Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.02.2017, 10:52   #1
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Hallo,

ich bin mit meinem Latein etwas am Ende. Mein System zeigt folgende Probleme:

Symptome:
- opera & chrome srpingen auf werbeseiten, google leitet auf rambler um.
- NPE scans ständig mit fehlercode 0x8,n44 etc.

Ich versuchte zenaman, hitman-pro - und diverse andere, doch alle zeigen keinen Infekt an.
Das Rücksetzen von Browser-Daten brachte ebenfalls keinerlei Erfolge

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
durchgeführt von Martin Zenker (Administrator) auf MZ_YOGA_1 (23-02-2017 10:34:44)
Gestartet von C:\Users\mzenk_000\Downloads
Geladene Profile: Martin Zenker & alex_000 & DefaultAppPool (Verfügbare Profile: Martin Zenker & alex_000 & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Opera)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Windows\System32\3DPrintService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(MakerBot) C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Windows\runSW.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek) C:\Windows\SwUSB.exe
(Cybereason) C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(3Dconnexion) C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3dxpiemenus.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Syntek Ltd.) C:\Windows\STK03N\STK03NM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Flexera Software, Inc.) C:\Users\mzenk_000\AppData\Local\Temp\{4DDCB862-DCD6-4709-8D9A-D6F603C15D75}\ISBEW64.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111488 2013-10-14] (Intel Corporation)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-11-29] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-11-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-11-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo App Shop] => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687520 2015-08-25] (Sony Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10571776 2016-01-27] (SecureMix LLC)
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\RunOnce: [Uninstall C:\Users\mzenk_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\mzenk_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2012-11-29]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\STK03N PNP Monitor.lnk [2016-04-28]
ShortcutTarget: STK03N PNP Monitor.lnk -> C:\Windows\STK03N\STK03NM.exe (Syntek Ltd.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0dd36eb5-52b8-4a5d-b81f-f88aa9196f2c}: [DhcpNameServer] 80.146.165.25 46.16.220.98
Tcpip\..\Interfaces\{9979bf27-3ead-48b3-ba74-c5efe434be04}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e082b941-bea0-4502-90fa-1a5edca624bb}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/?type=888596&fr=spigot-yhp-ie
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {8A3FF90B-A977-47EC-9633-3E2C2D312AFD} URL = 
SearchScopes: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001 -> {8A3FF90B-A977-47EC-9633-3E2C2D312AFD} URL = 
SearchScopes: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014 -> {8A3FF90B-A977-47EC-9633-3E2C2D312AFD} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-02] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-02] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {F0C2A0FA-C11A-4B67-84ED-D62E95008822} hxxp://192.168.1.254/IPCConfig.exe

FireFox:
========
FF DefaultProfile: 1q2jlbpz.default
FF ProfilePath: C:\Users\mzenk_000\AppData\Roaming\CLIQZ\Profiles\1q2jlbpz.default [2016-12-08]
FF Extension: (Cliqz) - C:\Users\mzenk_000\AppData\Roaming\CLIQZ\Profiles\1q2jlbpz.default\Extensions\cliqz@cliqz.com.xpi [2016-11-15] [ist nicht signiert]
FF Extension: (HTTPS Everywhere) - C:\Program Files (x86)\CLIQZ\browser\features\https-everywhere@cliqz.com.xpi [2016-11-15] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-02] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: ChromeWebPlugin -> C:\Program Files (x86)\WebControl\npGS_ChromePlugins.dll [Keine Datei]
FF Plugin-x32: FireFoxWebPlugin -> C:\Program Files (x86)\WebControl\npGS_Plugins.dll [Keine Datei]
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2015-03-11] ()
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2015-03-11] ()
FF Plugin-x32: Sony Corporation/PMCADownloader -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\npPMCADownloader.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderHelper -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderHelper.exe [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin-x32: Sony Corporation/PMCADownloaderLib -> C:\ProgramData\Sony Corporation\PMCADownloader\1.1.1975.475\PMCADownloaderLib.dll [2012-10-17] (Sony Network Entertainment International LLC)
FF Plugin HKU\.DEFAULT: ipc.com/ipc -> C:\Program Files (x86)\RegIPCPlugin\IPCPlugin\npipc.dll [2013-07-25] (IPC)
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: ajvision.com/webconfig -> C:\WINDOWS\system32\WEBConfig2\npwebconfig.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: ipc.com/ipc -> C:\Program Files (x86)\RegIPCPlugin\IPCPlugin\npipc.dll [2013-07-25] (IPC)
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1001: tpsee.com/ipcctrl -> C:\WINDOWS\system32\IPCConfigV2\npipcctrl.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1014: ajvision.com/webconfig -> C:\windows\system32\WEBConfig2\npwebconfig.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2553620308-2587970361-2745048916-1014: tpsee.com/ipcctrl -> C:\windows\system32\IPCConfigV2\npipcctrl.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Google Präsentationen) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-22]
CHR Extension: (Google Docs) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-22]
CHR Extension: (Google Drive) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-22]
CHR Extension: (YouTube) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-22]
CHR Extension: (Google Tabellen) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-22]
CHR Extension: (Google Mail) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-22]
CHR Extension: (Chrome Media Router) - C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-22]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-02-16]

Opera: 
=======
OPR Extension: (Adguard Werbeblocker) - C:\Users\mzenk_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-01-12]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 3DPrintService; C:\windows\system32\3DPrintService.exe [181752 2015-02-05] ()
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-09-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
S3 CliqzMaintenance; C:\Program Files (x86)\Cliqz Maintenance Service\maintenanceservice.exe [175392 2016-11-15] (Cliqz GmbH)
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [18368 2017-01-12] (Cybereason)
S2 debugregsvc; C:\WINDOWS\System32\debugregsvc.dll [29184 2016-07-15] (Microsoft Corporation)
S3 DeveloperToolsService; C:\WINDOWS\System32\DeveloperToolsSvc.exe [104448 2016-07-15] (Microsoft Corporation)
S2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115656 2013-10-14] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [118728 2013-10-14] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124904 2013-10-14] (Intel Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [Datei ist nicht signiert]
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8915968 2016-01-27] (SecureMix LLC)
S2 HitmanPro37CrusaderBoot; C:\Users\mzenk_000\Downloads\hitmanpro_x64 (1).exe [11581544 2017-02-22] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [17408 2016-09-14] (Microsoft Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584664 2015-12-14] (LENOVO INCORPORATED.)
