83FDFE7FDB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {34F7AB04-0A5C-470D-8E55-23822898DBCF} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {5005F082-B204-4B9E-9272-AFB4116CD6F7} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> {AB730F28-1225-4D0D-B2C8-DEEE451B6E32} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> {0DCDFC37-895F-4FA4-B0F6-2AD2E7300CE6} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> {1199CB04-489F-4507-9B08-5B83FDFE7FDB} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> {34F7AB04-0A5C-470D-8E55-23822898DBCF} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> {5005F082-B204-4B9E-9272-AFB4116CD6F7} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> {AB730F28-1225-4D0D-B2C8-DEEE451B6E32} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-30] (Google Inc.)
Toolbar: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default [2017-02-20]
FF Homepage: Mozilla\Firefox\Profiles\bhI9ckTj.default -> chrome://unitedtb/content/newtab/startpage.xhtml
FF Extension: (Avira Browser Safety) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\abs@avira.com [2017-02-16]
FF Extension: (Avira Browser Safety) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\abs@avira.com.xpi [2016-01-26]
FF Extension: (WEB.DE MailCheck) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\browser-mailcheck@web.de [2015-10-26]
FF Extension: (Avira SafeSearch Plus) - C:\Users\Heinz Ingenillem\AppData\Roaming\Mozilla\Firefox\Profiles\bhI9ckTj.default\Extensions\safesearchplus@avira.com [2017-02-16] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nicht gefunden
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=de
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => Keine Datei
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => Keine Datei
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => Keine Datei
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Keine Datei
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL => Keine Datei
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => Keine Datei
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll => Keine Datei
CHR Profile: C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Docs) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-22]
CHR Extension: (Google Drive) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22]
CHR Extension: (Google-Suche) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-08]
CHR Extension: (Adobe Acrobat) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-13]
CHR Extension: (Avira Browserschutz) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-13]
CHR Extension: (Google Mail) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Heinz Ingenillem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nicht gefunden>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-24] (Adobe Systems) [Datei ist nicht signiert]
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [25232 2016-12-09] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-07] (Dropbox, Inc.)
S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2017\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) [Datei ist nicht signiert]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-15] (Nero AG)
R2 ocster_backup; c:\Program Files\Ocster Backup\bin\backupService-ox.exe [23864 2015-03-05] ()
S3 Olympus DVR Service; C:\Program Files (x86)\Common Files\Olympus Shared\DeviceManager\olydvrsv.exe [174592 2012-11-08] (OLYMPUS IMAGING CORP.) [Datei ist nicht signiert]
R2 Rezip; C:\Windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153904 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-06-03] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-21] (Malwarebytes)
S3 SD11CL64; C:\WINDOWS\system32\DRIVERS\SD11CL64.sys [96512 2011-01-24] (SCM Microsystems Inc.)
S3 SDI01164; C:\WINDOWS\system32\DRIVERS\SDI01164.SYS [75904 2011-01-24] (SCM Microsystems Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x64.sys [288768 2015-10-30] (Marvell)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-21 19:46 - 2017-02-21 20:05 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-21 19:46 - 2017-02-21 19:46 - 11581544 _____ (SurfRight B.V.) C:\Users\Heinz Ingenillem\Downloads\HitmanPro_x64.exe
2017-02-20 22:18 - 2017-02-20 22:19 - 02870984 _____ (ESET) C:\Users\Heinz Ingenillem\Downloads\esetsmartinstaller_deu.exe
2017-02-20 22:09 - 2017-02-20 22:11 - 00017028 _____ C:\Users\Heinz Ingenillem\Desktop\Fixlog.txt
2017-02-20 22:08 - 2017-02-20 22:08 - 00000000 ____D C:\Users\Heinz Ingenillem\Desktop\FRST-OlderVersion
2017-02-19 16:02 - 2017-02-19 16:02 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT.exe
2017-02-19 15:58 - 2017-02-19 15:58 - 00001570 _____ C:\Users\Heinz Ingenillem\Desktop\mbam.txt
2017-02-19 15:22 - 2017-02-21 18:31 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-19 15:22 - 2017-02-20 22:17 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-19 15:22 - 2017-02-20 22:17 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-19 15:22 - 2017-02-19 15:22 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-19 15:21 - 2017-02-19 15:21 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-19 15:21 - 2017-02-19 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-19 15:21 - 2017-02-19 15:21 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-19 15:21 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-19 15:20 - 2017-02-19 15:21 - 55566792 _____ (Malwarebytes ) C:\Users\Heinz Ingenillem\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-19 15:08 - 2017-02-19 15:09 - 04015056 _____ C:\Users\Heinz Ingenillem\Desktop\AdwCleaner_6.043 (2).exe
2017-02-19 10:46 - 2017-02-19 15:08 - 00263598 _____ C:\TDSSKiller.3.1.0.12_19.02.2017_10.46.24_log.txt
2017-02-19 10:41 - 2017-02-19 16:13 - 00058544 _____ C:\Users\Heinz Ingenillem\Desktop\Addition.txt
2017-02-19 10:39 - 2017-02-21 20:07 - 00033907 _____ C:\Users\Heinz Ingenillem\Desktop\FRST.txt
2017-02-19 10:38 - 2017-02-21 20:06 - 00000000 ____D C:\FRST
2017-02-19 10:37 - 2017-02-19 10:46 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Heinz Ingenillem\Desktop\tdsskiller.exe
2017-02-19 10:36 - 2017-02-20 22:08 - 02422784 _____ (Farbar) C:\Users\Heinz Ingenillem\Desktop\FRST64.exe
2017-02-17 21:57 - 2017-02-17 21:57 - 02948080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-17 21:55 - 2017-02-17 21:55 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_pbgd8h0r37udghjpqtvx_wd (1).exe
2017-02-17 21:55 - 2017-02-17 21:55 - 00091224 _____ C:\Users\Heinz Ingenillem\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-17 21:53 - 2017-02-17 21:53 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_bmukzkars024s21kf9hc_wd.exe
2017-02-17 21:44 - 2017-02-17 21:44 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Heinz Ingenillem\Downloads\avira_de_absf0_3002733520_pbgd8h0r37udghjpqtvx_wd.exe
2017-02-16 01:12 - 2017-02-19 15:57 - 00000000 ____D C:\ProgramData\Ashampoo
2017-02-16 01:12 - 2017-02-16 01:12 - 00001565 _____ C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2017).lnk
2017-02-16 01:12 - 2017-02-16 01:12 - 00001329 _____ C:\Users\Public\Desktop\Ashampoo WinOptimizer 2017.lnk
2017-02-16 01:12 - 2017-02-16 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-02-16 01:12 - 2017-02-16 01:12 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2017-02-16 01:12 - 2009-08-24 21:13 - 00034304 _____ (mst software GmbH, Germany) C:\WINDOWS\system32\DfSdkBt.exe
2017-02-16 01:03 - 2017-02-16 01:04 - 22028168 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Heinz Ingenillem\Downloads\ashampoo_winoptimizer_2017_25315.exe
2017-02-16 00:41 - 2017-02-19 16:08 - 00000848 _____ C:\Users\Heinz Ingenillem\Desktop\JRT.txt
2017-02-16 00:35 - 2017-02-16 00:35 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT81.exe
2017-02-16 00:35 - 2017-02-16 00:35 - 01663040 _____ (Malwarebytes) C:\Users\Heinz Ingenillem\Downloads\JRT81 (1).exe
2017-02-16 00:22 - 2017-02-19 15:16 - 00000000 ____D C:\AdwCleaner
2017-02-16 00:21 - 2017-02-16 00:22 - 04015056 _____ C:\Users\Heinz Ingenillem\Downloads\adwcleaner_6.043 (1).exe
2017-02-16 00:21 - 2017-02-16 00:21 - 04015056 _____ C:\Users\Heinz Ingenillem\Downloads\adwcleaner_6.043.exe
2017-02-08 11:25 - 2017-02-08 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 05:38 - 2017-02-07 05:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-07 05:38 - 2017-02-07 05:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 15:32 - 2017-02-06 15:32 - 00001209 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-01-30 18:09 - 2017-01-30 18:10 - 00690080 _____ (Dropbox, Inc.) C:\Users\Heinz Ingenillem\Downloads\DropboxInstaller (3).exe
2017-01-24 19:37 - 2017-01-24 19:37 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-24 19:37 - 2017-01-24 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-24 19:36 - 2017-01-24 19:37 - 00000000 ____D C:\Program Files\iTunes
2017-01-24 19:36 - 2017-01-24 19:36 - 00000000 ____D C:\Program Files\iPod
2017-01-24 19:32 - 2017-01-24 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-21 20:02 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-21 19:57 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-21 19:48 - 2012-12-19 18:29 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-21 19:44 - 2016-08-02 16:38 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\ClassicShell
2017-02-21 19:15 - 2015-12-24 12:11 - 00001258 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-21 18:15 - 2015-12-24 12:11 - 00001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-21 13:32 - 2012-11-16 17:27 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BD2C414F-711A-4261-85AF-8BC95FBA7768}
2017-02-20 22:17 - 2012-11-26 10:10 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Ocster Backup
2017-02-20 22:16 - 2014-12-17 19:33 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-20 22:12 - 2016-01-12 22:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-20 22:12 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-02-19 15:21 - 2014-12-17 19:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-17 22:05 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 21:56 - 2016-09-25 22:27 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\D54FC705-5AAC-4D60-B100-8972879436F5.aplzod
2017-02-16 01:24 - 2016-01-12 20:04 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-16 00:49 - 2015-08-26 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-16 00:49 - 2012-12-22 20:49 - 00000000 ____D C:\ProgramData\Avira
2017-02-16 00:49 - 2012-12-22 20:49 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-16 00:29 - 2014-02-06 19:30 - 00000000 ____D C:\Program Files (x86)\iolo
2017-02-16 00:22 - 2013-11-06 17:24 - 00003518 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2017-02-15 22:53 - 2016-01-12 20:14 - 00000000 ____D C:\Users\_ocster_backup_
2017-02-10 18:24 - 2013-04-11 20:51 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-10 18:24 - 2013-04-11 20:51 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-08 11:25 - 2015-12-24 12:15 - 00000000 ___RD C:\Users\Heinz Ingenillem\Dropbox
2017-02-08 11:25 - 2015-12-24 12:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 15:32 - 2014-06-11 21:45 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-03 14:31 - 2015-12-24 12:07 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Dropbox
2017-01-30 18:10 - 2015-12-24 12:11 - 00004318 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-01-30 18:10 - 2015-12-24 12:11 - 00004086 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-01-24 23:54 - 2016-09-25 22:25 - 00000000 ___RD C:\Users\Heinz Ingenillem\iCloudDrive
2017-01-24 23:54 - 2013-10-27 15:59 - 00000000 ____D C:\Users\Heinz Ingenillem\AppData\Local\Apple Computer
2017-01-24 19:36 - 2013-10-27 15:56 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-24 13:28 - 2016-01-14 10:17 - 00000000 ____D C:\Users\DefaultAppPool