R2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [85504 2016-08-19] (MakerBot) [Datei ist nicht signiert]
R2 Mgl3DCtlrRPCService; C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\Mgl3DCtlrRPCService.exe [57856 2014-11-13] (3Dconnexion) [Datei ist nicht signiert]
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [227680 2011-08-12] ()
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [25088 2016-03-04] (The OpenVPN Project) [Datei ist nicht signiert]
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496160 2015-08-25] (Sony Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-02-22] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [89880 2016-09-30] (Reason Software Company Inc.)
R2 RunSwUSB; C:\Windows\runSW.exe [44104 2013-05-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 SshBroker; C:\WINDOWS\System32\SshBroker.dll [360960 2016-12-21] (Microsoft Corporation)
R3 SshProxy; C:\WINDOWS\System32\SshProxy.dll [275456 2016-12-21] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] () [Datei ist nicht signiert]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WebManagement; C:\WINDOWS\system32\WebManagement.exe [1000448 2016-09-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 3dxhid; C:\WINDOWS\System32\drivers\3dxhid.sys [38672 2014-11-07] (3Dconnexion SAM)
S3 AX88179; C:\WINDOWS\System32\drivers\ax88179_178a.sys [74240 2016-07-16] (ASIX Electronics Corp.)
S3 DCamUSBSTK03N; C:\WINDOWS\system32\DRIVERS\STK03NW2.sys [113288 2010-01-05] (Syntek Ltd.)
S3 DCamUSBSTK03N; C:\Windows\SysWOW64\DRIVERS\STK03NW2.sys [108544 2010-01-05] (Syntek Ltd.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-14] (Intel Corporation)
S3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [290256 2013-10-14] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494808 2013-10-14] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2016-02-26] (Intel Corporation)
R3 DUBE100B; C:\WINDOWS\System32\drivers\DUBE100B.sys [49152 2013-10-23] (D-Link Corporation)
S3 ewusbnet; C:\WINDOWS\System32\drivers\ewusbnet.sys [415232 2011-10-18] (Huawei Technologies Co., Ltd.)
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R2 hardlock; C:\windows\system32\drivers\hardlock.sys [331328 2013-08-01] (SafeNet Inc.)
R4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-22] ()
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 KMJHidMini; C:\WINDOWS\System32\drivers\3dxkmj.sys [18944 2013-10-08] (3Dconnextion Inc.)
R3 KMJShim; C:\WINDOWS\System32\drivers\3dxshim.sys [7168 2013-10-08] (3Dconnextion Inc.)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [52832 2013-12-05] (hxxp://libusb-win32.sourceforge.net)
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2013-12-04] (hxxp://libusb-win32.sourceforge.net)
S3 MakerBotUsbFilter; C:\WINDOWS\system32\DRIVERS\MakerBotUsbFilter.sys [18712 2013-11-12] ()
S3 MS3dPrintUSB; C:\WINDOWS\system32\DRIVERS\MS3DPrintUSB.sys [24072 2015-02-05] ()
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [Datei ist nicht signiert]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\System32\drivers\NPF.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 prwntdrv; C:\WINDOWS\system32\prwntdrv.sys [16776 2010-08-25] () [Datei ist nicht signiert]
S3 prwntdrv; C:\WINDOWS\SysWOW64\prwntdrv.sys [13704 2010-08-25] () [Datei ist nicht signiert]
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [624456 2015-07-07] (Realtek Semiconductor Corporation)
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [422656 2016-03-09] (Realsil Semiconductor Corporation)
R3 SaiK1705; C:\WINDOWS\system32\DRIVERS\SaiK1705.sys [180584 2012-09-20] (Saitek)
R3 SaiMini; C:\WINDOWS\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1705; C:\WINDOWS\System32\drivers\SaiU1705.sys [47208 2012-09-20] (Saitek)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 silabenm; C:\WINDOWS\system32\DRIVERS\silabenm.sys [27336 2013-11-08] (Silicon Laboratories) [Datei ist nicht signiert]
S3 silabser; C:\WINDOWS\system32\DRIVERS\silabser.sys [73216 2013-11-08] (Silicon Laboratories) [Datei ist nicht signiert]
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [772480 2015-12-25] (Sunplus)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 sxuptp; C:\WINDOWS\System32\drivers\sxuptp.sys [310496 2014-06-17] (silex technology, Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 WLNdis50; C:\WINDOWS\system32\DRIVERS\wlndis50.sys [35840 2014-06-05] ()
R2 WLNdis50; C:\Windows\SysWOW64\DRIVERS\wlndis50.sys [35840 2014-06-05] ()
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-22] (Zemana Ltd.)