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-03 16:04 - 2014-01-03 16:04 - 0000325 _____ () C:\Users\Heinz Ingenillem\AppData\Roaming\mplex-log.log
2015-10-22 10:51 - 2015-10-22 10:52 - 1154916 _____ () C:\Users\Heinz Ingenillem\AppData\Roaming\WrapAnGo_Install.log
2014-01-03 16:01 - 2014-01-03 16:01 - 0003584 _____ () C:\Users\Heinz Ingenillem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-03 19:41 - 2014-11-03 19:41 - 0004096 ____H () C:\Users\Heinz Ingenillem\AppData\Local\keyfile3.drm
2016-08-02 16:55 - 2016-08-02 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-01-12 20:10 - 2016-01-12 20:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-11-15 17:43 - 2010-01-16 07:15 - 0131368 _____ () C:\ProgramData\FullRemove.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-13 22:54

==================== Ende von FRST.txt ============================
         

Alt 21.02.2017, 20:13   #12
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von Heinz Ingenillem (21-02-2017 20:08:12)
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-12 22:18:40)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3457901039-3679683318-3372754741-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3457901039-3679683318-3372754741-503 - Limited - Disabled)
Gast (S-1-5-21-3457901039-3679683318-3372754741-501 - Limited - Disabled)
Heinz Ingenillem (S-1-5-21-3457901039-3679683318-3372754741-1000 - Administrator - Enabled) => C:\Users\Heinz Ingenillem
HomeGroupUser$ (S-1-5-21-3457901039-3679683318-3372754741-1003 - Limited - Enabled)
_ocster_backup_ (S-1-5-21-3457901039-3679683318-3372754741-1015 - Administrator - Enabled) => C:\Users\_ocster_backup_

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACDSee Foto-Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.113 - ACD Systems International)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon Kindle (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Ashampoo WinOptimizer 2017 (HKLM-x32\...\{4209F371-6CE9-533C-2CDC-94E053273B35}_is1) (Version: 14.00.04 - Ashampoo GmbH & Co. KG)
Atheros Client Installation Program (HKLM-x32\...\{D1434266-0486-4469-B338-A60082CC04E1}) (Version: 1.0.2.1119 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{F8FEEFC0-D7D6-9A40-28E9-1E7A6716E803}) (Version: 3.0.774.0 - ATI Technologies, Inc.)
AusweisApp2 (HKLM-x32\...\{8BC126FD-2F56-4B56-9363-54C3D0027BC6}) (Version: 1.10.1 - Governikus GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Software Updater (HKLM-x32\...\{115347FE-037B-4F4D-86F2-057FEF294C7A}) (Version: 1.2.4.459 - Avira Operations GmbH & Co. KG)
BatteryLifeExtender (HKLM-x32\...\{74A579FB-EB06-497D-B194-01590D6FE51A}) (Version: 1.0.5 - Samsung)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.44 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon iP4600 series Benutzerregistrierung (HKLM-x32\...\Canon iP4600 series Benutzerregistrierung) (Version:  - )
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Canon iP5300 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300) (Version:  - )
Canon iP5300 Benutzerregistrierung (HKLM-x32\...\Canon iP5300 Benutzerregistrierung) (Version:  - )
Canon MG2400 series Benutzerregistrierung (HKLM-x32\...\Canon MG2400 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG2400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2400_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Canon Setup Utility 2.3 (HKLM-x32\...\Canon Setup Utility 2.3) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM-x32\...\Easy-PrintToolBox) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2010.0504.2152.37420 - ATI) Hidden
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version:  - )
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.3911 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0.0.13 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.0.11 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
GALILEOS Viewer 1.9 (HKLM-x32\...\{A1AD28CE-ADDF-46F1-94DC-7D7ACBC1451B}) (Version: 1.9.4368.23293 - SICAT GmbH & Co. KG)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{C1586445-E3CA-45F0-A754-E6C2784CDDB7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{0493048C-CB1A-44B7-8BB3-8467AF7BA9E4}) (Version: 6.1.2.13 - Apple Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.3.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Leawo PowerPoint to Video Converter version 2.6.0.68 (HKLM-x32\...\{5D5CB188-F9B1-4103-B2AD-07FB33068377}_is1) (Version: 2.6.0.68 - Leawo Software)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.22.3.3 - Marvell)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ Run Time  Lib Setup (HKLM-x32\...\{AAF4238F-7C29-451D-9925-C753271A5728}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 Essentials (HKLM-x32\...\{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}) (Version: 8.10.124 - Nero AG)
Ocster Backup Pro (HKLM\...\Ocster Backup) (Version: 7.25 - Ocster GmbH & Co. KG)
Olympus Sonority (HKLM-x32\...\{40CAF5AE-4E70-46C8-8AD8-4A036D32525C}) (Version: 1.4.3 - OLYMPUS IMAGING CORP.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Software (HKLM-x32\...\{0F796312-289C-40CA-856C-9FBCF5E83342}) (Version: 0133.09.1202 - REALTEK Semiconductor Corp.)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.0.2 - Samsung)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version:  - )
SDI011 dual interface reader (HKLM-x32\...\{D0ED9100-DFFB-482C-8DB6-C626264757BD}) (Version: 1.01 - SCM Microsystems)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.08 - Wolters Kluwer Deutschland GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
WEB.DE Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.7.3288.0 (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\WEB.DE Application {sync-000021}) (Version: 1.7.3288.0 - 1&1 Mail & Media GmbH)
WEB.DE Online-Speicher 1.7.3288.0 (HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\WEB.DE Application {sync-000021}) (Version: 1.7.3288.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.3.0 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5100 - Broadcom Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
xp-AntiSpy 3.98-2 (HKLM-x32\...\xp-AntiSpy) (Version:  - Christian Taubenheim)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {08B1E403-5E99-4442-9FBC-1CDE805C3869} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {0A24FA2F-60BF-4E04-ACBB-48EB340D72B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {2034FBDC-8133-4EA8-9C3C-BB160A466B29} - System32\Tasks\{28BBA9C6-1BD6-46B6-9A93-026BC367C8F9} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2016-07-13] (Microsoft Corporation)
Task: {33651EEF-49A0-4D78-96CA-5991A5F9063B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {35D11107-D724-4016-A04D-1ADE966D6E81} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3F8C6B78-458F-4271-9CFC-F64153FA42A7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4621CC95-D313-4AA0-9F85-62FC71D9B3CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5418157C-D269-406C-9D4D-4898D3A3A5BB} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe 
Task: {59F6559E-68DD-4267-8358-37E5D15F09FF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {5CF36949-FD5A-41EB-AE31-449EAB146F26} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {5DFFBBE7-BABA-43B4-BB03-AD5EA78D7B0C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {5EFBF41A-7D39-41A3-B3BE-442F3D003ACE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {628E68EC-6937-4D81-8BA8-B4D751BCD6F6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {65BB4E39-7BAD-46EB-812D-78AFEE646FC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6788AA78-C2FB-4C17-9B41-5C59B6E76ED7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {72479FFC-3E62-4666-A953-BD7F1134974A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {730B76AF-FE46-42D9-BF5C-96A6DDCF0100} - System32\Tasks\{4AEE5819-BA08-466D-A743-4345307EBC4D} => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [2016-07-13] (Microsoft Corporation)
Task: {764F7340-D9D3-43CC-A7DD-C1BB080EA534} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {79F64FB6-7BA3-4578-879E-92F4792E7F9E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {7D72BB89-F85C-4CF8-84E3-30478B59A8D0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2017-01-17] (Apple Inc.)
Task: {8424B9FA-D071-447D-87A1-20C01E696C87} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {8813E5D3-87AE-4768-B14F-387BD05ACF8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2010-05-06] (SAMSUNG Electronics)
Task: {8B94A08B-9398-4C96-9D21-AB8C85537179} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {8EA67017-8342-4EFB-A291-CBCEFAF0C228} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {9202F68C-D5DE-4A4F-8E9D-99E29782ED82} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {AAB32179-5564-420E-B8FF-E7F375301F18} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-24] (Dropbox, Inc.)
Task: {ACE02E70-0F36-495E-953C-7A41766E5872} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {B02169B2-D495-4791-BD94-78C32FDC7A91} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B602A9BB-767F-4377-8BCA-893668DFB543} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B6944183-5896-491D-9611-0F1C4279B21E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {C022B5A4-B15C-434E-97AB-57C9102DA3A5} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2015-01-12] (1&1 Mail & Media GmbH)
Task: {C1CA1891-3770-4CD5-BADA-DA07D43AB181} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {CDF034BE-CB0F-4606-B2B5-2CAE65C9DF85} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {D0C44C76-5D6B-4CE3-9B6A-F3A13A1EAC73} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {D412E901-1A14-4D35-BD35-011A2D918339} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {D774F9DD-6A0C-478D-A6E1-DF1734E28C67} - System32\Tasks\SUPBackground => %ProgramFiles%\Samsung\Samsung Update Plus\SUPBackground.exe 
Task: {DE1283F7-400A-49D3-ABE9-EE84C8AB1184} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {EF6E1105-EF8C-40FB-B3F3-6429FD276456} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {F43D55E3-0586-46F5-811A-8F17C7F45332} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {F56B76B9-95E0-47F8-8A07-72DDB540B015} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {F9CE13F9-8BA6-4A7A-9512-FC0F318C1BB5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-03-29] (SAMSUNG Electronics co., LTD.)
Task: {FBB123CA-4231-4E0C-B703-51415B467FE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Heinz Ingenillem\Desktop\WEB.DE.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://go.web.de/tb/ie_desktop_portal