U0 aswVmm; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

NETSVC: debugregsvc -> C:\Windows\System32\debugregsvc.dll (Microsoft Corporation)

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-23 10:34 - 2017-02-23 10:35 - 00036932 _____ C:\Users\mzenk_000\Downloads\FRST.txt
2017-02-23 10:34 - 2017-02-23 10:34 - 00000000 ____D C:\FRST
2017-02-23 10:32 - 2017-02-23 10:32 - 02423296 _____ (Farbar) C:\Users\mzenk_000\Downloads\FRST64.exe
2017-02-23 10:29 - 2017-02-23 10:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\NPE
2017-02-23 10:29 - 2017-02-23 10:29 - 03435768 _____ (Symantec Corporation) C:\Users\mzenk_000\Downloads\NPE (1).exe
2017-02-23 10:29 - 2017-02-23 10:29 - 00000000 ____D C:\ProgramData\Norton
2017-02-23 10:26 - 2017-02-23 10:26 - 03435768 _____ (Symantec Corporation) C:\Users\mzenk_000\Downloads\NPE.exe
2017-02-23 10:21 - 2017-02-23 10:21 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-23 10:21 - 2017-02-23 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-23 10:21 - 2017-02-23 10:21 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-23 10:21 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-23 10:13 - 2017-02-23 10:20 - 55566792 _____ (Malwarebytes ) C:\Users\mzenk_000\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-23 09:47 - 2017-02-23 09:47 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-23 09:47 - 2017-02-23 09:47 - 00000424 _____ C:\WINDOWS\system32\bootdelete.lst
2017-02-22 20:39 - 2017-02-22 20:39 - 00000000 _____ C:\Users\mzenk_000\Desktop\Unbenannt.uafi
2017-02-22 18:04 - 2017-02-22 18:04 - 00003642 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityScheduledScan
2017-02-22 18:04 - 2017-02-22 18:04 - 00003510 _____ C:\WINDOWS\System32\Tasks\ReasonSecurityStart
2017-02-22 18:04 - 2017-02-22 18:04 - 00000000 ____D C:\ProgramData\Reason
2017-02-22 18:03 - 2017-02-22 18:03 - 06406240 _____ (Reason Software Company Inc.) C:\Users\mzenk_000\Desktop\reason-core-security-setup.exe
2017-02-22 18:03 - 2017-02-22 18:03 - 00000959 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2017-02-22 18:03 - 2017-02-22 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-02-22 18:03 - 2017-02-22 18:03 - 00000000 ____D C:\Program Files\Reason
2017-02-22 12:42 - 2017-02-22 12:42 - 00000000 __RHD C:\Users\mzenk_000\Desktop\ Cybereason RansomFree
2017-02-22 12:42 - 2017-02-22 12:42 - 00000000 ___HD C:\Users\mzenk_000\Documents\Zibrd
2017-02-22 12:42 - 2017-02-22 12:42 - 00000000 ___HD C:\Users\mzenk_000\Documents\2014-05-3 1KaL
2017-02-22 12:41 - 2017-02-22 12:41 - 00516193 _____ C:\Users\akyDYS\transferred displace painful.xlsx
2017-02-22 12:41 - 2017-02-22 12:41 - 00514358 _____ C:\Users\Q1YXi\sVY.xlsx
2017-02-22 12:41 - 2017-02-22 12:41 - 00220520 _____ C:\Users\akyDYS\viennauprightdirectors.mdb
2017-02-22 12:41 - 2017-02-22 12:41 - 00207408 _____ C:\Users\Q1YXi\prize conflict tidy.mdb
2017-02-22 12:41 - 2017-02-22 12:41 - 00072351 _____ C:\Users\akyDYS\srA1e.xls
2017-02-22 12:41 - 2017-02-22 12:41 - 00061331 _____ C:\Users\Q1YXi\EAJOdDC.xls
2017-02-22 12:41 - 2017-02-22 12:41 - 00053245 _____ C:\Users\Q1YXi\8SUSD1lxZhbG.pem
2017-02-22 12:41 - 2017-02-22 12:41 - 00052457 _____ C:\Users\akyDYS\8z7MF4fqM.pem
2017-02-22 12:41 - 2017-02-22 12:41 - 00035851 _____ C:\Users\Q1YXi\3ZYxLc9.txt
2017-02-22 12:41 - 2017-02-22 12:41 - 00022622 _____ C:\Users\akyDYS\1k0M1.sql
2017-02-22 12:41 - 2017-02-22 12:41 - 00014652 _____ C:\Users\Q1YXi\rise comfort.sql
2017-02-22 12:41 - 2017-02-22 12:41 - 00011363 _____ C:\Users\akyDYS\set.calm.cape.txt
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ___HD C:\Users\Q1YXi
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ___HD C:\Users\akyDYS
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ____D C:\Xpu1Slb
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ____D C:\WINDOWS\Panther
2017-02-22 12:41 - 2017-02-22 12:41 - 00000000 ____D C:\1455aVRZ
2017-02-22 12:40 - 2017-02-23 09:47 - 00000524 _____ C:\WINDOWS\system32\.crusader
2017-02-22 12:27 - 2017-02-22 12:41 - 00054736 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2017-02-22 12:27 - 2017-02-22 12:41 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-22 12:26 - 2017-02-22 12:27 - 11581544 _____ (SurfRight B.V.) C:\Users\mzenk_000\Downloads\hitmanpro_x64 (1).exe
2017-02-22 12:17 - 2017-02-22 12:18 - 00003734 _____ C:\Users\mzenk_000\Desktop\Rkill.txt
2017-02-22 12:02 - 2017-02-23 10:34 - 00674844 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-22 12:02 - 2017-02-23 10:34 - 00645391 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-22 12:02 - 2017-02-22 12:02 - 14449600 _____ (Copyright 2017.) C:\Users\mzenk_000\Downloads\Zemana.AntiMalware.Portable.exe
2017-02-22 12:02 - 2017-02-22 12:02 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-22 12:02 - 2017-02-22 12:02 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-22 12:02 - 2017-02-22 12:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Zemana
2017-02-22 11:54 - 2017-02-22 11:55 - 00316816 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_11.54.43_log.txt
2017-02-22 11:54 - 2017-02-22 11:54 - 04747704 _____ (AO Kaspersky Lab) C:\Users\mzenk_000\Downloads\tdsskiller.exe
2017-02-22 11:42 - 2017-02-22 11:52 - 00002275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-22 11:42 - 2017-02-22 11:52 - 00002263 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-22 11:41 - 2017-02-22 11:41 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\mzenk_000\Downloads\flashplayer24pp_da_install.exe
2017-02-22 10:16 - 2017-02-22 10:18 - 00000000 ____D C:\Users\mzenk_000\Desktop\funk
2017-02-21 16:19 - 2017-02-21 16:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7f26db0a4933127e
2017-02-21 16:16 - 2017-02-21 16:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7012e679b3cdbef1
2017-02-21 14:11 - 2017-02-21 14:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndd822a315bd2fb18
2017-02-21 14:11 - 2017-02-21 14:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndc683d65d21136c8
2017-02-21 14:11 - 2017-02-21 14:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign106a730f97475271
2017-02-21 12:44 - 2017-02-21 12:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign49ae2af517fc5c58
2017-02-21 12:43 - 2017-02-21 12:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc53783aa983d2a83
2017-02-21 11:36 - 2017-02-21 11:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne0769834de9bd005
2017-02-21 11:36 - 2017-02-21 11:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f800e60bde24a70
2017-02-21 11:36 - 2017-02-21 11:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4baf574cc4a8d27d
2017-02-21 11:28 - 2017-02-21 11:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf06cef9267c87ee3
2017-02-21 11:28 - 2017-02-21 11:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4eff38e8db3cf107
2017-02-21 11:27 - 2017-02-21 11:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign56cd0fcb8de5d081
2017-02-21 09:04 - 2017-02-22 18:19 - 00000000 ____D C:\Program Files (x86)\UC
2017-02-21 09:04 - 2017-02-21 09:04 - 00001021 _____ C:\Users\Public\Desktop\UC.lnk
2017-02-21 08:37 - 2017-02-21 08:37 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign363f4652aac7f3f1
2017-02-21 08:36 - 2017-02-21 08:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigncaa405149411c168
2017-02-21 07:45 - 2017-02-21 07:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd2bbff85e07918b4
2017-02-21 07:45 - 2017-02-21 07:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign49aac4c9437b8cee
2017-02-21 07:45 - 2017-02-21 07:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign14020a0f1e77e812
2017-02-21 07:44 - 2017-02-21 07:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne4d9e333266c0b88
2017-02-21 07:44 - 2017-02-21 07:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc17a6ecec7d8bc22
2017-02-21 07:44 - 2017-02-21 07:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna66ffdcdd968ebdf
2017-02-21 07:38 - 2017-02-21 07:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignda063bb2f1289280
2017-02-21 07:38 - 2017-02-21 07:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign58420517735a9b9c
2017-02-21 07:30 - 2017-02-21 07:30 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc16edab1fda1e87b
2017-02-21 07:30 - 2017-02-21 07:30 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9db95f2bec3f014b
2017-02-20 23:32 - 2017-02-20 23:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9667c3bd1b6cad1e
2017-02-20 23:15 - 2017-02-20 23:15 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndcfad7ab9320a176
2017-02-20 23:15 - 2017-02-20 23:15 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignda36507a1f2319d1
2017-02-20 23:14 - 2017-02-20 23:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1e10687bb9d87204
2017-02-20 23:07 - 2017-02-20 23:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc7383a4717f93c60
2017-02-20 23:00 - 2017-02-20 23:00 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign02031925d2895d24
2017-02-20 22:59 - 2017-02-20 22:59 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3a33744224791093
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfed99dc4589e5e3b
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne8637107747c211d
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne10dc75ae43b8142
2017-02-20 22:58 - 2017-02-20 22:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna1f9734973fae393
2017-02-20 16:07 - 2017-02-20 16:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne415bed2d394f8c3
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne19eefa3b0ccf58d
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd96c8a410bf9fe14
2017-02-20 14:38 - 2017-02-20 14:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign126c813ef87c6e51
2017-02-20 14:37 - 2017-02-20 14:37 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndfbc714a83173ccb
2017-02-20 14:33 - 2017-02-20 14:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9c3bd7c420580f53
2017-02-20 14:32 - 2017-02-20 14:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7d73408497e137fb
2017-02-20 14:20 - 2017-02-20 14:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign23f23f622c6519d4
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc97b7c8c81fa117e
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbef781058f15b7f0
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4dde062d9c54892b
2017-02-20 14:19 - 2017-02-20 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1d79ad993129aac8
2017-02-20 12:20 - 2017-02-20 12:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign848c08f209520c73