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-01 02:04 - 2009-03-05 10:54 - 00311296 _____ () C:\Windows\SysWOW64\Rezip.exe
2017-02-19 15:21 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-19 15:21 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-19 15:21 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-03-05 14:19 - 2015-03-05 14:19 - 00023864 _____ () c:\Program Files\Ocster Backup\bin\backupService-ox.exe
2015-03-05 14:19 - 2015-03-05 14:19 - 00109368 _____ () c:\Program Files\Ocster Backup\bin\backupServiceLib.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 11391800 _____ () c:\Program Files\Ocster Backup\bin\backupCore.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00166584 _____ () c:\Program Files\Ocster Backup\bin\deemon.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 05945656 _____ () c:\Program Files\Ocster Backup\bin\ox.dll
2015-03-05 11:49 - 2015-03-05 11:49 - 00324096 _____ () c:\Program Files\Ocster Backup\bin\party.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00249656 _____ () c:\Program Files\Ocster Backup\bin\crumb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00053560 _____ () c:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00368952 _____ () c:\Program Files\Ocster Backup\bin\tomb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00561336 _____ () c:\Program Files\Ocster Backup\bin\twirl.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00223032 _____ () c:\Program Files\Ocster Backup\bin\netutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00154936 _____ () c:\Program Files\Ocster Backup\bin\scoolite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00528696 _____ () c:\Program Files\Ocster Backup\bin\veem.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00022528 _____ () c:\Program Files\Ocster Backup\bin\zlibutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00060728 _____ () c:\Program Files\Ocster Backup\bin\minizutil.dll
2015-03-05 10:46 - 2015-03-05 10:46 - 00081920 _____ () c:\Program Files\Ocster Backup\bin\zdll.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00024248 _____ () c:\Program Files\Ocster Backup\bin\lz4util.dll
2015-03-05 11:43 - 2015-03-05 11:43 - 00049664 _____ () c:\Program Files\Ocster Backup\bin\lzma.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00626688 _____ () c:\Program Files\Ocster Backup\bin\sqlite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00041272 _____ () c:\Program Files\Ocster Backup\bin\lz4.dll
2015-03-05 13:22 - 2015-03-05 13:22 - 00053760 _____ () c:\Program Files\Ocster Backup\bin\oxHelper.exe
2016-09-14 09:35 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-14 09:35 - 2016-09-07 06:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-14 10:50 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-19 09:21 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-14 09:32 - 2016-09-07 05:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-14 09:31 - 2016-09-07 05:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 09:32 - 2016-09-07 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-14 09:32 - 2016-09-07 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00314680 _____ () C:\Program Files\Ocster Backup\bin\backupClient-ox.exe
2015-03-05 14:18 - 2015-03-05 14:18 - 06714168 _____ () C:\Program Files\Ocster Backup\bin\backupClientLib.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 05945656 _____ () C:\Program Files\Ocster Backup\bin\ox.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00423096 _____ () C:\Program Files\Ocster Backup\bin\updateman.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00157880 _____ () C:\Program Files\Ocster Backup\bin\featback.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 11391800 _____ () C:\Program Files\Ocster Backup\bin\backupCore.dll
2015-03-05 11:49 - 2015-03-05 11:49 - 00324096 _____ () C:\Program Files\Ocster Backup\bin\party.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00561336 _____ () C:\Program Files\Ocster Backup\bin\twirl.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00368952 _____ () C:\Program Files\Ocster Backup\bin\tomb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00223032 _____ () C:\Program Files\Ocster Backup\bin\netutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00166584 _____ () C:\Program Files\Ocster Backup\bin\deemon.dll
2015-03-05 10:46 - 2015-03-05 10:46 - 00081920 _____ () C:\Program Files\Ocster Backup\bin\zdll.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00249656 _____ () C:\Program Files\Ocster Backup\bin\crumb.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00053560 _____ () C:\Program Files\Ocster Backup\bin\lzmaUtil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00154936 _____ () C:\Program Files\Ocster Backup\bin\scoolite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00528696 _____ () C:\Program Files\Ocster Backup\bin\veem.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00022528 _____ () C:\Program Files\Ocster Backup\bin\zlibutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00060728 _____ () C:\Program Files\Ocster Backup\bin\minizutil.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00024248 _____ () C:\Program Files\Ocster Backup\bin\lz4util.dll
2015-03-05 11:43 - 2015-03-05 11:43 - 00049664 _____ () C:\Program Files\Ocster Backup\bin\lzma.dll
2015-03-05 11:38 - 2015-03-05 11:38 - 00626688 _____ () C:\Program Files\Ocster Backup\bin\sqlite.dll
2015-03-05 14:18 - 2015-03-05 14:18 - 00041272 _____ () C:\Program Files\Ocster Backup\bin\lz4.dll
2015-03-05 13:22 - 2015-03-05 13:22 - 00053760 _____ () C:\Program Files\Ocster Backup\bin\oxHelper.exe
2016-04-20 15:53 - 2016-04-20 15:53 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2017-02-10 18:24 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-10 18:24 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2010-06-01 02:09 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2016-04-20 15:53 - 2016-04-20 15:53 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 15:53 - 2016-04-20 15:53 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\127.0.0.1 -> hxxp://127.0.0.1
IE trusted site: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\127.0.0.1 -> hxxp://127.0.0.1

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz Ingenillem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\Control Panel\Desktop\\Wallpaper -> C:\Users\Heinz Ingenillem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020057335\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Device Detector 4.lnk => C:\Windows\pss\Device Detector 4.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk => C:\Windows\pss\Scanner Finder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Heinz Ingenillem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AppleIEDAV => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Easy-PrintToolBox => C:\Program Files (x86)\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\tray.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: MailCheck IE Broker => "C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UCam_Menu => "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "MailCheck IE Broker"
HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "InboxAce EPM Support"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "Adobe Reader Synchronizer"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\...\StartupApproved\Run: => "iCloudPhotos"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{285D78E1-792F-4615-8558-9777F6E9EBE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B9D95CD9-4C56-4A3A-9200-137567F5B33F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F89C9CD6-4BA6-415D-A834-CED45EB2EEBA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C41CD77F-AAB4-4299-8808-E94262CD7D34}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BFDE1792-FBD0-4E46-8F7F-92A6257ABEB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D70DF084-73A0-40C2-9E88-3D246405CB23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{873A7583-6E55-4526-9C4C-82D9B7B6611A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{401A9B2D-00C4-45C1-819D-A17B357EEC34}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{78C72CD4-D0B0-4A43-AA44-2EB29E5F7BB3}] => (Allow) svchost.exe
FirewallRules: [{14E32182-A762-4CF9-A196-6DF63EE1F4D1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{177E6684-8727-4206-9BD0-29B4D5C441C8}] => (Allow) LPort=5353
FirewallRules: [{B67EBE6D-7E1F-4078-8D03-C63E917396E6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8A24F57F-2D0E-4AE7-B484-0B5BFDCDF705}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{756B7AD2-1806-4273-A6F3-198922C37772}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{059A1D1B-193A-4B08-8DCB-AE1F6A279DE6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{121C53BF-8781-47A7-B5CE-EACD3CAEA4FC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{AB081C22-CE3D-40D0-B280-52D158DD38F8}] => (Allow) LPort=5357
FirewallRules: [{0BF7AF74-C8EB-42AB-B563-B6587AE57E74}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2 1.10.1\AusweisApp2.exe
FirewallRules: [{582803D0-0D99-4CCD-8D64-D805771FCB85}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CE5F1A57-9222-40B0-82F5-8FB82CA79AE8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{507440BE-4932-4130-8821-3D59FAD6228F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

18-02-2017 16:57:10 Geplanter Prüfpunkt
19-02-2017 16:02:39 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/21/2017 07:42:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/21/2017 07:40:08 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/21/2017 07:40:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/21/2017 07:40:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/21/2017 07:39:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/21/2017 02:34:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/21/2017 02:32:28 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/21/2017 02:32:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/20/2017 10:33:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_a2ddb3caa539acce.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.589_none_ea8aeaa1b9b5d5d4.manifest.