2017-02-20 12:19 - 2017-02-20 12:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign13d14c53619ffc01
2017-02-20 12:18 - 2017-02-20 12:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfdfcae806561652c
2017-02-20 12:18 - 2017-02-20 12:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne91ae1f7d1eba320
2017-02-20 12:18 - 2017-02-20 12:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4654f58f9857fa60
2017-02-18 11:02 - 2017-02-18 11:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9c0f88bfe9d3dd44
2017-02-18 11:01 - 2017-02-18 11:01 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbaaf037bfd15b1f9
2017-02-18 11:01 - 2017-02-18 11:01 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna058f9c95b1f2dea
2017-02-17 18:05 - 2017-02-17 18:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfde3140021b60f06
2017-02-17 18:04 - 2017-02-17 18:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfbf68b1b6fdf6a5b
2017-02-17 15:22 - 2017-02-17 15:22 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign682f7b41212e439a
2017-02-17 13:41 - 2017-02-17 13:41 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign785bf2dce2060654
2017-02-17 11:34 - 2017-02-17 11:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf0f68ffbb638e886
2017-02-16 21:13 - 2017-02-16 21:13 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign914ec2e6746d24c9
2017-02-16 18:20 - 2017-02-16 18:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign14cbc91f303a3bde
2017-02-16 17:48 - 2017-02-16 17:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd064987d536e674c
2017-02-16 17:47 - 2017-02-16 17:47 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign26b6e221d997388e
2017-02-16 17:46 - 2017-02-16 17:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc7ff97d410d188aa
2017-02-16 17:46 - 2017-02-16 17:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign10f04a517778d9f7
2017-02-16 17:11 - 2017-02-16 17:11 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc65d73d1631ebcf7
2017-02-16 17:08 - 2017-02-16 17:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf8a832b01eb716c4
2017-02-16 17:08 - 2017-02-16 17:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1f0af582579988c7
2017-02-16 16:45 - 2017-02-16 16:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd159729d576db242
2017-02-16 16:45 - 2017-02-16 16:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign267f25a1a0e684cf
2017-02-16 16:44 - 2017-02-16 16:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfe4d2e52d950ba99
2017-02-16 16:44 - 2017-02-16 16:44 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2425db3c15d81f20
2017-02-16 16:43 - 2017-02-16 16:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb0161fc2dfebc8ec
2017-02-16 16:43 - 2017-02-16 16:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0c7741804853ace2
2017-02-16 16:39 - 2017-02-16 16:39 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3d6b0a09f4fd504d
2017-02-16 16:39 - 2017-02-16 16:39 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0aefc66b401ab0c4
2017-02-16 16:34 - 2017-02-16 16:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignec9ee2589f9991d8
2017-02-16 16:34 - 2017-02-16 16:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign13722565e5571258
2017-02-16 16:33 - 2017-02-16 16:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign985e3b27a09a98e7
2017-02-16 16:33 - 2017-02-16 16:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8333d1dc01829e44
2017-02-16 13:52 - 2017-02-16 13:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne15c34d2558ef35f
2017-02-16 13:52 - 2017-02-16 13:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign97de9fcbf995a9c6
2017-02-16 13:51 - 2017-02-16 13:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign909f476af60b03d0
2017-02-16 13:27 - 2017-02-16 13:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4275ebd056208641
2017-02-16 13:09 - 2017-02-16 13:09 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5beeac0d975285ec
2017-02-16 13:08 - 2017-02-16 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne88afef08fa6a26c
2017-02-16 13:08 - 2017-02-16 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7db61f06c73c131b
2017-02-16 13:07 - 2017-02-16 13:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne802c191006cc720
2017-02-16 13:07 - 2017-02-16 13:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb9fbb28027b3d633
2017-02-16 11:05 - 2017-02-16 11:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4796ddcaf9067c89
2017-02-16 11:04 - 2017-02-16 11:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd938129888ed70b4
2017-02-16 11:04 - 2017-02-16 11:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc0e10d8b85ad6d98
2017-02-16 10:34 - 2017-02-16 10:34 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne842fcc80bf3e4a5
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd8c1d5d9275e0a9a
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign18f18466713053dc
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign06e0e4d367433f97
2017-02-16 10:32 - 2017-02-16 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0608a3c7c57f946a
2017-02-15 17:49 - 2017-02-15 17:49 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignefb7bb002230a3cd
2017-02-15 17:49 - 2017-02-15 17:49 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5bf168b350ada6d8
2017-02-15 16:46 - 2017-02-15 16:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd41d332e8e5e1a62
2017-02-15 16:46 - 2017-02-15 16:46 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2e5d29f566963d38
2017-02-15 15:31 - 2017-02-15 15:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign492baf5f70dcef93
2017-02-15 15:27 - 2017-02-15 15:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign955e2546690217bf
2017-02-15 15:27 - 2017-02-15 15:27 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign32041dcedb3e9835
2017-02-15 15:26 - 2017-02-15 15:26 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd096911b8a1e0486
2017-02-15 15:26 - 2017-02-15 15:26 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign234f1f4ae72fd587
2017-02-15 12:59 - 2017-02-15 12:59 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign6ae67a975ea5b8be
2017-02-15 12:59 - 2017-02-15 12:59 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5ace8c50355aff8a
2017-02-14 15:26 - 2017-02-14 15:26 - 00023157 _____ C:\Users\mzenk_000\Downloads\full-page-navigation.zip
2017-02-14 15:23 - 2017-02-14 15:23 - 00026983 _____ C:\Users\mzenk_000\Downloads\gooey-menu-v1.zip
2017-02-14 15:00 - 2017-02-14 15:00 - 00029436 _____ C:\Users\mzenk_000\Downloads\gooey-menu-v4.zip
2017-02-14 14:55 - 2017-02-14 14:55 - 00029133 _____ C:\Users\mzenk_000\Downloads\angle-nav.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00167479 _____ C:\Users\mzenk_000\Downloads\News-Feed-Free-V2.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00097862 _____ C:\Users\mzenk_000\Downloads\Content-Locker-Free-V2.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00076310 _____ C:\Users\mzenk_000\Downloads\cool-countdownV21.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00035362 _____ C:\Users\mzenk_000\Downloads\Mailchimp-Signup-Form.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00025625 _____ C:\Users\mzenk_000\Downloads\cookie-policy-popup-V3.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00023810 _____ C:\Users\mzenk_000\Downloads\muse-password-protect1.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00023691 _____ C:\Users\mzenk_000\Downloads\HoverAnimationEffects.zip
2017-02-14 13:49 - 2017-02-14 13:49 - 00023416 _____ C:\Users\mzenk_000\Downloads\search-and-replace.zip
2017-02-13 15:35 - 2017-02-13 15:35 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb6f8e8206877e911
2017-02-13 14:28 - 2017-02-13 14:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign56f6d694b2e04b6b
2017-02-13 14:28 - 2017-02-13 14:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign18daaabdfa9a73e9
2017-02-13 14:28 - 2017-02-13 14:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign172abc1b5708c755
2017-02-13 14:19 - 2017-02-13 14:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign384744cf76406df2
2017-02-13 13:29 - 2017-02-13 13:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna11df168643eb5fb
2017-02-13 13:29 - 2017-02-13 13:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2ac49be8ace554af
2017-02-13 10:04 - 2017-02-13 10:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne42b26e018191999
2017-02-13 10:04 - 2017-02-13 10:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb248c61ba1170207
2017-02-13 10:04 - 2017-02-13 10:04 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1142a570deb9672a
2017-02-13 10:02 - 2017-02-13 10:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbe001cddd3ca882f
2017-02-13 10:01 - 2017-02-13 10:01 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignba68d35dc63165c8
2017-02-10 19:05 - 2017-02-13 17:50 - 00038261 _____ C:\Users\mzenk_000\Desktop\Test_PCB.T3001
2017-02-10 19:05 - 2017-02-13 17:50 - 00000000 ____D C:\Users\mzenk_000\Desktop\BackupFiles
2017-02-10 14:12 - 2017-02-10 14:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignaeabc3ee579df135
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf0fa481281a5196a
2017-02-10 14:08 - 2017-02-10 14:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7515249099ccbb32
2017-02-10 10:20 - 2017-02-10 10:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign48ab21c6b95be5d9
2017-02-10 10:20 - 2017-02-10 10:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3384cbd5878901c1
2017-02-10 09:18 - 2017-02-10 09:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V18 discover
2017-02-10 09:18 - 2017-02-10 09:18 - 00000000 ____D C:\ProgramData\Okmbexyj0
2017-02-10 09:17 - 2017-02-10 09:18 - 00000000 ____D C:\Program Files (x86)\ELECTRA
2017-02-10 09:17 - 2017-02-10 09:17 - 00001324 _____ C:\Users\Public\Desktop\Target 3001! V18 discover.lnk
2017-02-10 09:17 - 2017-02-10 09:17 - 00001075 _____ C:\Users\mzenk_000\Desktop\ELECTRA.lnk
2017-02-10 09:17 - 2017-02-10 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V18 discover
2017-02-10 09:17 - 2017-02-10 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ELECTRA
2017-02-10 09:17 - 2017-02-10 09:17 - 00000000 ____D C:\Program Files (x86)\ibf
2017-02-10 09:12 - 2017-02-10 09:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8c71d19af8e569e4
2017-02-10 09:12 - 2017-02-10 09:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7a59ce72730ddca8
2017-02-10 09:12 - 2017-02-10 09:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5048d17ade60ef3a