Error: (02/20/2017 10:21:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


Systemfehler:
=============
Error: (02/20/2017 10:23:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/20/2017 10:23:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HEINZI~1\AppData\Local\Temp\ehdrv.sys

Error: (02/20/2017 10:23:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/20/2017 10:23:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HEINZI~1\AppData\Local\Temp\ehdrv.sys

Error: (02/20/2017 10:23:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/20/2017 10:23:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HEINZI~1\AppData\Local\Temp\ehdrv.sys

Error: (02/20/2017 10:21:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/20/2017 10:21:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HEINZI~1\AppData\Local\Temp\ehdrv.sys

Error: (02/20/2017 10:21:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/20/2017 10:21:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\HEINZI~1\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2016-10-30 22:19:20.622
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-27 17:01:42.107
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-27 12:24:36.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-25 20:08:04.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-19 18:08:09.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-14 23:04:25.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-13 10:14:31.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-16 10:30:24.125
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-13 10:22:23.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-23 12:07:02.612
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
Prozentuale Nutzung des RAM: 64%
Installierter physikalischer RAM: 2986.16 MB
Verfügbarer physikalischer RAM: 1058.3 MB
Summe virtueller Speicher: 6058.16 MB
Verfügbarer virtueller Speicher: 3474.58 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:215.78 GB) (Free:46.49 GB) NTFS
Drive d: () (Fixed) (Total:62.21 GB) (Free:44.17 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4394EB81)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=215.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=62.2 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         
Danke danke danke ! Im Moment sehe ich noch keine weitern Probleme, Programme lassen sich normal öffnen...

Alt 21.02.2017, 20:39   #13
M-K-D-B
/// TB-Ausbilder
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Servus,




Zitat:
CHIP-Installer.exe
Bitte keinen Chip-Installer mehr verwenden! Bitte lesen: CHIP-Installer – was ist das?




Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
C:\Users\Heinz Ingenillem\Downloads\Classic Shell - CHIP-Installer.exe.vir
DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}
DeleteKey: HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector.1
DeleteKey: HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{00A9855C-9193-44D7-B206-5AC035147E44}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{039CF632-1F0F-437F-B48F-051E92E70980}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{15D6A7F5-0A22-4CE0-BA41-54BB5F62C02F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{2FDB59A0-4024-4CED-94CF-B01E217DE4E5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{30884828-9192-4B42-956C-75717FF8766D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{30AE6757-B1D4-4CD5-8FEC-A9B6A545EF64}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{32BD8BA2-EBB8-4131-A771-4FF3DDE7FEF8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{367DFE4B-7078-41FE-B1DD-6A6318C7DFF9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{37B204F8-CD97-409B-BDBF-41C0EC0DFF24}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{38C1B7DA-9876-4DEA-B740-19C4F57CE8E8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3B3CA1AE-28B7-4D93-82C0-0B424E22B4F0}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3C8E293A-99C8-45E1-93A3-77DAB6BB7928}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{446BBEE0-5506-48F4-B0FC-01B35D887DE8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{516434A0-985D-4312-843C-C92B3E19FC2D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{65267FD2-5B4E-48F7-A918-8E2697AEBB39}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{69470931-F756-4CF7-A02C-A701C2B1F453}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6D32BB6F-7969-48BF-836A-C14CDFC72D72}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6E1CC883-54EB-47D3-96BC-B586CB8C2BD9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6E3D1C6D-690C-4108-ADEE-A61DD73F1F41}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{76745572-7E46-4795-9BFF-38EEDB8ADE5A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7AA25D2F-B798-4050-BD09-640EEDC774A8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7AFA5495-6C01-4BB8-AE21-C3BD6AB2F17C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8098DA46-D5D4-4FE5-82E8-9915FD5F4870}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{80D8F301-753E-4552-A349-4C4D7A0F5831}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{82069639-C517-4207-AB3F-8A3022B1D595}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{89202E29-EEA2-451E-A6A0-205D32C6762F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{89E881AC-8277-4EEB-81CB-FA23453FE835}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8D453B92-39B9-49D3-8265-263ECCF0B9C3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A0C2126B-5729-45CD-8F45-D549DF4D50D8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A126B97A-C84F-40EE-B9D0-1276892A879E}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A1448C6E-0452-4550-B852-A1CE666D4907}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A93A372A-0AD5-4939-A228-7F4152124EA6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AA01DD23-7B56-483E-9655-0613D0FC7479}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AC73709C-65EF-462E-A665-D893C2655BA3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AE8842CE-166D-49AC-A455-97E1E9F4FB09}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AF48FD80-B19A-4589-A8B5-0F3C9922BC8C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B25A203C-23F4-4332-8C3E-C9F5B2573F7D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B47151A4-CF8B-4481-A41A-BCF127431C01}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B6395E0E-3DB2-40F8-94D8-DA605C52BCA5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B721505E-F0C2-45E9-A0EB-D4EA951B4263}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{CAF2DE16-C6A0-41F9-9859-1557D7FA2C95}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{CC58604C-3BD5-4D3F-B391-4F6DA0B387D3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{CCA39EF6-65F5-4FB1-9210-1F3C4ABBD39B}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D0992644-B7E0-41BE-A279-8F9564303169}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D4C6D911-00C3-4B4C-A13B-F1DC381CB8E9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D579E3FE-AE7E-476D-86D6-0950C22D90AD}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D57E34F7-4964-4A31-B7FD-82EE88C1F351}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D7130148-0EF2-47BB-BAE8-E31D879E08F1}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D71C4580-C7B1-47CD-8A9C-4C575BE02790}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D8DC06AF-7BC3-460D-9C7E-A4594FA453DF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D93A719B-39C7-44B5-9450-D70045169D75}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{DDA4185E-AACE-4554-8BD8-6410B066E315}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{DF0CC8C4-AC0E-432D-83E0-FE5D1C60DBBB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E083908B-BD7D-414D-A96B-5D3345593181}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E42D4E52-3FE9-41D3-A7AF-13B664C75DDC}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E46C7038-E23E-4310-889F-04050999876E}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E4C503B1-56BE-4A06-812D-748718247ACF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{ED51BFC0-F800-4201-87D3-9F2559679037}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EDF57AF7-8A46-4735-98F3-AE96B3BAF6C5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EE54BA06-C150-4BF3-B3F3-D156767FBA12}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EEA25A88-7BCC-46CA-BF20-B85EBA1CEEB2}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F2B8FCF4-73EA-4D12-AAFE-72909AFBA0A4}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F2EAA98F-F182-4F5C-B38E-A371BB0BDCF1}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F5270989-F4C2-469D-A107-AE3192A21E85}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F95EE953-EA40-4277-9D5A-C5D2DD7118A7}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FA7B5E21-57B6-4527-8863-6221854EDAA6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FC65300A-DC43-4D86-B153-E59CF6E74216}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FD98D4FF-3371-4F27-9EC4-9A790A589A26}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42}
DeleteKey: HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1
DeleteKey: HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7f5aebd9-3d48-43be-abca-0aefd286c4cd}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a7583d7e-f1b5-415b-8021-f63aef937dd1}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{00A9855C-9193-44D7-B206-5AC035147E44}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{70C69E3F-6EBD-4914-B480-859A52042FF4}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{798C273C-9B95-405C-9226-A18BFCA068B3}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0992644-B7E0-41BE-A279-8F9564303169}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B}
DeleteKey: HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector.1
DeleteKey: HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076c037f-c081-4fd9-a82a-fd4f00a419e9}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0a7ef307-3a60-4970-a10d-f5b729a3e669}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{387abd54-5e83-4e03-b020-6a6e5eafe1f4}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A0368956-D0FA-4F97-BA34-0B4AC5331EEE}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cf580322-4320-4755-b65d-7d27ee5baf5b}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}
Reboot:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!









Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Alt 21.02.2017, 20:54   #14
heinzwetten
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2017
durchgeführt von Heinz Ingenillem (21-02-2017 20:45:34) Run:2
Gestartet von C:\Users\Heinz Ingenillem\Desktop
Geladene Profile: Heinz Ingenillem & _ocster_backup_ & DefaultAppPool &  (Verfügbare Profile: Heinz Ingenillem & _ocster_backup_ & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Users\Heinz Ingenillem\Downloads\Classic Shell - CHIP-Installer.exe.vir
DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{d5a1d22b-9e17-454f-8ecd-83c578fb3983}
DeleteKey: HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector.1
DeleteKey: HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{00A9855C-9193-44D7-B206-5AC035147E44}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{039CF632-1F0F-437F-B48F-051E92E70980}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{15D6A7F5-0A22-4CE0-BA41-54BB5F62C02F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{2FDB59A0-4024-4CED-94CF-B01E217DE4E5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{30884828-9192-4B42-956C-75717FF8766D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{30AE6757-B1D4-4CD5-8FEC-A9B6A545EF64}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{32BD8BA2-EBB8-4131-A771-4FF3DDE7FEF8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{367DFE4B-7078-41FE-B1DD-6A6318C7DFF9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{37B204F8-CD97-409B-BDBF-41C0EC0DFF24}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{38C1B7DA-9876-4DEA-B740-19C4F57CE8E8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3B3CA1AE-28B7-4D93-82C0-0B424E22B4F0}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3C8E293A-99C8-45E1-93A3-77DAB6BB7928}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{446BBEE0-5506-48F4-B0FC-01B35D887DE8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{516434A0-985D-4312-843C-C92B3E19FC2D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{65267FD2-5B4E-48F7-A918-8E2697AEBB39}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{69470931-F756-4CF7-A02C-A701C2B1F453}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6D32BB6F-7969-48BF-836A-C14CDFC72D72}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6E1CC883-54EB-47D3-96BC-B586CB8C2BD9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{6E3D1C6D-690C-4108-ADEE-A61DD73F1F41}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{76745572-7E46-4795-9BFF-38EEDB8ADE5A}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7AA25D2F-B798-4050-BD09-640EEDC774A8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7AFA5495-6C01-4BB8-AE21-C3BD6AB2F17C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8098DA46-D5D4-4FE5-82E8-9915FD5F4870}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{80D8F301-753E-4552-A349-4C4D7A0F5831}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{82069639-C517-4207-AB3F-8A3022B1D595}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{89202E29-EEA2-451E-A6A0-205D32C6762F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{89E881AC-8277-4EEB-81CB-FA23453FE835}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8D453B92-39B9-49D3-8265-263ECCF0B9C3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A0C2126B-5729-45CD-8F45-D549DF4D50D8}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A126B97A-C84F-40EE-B9D0-1276892A879E}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A1448C6E-0452-4550-B852-A1CE666D4907}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{A93A372A-0AD5-4939-A228-7F4152124EA6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AA01DD23-7B56-483E-9655-0613D0FC7479}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AC73709C-65EF-462E-A665-D893C2655BA3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AE8842CE-166D-49AC-A455-97E1E9F4FB09}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{AF48FD80-B19A-4589-A8B5-0F3C9922BC8C}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B25A203C-23F4-4332-8C3E-C9F5B2573F7D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B47151A4-CF8B-4481-A41A-BCF127431C01}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B6395E0E-3DB2-40F8-94D8-DA605C52BCA5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B721505E-F0C2-45E9-A0EB-D4EA951B4263}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{CAF2DE16-C6A0-41F9-9859-1557D7FA2C95}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{CC58604C-3BD5-4D3F-B391-4F6DA0B387D3}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{CCA39EF6-65F5-4FB1-9210-1F3C4ABBD39B}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D0992644-B7E0-41BE-A279-8F9564303169}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D4C6D911-00C3-4B4C-A13B-F1DC381CB8E9}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D579E3FE-AE7E-476D-86D6-0950C22D90AD}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D57E34F7-4964-4A31-B7FD-82EE88C1F351}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D7130148-0EF2-47BB-BAE8-E31D879E08F1}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D71C4580-C7B1-47CD-8A9C-4C575BE02790}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D8DC06AF-7BC3-460D-9C7E-A4594FA453DF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D93A719B-39C7-44B5-9450-D70045169D75}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{DDA4185E-AACE-4554-8BD8-6410B066E315}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{DF0CC8C4-AC0E-432D-83E0-FE5D1C60DBBB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E083908B-BD7D-414D-A96B-5D3345593181}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E42D4E52-3FE9-41D3-A7AF-13B664C75DDC}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E46C7038-E23E-4310-889F-04050999876E}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E4C503B1-56BE-4A06-812D-748718247ACF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{ED51BFC0-F800-4201-87D3-9F2559679037}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EDF57AF7-8A46-4735-98F3-AE96B3BAF6C5}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EE54BA06-C150-4BF3-B3F3-D156767FBA12}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EEA25A88-7BCC-46CA-BF20-B85EBA1CEEB2}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F2B8FCF4-73EA-4D12-AAFE-72909AFBA0A4}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F2EAA98F-F182-4F5C-B38E-A371BB0BDCF1}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F5270989-F4C2-469D-A107-AE3192A21E85}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{F95EE953-EA40-4277-9D5A-C5D2DD7118A7}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FA7B5E21-57B6-4527-8863-6221854EDAA6}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FC65300A-DC43-4D86-B153-E59CF6E74216}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FD98D4FF-3371-4F27-9EC4-9A790A589A26}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42}
DeleteKey: HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1
DeleteKey: HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B}
DeleteKey: HKLM\SOFTWARE\Classes\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7f5aebd9-3d48-43be-abca-0aefd286c4cd}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a7583d7e-f1b5-415b-8021-f63aef937dd1}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{00A9855C-9193-44D7-B206-5AC035147E44}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{70C69E3F-6EBD-4914-B480-859A52042FF4}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{798C273C-9B95-405C-9226-A18BFCA068B3}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0992644-B7E0-41BE-A279-8F9564303169}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B}
DeleteKey: HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B}
DeleteKey: HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector.1
DeleteKey: HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076c037f-c081-4fd9-a82a-fd4f00a419e9}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0a7ef307-3a60-4970-a10d-f5b729a3e669}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{387abd54-5e83-4e03-b020-6a6e5eafe1f4}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A0368956-D0FA-4F97-BA34-0B4AC5331EEE}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cf580322-4320-4755-b65d-7d27ee5baf5b}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19}
DeleteKey: HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}
Reboot:
end
*****************