2017-02-10 08:53 - 2017-02-10 08:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbf59e829652370c9
2017-02-10 08:53 - 2017-02-10 08:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign283e73481bc56a0a
2017-02-10 08:53 - 2017-02-10 08:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign11c9b47200ec4070
2017-02-09 14:02 - 2017-02-09 14:02 - 00394252 _____ C:\Users\mzenk_000\Desktop\170209_01_OF-NBB_N.pdf
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignf59a1d730f094f39
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndcd87cbf3b53f024
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna9f8fb0bf2a339e3
2017-02-09 12:58 - 2017-02-09 12:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign98b93d005594c566
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna9347c0ec9f8d6e7
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign737a376c1362f98d
2017-02-09 12:57 - 2017-02-09 12:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5c1258d0053196f5
2017-02-09 12:17 - 2017-02-09 12:17 - 03060834 _____ C:\Users\mzenk_000\Downloads\170207_video_userart.pdf
2017-02-09 12:16 - 2017-02-09 12:16 - 07530944 _____ C:\Users\mzenk_000\Downloads\A4_pricing (1).pdf
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9856dcc15a1603ec
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f2d1d882eeed158
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign187b2b4ad4340a8e
2017-02-09 11:16 - 2017-02-09 11:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign06464810f4c0df2a
2017-02-09 10:41 - 2017-02-09 11:24 - 00387203 _____ C:\Users\mzenk_000\Desktop\170208_01_OF-EDK_CCB.pdf
2017-02-07 18:49 - 2017-02-07 18:49 - 00000000 ____D C:\Users\mzenk_000\Desktop\fritz
2017-02-07 18:48 - 2017-02-07 18:48 - 50293250 _____ C:\Users\mzenk_000\Downloads\fritzing.0.9.2b.32.pc.zip
2017-02-07 18:45 - 2017-02-07 18:45 - 00000000 ____D C:\Users\mzenk_000\Desktop\fritzing.0.9.3b.64.pc
2017-02-07 18:31 - 2017-02-07 18:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign97121c07a75f8c52
2017-02-07 18:31 - 2017-02-07 18:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign88c1733fb2770e04
2017-02-07 18:31 - 2017-02-07 18:31 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f09ad5c76a753f5
2017-02-07 18:06 - 2017-02-07 18:42 - 00000000 ____D C:\Users\mzenk_000\Downloads\fritzing.0.9.3b.64.pc
2017-02-07 17:20 - 2017-02-07 17:20 - 03060834 _____ C:\Users\mzenk_000\Desktop\170207_video_userart.pdf
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd1f6318c9d1600bc
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignbaaad3e3d6784574
2017-02-07 16:51 - 2017-02-07 16:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignaec88454634c9105
2017-02-07 12:09 - 2017-02-07 12:10 - 04009061 _____ C:\Users\mzenk_000\Downloads\Reolink-Client-Windows-v7.1.2.44.zip
2017-02-06 12:25 - 2017-02-06 12:25 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign53641ec6fdc715eb
2017-02-06 12:14 - 2017-02-06 12:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign4f9d40a5c17806e6
2017-02-06 12:14 - 2017-02-06 12:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign06b388432c15f36f
2017-02-06 12:12 - 2017-02-06 12:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb97eb56002ecbdf2
2017-02-06 12:12 - 2017-02-06 12:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign6db7dce2268c1653
2017-02-06 12:12 - 2017-02-06 12:12 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign57d2c35bd783b793
2017-02-05 13:11 - 2017-02-05 13:11 - 36193624 _____ C:\Users\mzenk_000\Desktop\hz.7z
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigncd3e28d3e309604f
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignc38f5e4111fd38dd
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7816e8e04de038af
2017-02-05 13:08 - 2017-02-05 13:08 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5ed70d4e258b8ad9
2017-02-05 13:05 - 2017-02-05 13:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd10a608de7703ed0
2017-02-05 13:05 - 2017-02-05 13:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9a522224ce47b2de
2017-02-05 13:05 - 2017-02-05 13:05 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign24999d1b2762cbfd
2017-02-05 13:00 - 2017-02-05 13:43 - 00000000 ____D C:\Users\mzenk_000\Desktop\hz
2017-02-05 12:55 - 2017-02-05 12:55 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign98b038aa59773bc5
2017-02-05 12:55 - 2017-02-05 12:55 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign986829465dc8b451
2017-02-05 12:55 - 2017-02-05 12:55 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign66b2c2ff01014dfe
2017-02-03 10:48 - 2017-02-03 10:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne71557b37b948fe0
2017-02-03 10:48 - 2017-02-03 10:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8e71485dc7e2836d
2017-02-03 10:48 - 2017-02-03 10:48 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2c5fd137c97afcc6
2017-02-02 18:16 - 2017-02-02 18:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignff1a577bd8dfce30
2017-02-02 13:51 - 2017-02-02 13:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigncfb76ba3b86d0f05
2017-02-02 13:51 - 2017-02-02 13:51 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign3c101241f5775b14
2017-02-02 11:32 - 2017-02-02 11:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign47b3c8d3a537346b
2017-02-02 10:36 - 2017-02-02 10:36 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna9238eb19aa5dd68