Prozesse erfolgreich geschlossen.
C:\Users\Heinz Ingenillem\Downloads\Classic Shell - CHIP-Installer.exe.vir => erfolgreich verschoben
HKLM\SOFTWARE\Classes\CLSID\{d5a1d22b-9e17-454f-8ecd-83c578fb3983} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector.1 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\FilmFanatic.ToolbarProtector => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{00A9855C-9193-44D7-B206-5AC035147E44} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{039CF632-1F0F-437F-B48F-051E92E70980} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{0A3A3A48-06BF-464E-B43F-D773259AD9C3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{15D6A7F5-0A22-4CE0-BA41-54BB5F62C02F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{1BE14FE1-3175-4324-A77B-33FE5CB7A6ED} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{2BAC1F62-5FD8-43A6-A213-48CEC8E58172} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{2FDB59A0-4024-4CED-94CF-B01E217DE4E5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{30884828-9192-4B42-956C-75717FF8766D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{30AE6757-B1D4-4CD5-8FEC-A9B6A545EF64} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{32BD8BA2-EBB8-4131-A771-4FF3DDE7FEF8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{367DFE4B-7078-41FE-B1DD-6A6318C7DFF9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{37B204F8-CD97-409B-BDBF-41C0EC0DFF24} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{38C1B7DA-9876-4DEA-B740-19C4F57CE8E8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{3B3CA1AE-28B7-4D93-82C0-0B424E22B4F0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{3C8E293A-99C8-45E1-93A3-77DAB6BB7928} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{446BBEE0-5506-48F4-B0FC-01B35D887DE8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{4A8CE0E0-739D-418A-A236-E6555449AD78} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{4BC4F393-2C30-43DE-A988-7DE5068012A6} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{516434A0-985D-4312-843C-C92B3E19FC2D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{5442736B-E379-4668-AC30-7F39B3581875} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{65267FD2-5B4E-48F7-A918-8E2697AEBB39} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{667C8B81-0B61-48F6-B7B9-60AA8242E6DF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{69470931-F756-4CF7-A02C-A701C2B1F453} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{6D32BB6F-7969-48BF-836A-C14CDFC72D72} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{6E1CC883-54EB-47D3-96BC-B586CB8C2BD9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{6E3D1C6D-690C-4108-ADEE-A61DD73F1F41} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{70BD58F8-B097-4C58-8E2E-0C1FB9719F73} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{76745572-7E46-4795-9BFF-38EEDB8ADE5A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{7AA25D2F-B798-4050-BD09-640EEDC774A8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{7AFA5495-6C01-4BB8-AE21-C3BD6AB2F17C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{7F4213DE-5338-46E9-A61B-D9A63A8513E3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8098DA46-D5D4-4FE5-82E8-9915FD5F4870} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{80D8F301-753E-4552-A349-4C4D7A0F5831} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{82069639-C517-4207-AB3F-8A3022B1D595} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{89202E29-EEA2-451E-A6A0-205D32C6762F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{89E881AC-8277-4EEB-81CB-FA23453FE835} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8D453B92-39B9-49D3-8265-263ECCF0B9C3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{8E505161-C877-49F5-82CA-D2FF0B72862C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A0C2126B-5729-45CD-8F45-D549DF4D50D8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A126B97A-C84F-40EE-B9D0-1276892A879E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A1448C6E-0452-4550-B852-A1CE666D4907} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A492E40A-865C-435F-B4A8-DC62DB312387} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{A93A372A-0AD5-4939-A228-7F4152124EA6} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{AA01DD23-7B56-483E-9655-0613D0FC7479} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{AC73709C-65EF-462E-A665-D893C2655BA3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{AE8842CE-166D-49AC-A455-97E1E9F4FB09} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{AF48FD80-B19A-4589-A8B5-0F3C9922BC8C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B25A203C-23F4-4332-8C3E-C9F5B2573F7D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B47151A4-CF8B-4481-A41A-BCF127431C01} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B6395E0E-3DB2-40F8-94D8-DA605C52BCA5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B693EEE5-7B41-43A0-B579-C246CA7BAA0F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B721505E-F0C2-45E9-A0EB-D4EA951B4263} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{CAF2DE16-C6A0-41F9-9859-1557D7FA2C95} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{CC58604C-3BD5-4D3F-B391-4F6DA0B387D3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{CCA39EF6-65F5-4FB1-9210-1F3C4ABBD39B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D0992644-B7E0-41BE-A279-8F9564303169} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D3062CC1-B8A4-4FDF-8E7F-6BECE6270D34} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D4C6D911-00C3-4B4C-A13B-F1DC381CB8E9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D579E3FE-AE7E-476D-86D6-0950C22D90AD} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D57E34F7-4964-4A31-B7FD-82EE88C1F351} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D7130148-0EF2-47BB-BAE8-E31D879E08F1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D71C4580-C7B1-47CD-8A9C-4C575BE02790} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D8DC06AF-7BC3-460D-9C7E-A4594FA453DF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D93A719B-39C7-44B5-9450-D70045169D75} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{DDA4185E-AACE-4554-8BD8-6410B066E315} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{DF0CC8C4-AC0E-432D-83E0-FE5D1C60DBBB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E083908B-BD7D-414D-A96B-5D3345593181} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E42D4E52-3FE9-41D3-A7AF-13B664C75DDC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E46C7038-E23E-4310-889F-04050999876E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E4C503B1-56BE-4A06-812D-748718247ACF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{ED51BFC0-F800-4201-87D3-9F2559679037} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{EDF57AF7-8A46-4735-98F3-AE96B3BAF6C5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{EE54BA06-C150-4BF3-B3F3-D156767FBA12} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{EEA25A88-7BCC-46CA-BF20-B85EBA1CEEB2} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F13A0006-F3A9-4778-B8F1-6BD167475531} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F2B8FCF4-73EA-4D12-AAFE-72909AFBA0A4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F2EAA98F-F182-4F5C-B38E-A371BB0BDCF1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F5270989-F4C2-469D-A107-AE3192A21E85} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{F95EE953-EA40-4277-9D5A-C5D2DD7118A7} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{FA7B5E21-57B6-4527-8863-6221854EDAA6} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{FC65300A-DC43-4D86-B153-E59CF6E74216} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{FD98D4FF-3371-4F27-9EC4-9A790A589A26} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7f5aebd9-3d48-43be-abca-0aefd286c4cd} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{a7583d7e-f1b5-415b-8021-f63aef937dd1} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{00A9855C-9193-44D7-B206-5AC035147E44} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{080F0B03-F21C-4599-B34D-98EA1A659682} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{09FCCCDF-D597-4EF2-911E-5747B5AF15AB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{6E1F6E4C-428A-4403-B679-0952A11CB00A} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{70C69E3F-6EBD-4914-B480-859A52042FF4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{798C273C-9B95-405C-9226-A18BFCA068B3} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B303F6F-194B-460C-81FF-AE07FC446330} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{8B67C587-044B-495B-BF90-FA5C453D63B8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9993B0BF-72D6-46D9-9379-C90A5BAB2AA8} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{9E194E76-9CB9-45F3-A86F-D53E0AE37084} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{A6DFB3FE-37A3-42DF-A78E-AF7D1C06C914} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{B4FC3CF6-CC37-4865-84A9-3790A4E38A9D} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{BEFDD60B-F72D-4C89-B960-2F64B78705D0} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0992644-B7E0-41BE-A279-8F9564303169} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{D0F8D775-B0F5-4BC5-A1EB-7445A26C33A4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{E42D5803-945F-4D66-B855-7C84E98E6704} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{EFC1A7AF-D31D-4AAD-AFA5-3A37176A5FDB} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F2A6E838-3C59-4841-A00C-A0BAB65BA3CC} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{F8EC9AFC-C3F1-460C-B82D-EC084D8A80EF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\Interface\{FFB72BDE-8AE9-4E03-962B-439EC6EC8D42} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{2DE39074-FB8E-488C-BFDA-86018A9688EC} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{58C502E5-3FFA-4225-8B62-F033B28DD205} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{684A0F47-547A-4865-AADB-B6CE4A4B1C85} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{D4BD6801-D4E0-49A8-8EE8-43F478DB49DE} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{E725EA2F-DDBB-4C4B-8FE8-C6C23233685E} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F468F270-9A1B-44C5-BA76-81CC0C29680B} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\WOW6432Node\TypeLib\{F9C17917-8FEA-4E6C-A669-7D798763B63B} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector.1 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076c037f-c081-4fd9-a82a-fd4f00a419e9} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0a7ef307-3a60-4970-a10d-f5b729a3e669} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{387abd54-5e83-4e03-b020-6a6e5eafe1f4} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A0368956-D0FA-4F97-BA34-0B4AC5331EEE} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{cf580322-4320-4755-b65d-7d27ee5baf5b} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{eafe8ae2-593d-4535-8919-0f4e7a4eebe3} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02212017020052901\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{076C037F-C081-4FD9-A82A-FD4F00A419E9} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{387ABD54-5E83-4E03-B020-6A6E5EAFE1F4} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D5A1D22B-9E17-454F-8ECD-83C578FB3983} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAFE8AE2-593D-4535-8919-0F4E7A4EEBE3} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015\SOFTWARE\Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{796b75f6-6187-47e2-8f1f-c16e059e6e19} => Schlüssel nicht gefunden. 
HKU\S-1-5-21-3457901039-3679683318-3372754741-1015_Classes\Wow6432Node\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef} => Schlüssel nicht gefunden. 


Das System musste neu gestartet werden.

==== Ende von Fixlog 20:45:41 ====
         

Alt 21.02.2017, 20:55   #15
M-K-D-B
/// TB-Ausbilder
 
Online Pay GmbH zip datei geöffnet ! Trojaner ? - Standard

Online Pay GmbH zip datei geöffnet ! Trojaner ?



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß
M-K-D-B


==========================================================
offline vom 22.12.2018 bis 01.01.2019
==========================================================

Das Trojaner-Board unterstützen

Antwort

Themen zu Online Pay GmbH zip datei geöffnet ! Trojaner ?
avira, bedrohung, brauche, datei, emailprogramm, firewall, firma, format, helft, melde, online, online pay, online pay gmbh trojaner, rechner, sofort, troja, trojaner, trojaner ?, überprüft, zip datei, zip datei geöffnet, ältere



Ähnliche Themen: Online Pay GmbH zip datei geöffnet ! Trojaner ?


  1. Trojaner-Mail von DirectPay24 GmbH, Zip-Anhang geöffnet
    Plagegeister aller Art und deren Bekämpfung - 25.11.2016 (7)
  2. Zip-Datei aus Anhang der Online Pay GmbH auf Mac geöffnet
    Alles rund um Mac OSX & Linux - 14.11.2016 (7)
  3. Verdächtige PDF-Datei geöffnet - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2016 (12)
  4. Mail & Media AG Email -> zip geöffnet -> Trojaner im Online Banking?
    Plagegeister aller Art und deren Bekämpfung - 25.05.2016 (38)
  5. GiroPay24 GmbH mit kompletter Adresse und Telefonnummer, ZIP geöffnet
    Plagegeister aller Art und deren Bekämpfung - 27.04.2016 (4)
  6. Online Pay 24 GmbH Mail geöffnet und am Pc/(iphone) entzippt
    Log-Analyse und Auswertung - 18.04.2016 (17)
  7. Dhl Pdf Datei geöffnet...Trojaner eingefangen?
    Log-Analyse und Auswertung - 09.06.2015 (5)
  8. Zip datei mit I Phone geöffnet- Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2015 (3)
  9. Trojaner im zip-Ordner von Directpay GmbH via Mail geöffnet und ausgeführt
    Log-Analyse und Auswertung - 20.04.2015 (11)
  10. Falsche paypal Mahnung geöffnet, Zip Datei mit Trojaner geöffnet, Avira hat Trojaner gefunden, Ist dann alles sauber?
    Log-Analyse und Auswertung - 18.09.2014 (13)
  11. Windows 8.1 32bit Email der Anwalt Ebay GmbH Anhang geöffnet -> Trojaner?
    Log-Analyse und Auswertung - 09.07.2014 (13)
  12. Zip Datei geöffnet - anschließend Fehlermeldung Outlook & T-Online: 550 5.7.1 Send quota exceeded
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (3)
  13. E-Mail von Media Center GmbH - Abo 39€ - E-Mail, nicht Anhang geöffnet, Antivirenprogramm meldet sich.
    Plagegeister aller Art und deren Bekämpfung - 24.04.2014 (5)
  14. Vikin Mahnung Online GmbH Trojaner auch über HTC möglich?
    Log-Analyse und Auswertung - 16.06.2013 (1)
  15. mydirtyhobby-gmbh ....anhang aus spam-mail geöffnet
    Plagegeister aller Art und deren Bekämpfung - 24.04.2013 (29)
  16. Groupon-EMail mit Trojaner-zip-Datei geöffnet
    Log-Analyse und Auswertung - 08.04.2013 (8)
  17. Datei geöffnet, nun Trojaner?
    Log-Analyse und Auswertung - 03.03.2006 (6)

Zum Thema Online Pay GmbH zip datei geöffnet ! Trojaner ? - Hallo. Ich bin leider älteren Baujahrs. Ich habe über mein Emailprogramm eine email der Firma Online Pay GmbH mit einem Rechnungsanhang im zip. format bekommen. Ich war erschrocken.Ich öffnete den - Online Pay GmbH zip datei geöffnet ! Trojaner ?...
Archiv
Du betrachtest: Online Pay GmbH zip datei geöffnet ! Trojaner ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.