2017-02-02 10:35 - 2017-02-02 10:35 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign42ec664478d58e11
2017-02-02 10:35 - 2017-02-02 10:35 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign2106d3a2cdbe11e8
2017-02-02 10:04 - 2017-02-02 14:51 - 03188713 _____ C:\Users\mzenk_000\Desktop\test4.pdf
2017-02-02 09:14 - 2017-02-02 09:14 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1e5eaef36b1ad4bc
2017-02-02 09:06 - 2017-02-02 09:06 - 02965745 _____ C:\Users\mzenk_000\Desktop\newDesign_test.psd
2017-02-02 08:28 - 2017-02-02 08:28 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2 (3).pdf
2017-02-01 19:48 - 2017-02-01 19:48 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2 (2).pdf
2017-02-01 19:47 - 2017-02-01 19:47 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2 (1).pdf
2017-02-01 19:45 - 2017-02-01 19:45 - 03004084 _____ C:\Users\mzenk_000\Downloads\test2.pdf
2017-02-01 19:33 - 2017-02-01 19:33 - 03004084 _____ C:\Users\mzenk_000\Desktop\test2.pdf
2017-02-01 18:53 - 2017-02-01 18:53 - 02992213 _____ C:\Users\mzenk_000\Desktop\test.pdf
2017-02-01 18:26 - 2017-02-01 18:26 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigneafda34b046ec09f
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign952e9cd8a44d7813
2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign14d1df027716a70b
2017-02-01 16:03 - 2017-02-01 16:03 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9148140213c2537b
2017-02-01 16:03 - 2017-02-01 16:03 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8e82a863e603aedf
2017-02-01 15:18 - 2017-02-01 15:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignace09b0a7f52a7c3
2017-02-01 10:33 - 2017-02-01 10:33 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign59940190a9e2853f
2017-02-01 10:32 - 2017-02-01 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9953110cc371eed4
2017-02-01 10:32 - 2017-02-01 10:32 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1006db2fc981619d
2017-01-31 17:53 - 2017-01-31 17:53 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne575d59ab15779ab
2017-01-31 17:28 - 2017-01-31 17:28 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignfe91425c6bd6027f
2017-01-31 17:18 - 2017-01-31 17:18 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign98586aa3c9734a36
2017-01-31 17:16 - 2017-01-31 17:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign10e97d07a757b601
2017-01-30 19:21 - 2017-01-30 19:21 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign8b3c826f78683fd5
2017-01-30 19:20 - 2017-01-30 19:20 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign9c31088370a4d7e5
2017-01-30 19:11 - 2017-01-30 19:11 - 00007987 _____ C:\Users\mzenk_000\Desktop\_DSC9265.xmp
2017-01-30 18:58 - 2017-01-30 18:58 - 00007983 _____ C:\Users\mzenk_000\Desktop\_DSC9263.xmp
2017-01-30 18:58 - 2017-01-30 18:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb2def6a33deb50d4
2017-01-30 17:41 - 2017-01-30 17:41 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignd929c642b92d88fa
2017-01-30 17:41 - 2017-01-30 17:41 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna4214f993abfeae1
2017-01-28 11:58 - 2017-01-28 11:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigna685ba46f4e27a65
2017-01-28 11:58 - 2017-01-28 11:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign164608d3b2e25485
2017-01-28 11:58 - 2017-01-28 11:58 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign0b68d206c35efcfa
2017-01-28 11:57 - 2017-01-28 11:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigne4126ea7a9335e56
2017-01-28 11:57 - 2017-01-28 11:57 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsignb674af7d755830ea
2017-01-25 12:04 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 12:04 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 16:16 - 2017-01-24 16:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign6fde0984c2759ff9
2017-01-24 16:16 - 2017-01-24 16:16 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign168b33ba7f6aea81
2017-01-24 15:30 - 2017-01-24 15:30 - 00001032 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2017.lnk
2017-01-24 15:29 - 2017-01-24 15:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign7b6a5ea10806c973
2017-01-24 15:29 - 2017-01-24 15:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign5fa4f1f0a76deb83
2017-01-24 15:29 - 2017-01-24 15:29 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign1304b1a1720d4cda
2017-01-24 15:19 - 2017-01-24 15:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsigndd4c16ce0ed3f0f3
2017-01-24 15:19 - 2017-01-24 15:19 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Tempzxpsign97e7956eb4a47c28

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-23 10:35 - 2015-11-19 17:23 - 00000000 ____D C:\ProgramData\Tenable
2017-02-23 10:21 - 2016-04-01 12:34 - 00000000 ____D C:\Users\mzenk_000\Documents\Visual Studio 2015
2017-02-23 10:21 - 2015-07-01 14:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-23 10:20 - 2015-07-01 14:22 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2017-02-23 09:54 - 2016-09-14 13:17 - 00000000 ____D C:\Users\mzenk_000
2017-02-23 09:16 - 2016-09-14 13:14 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-23 07:02 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 07:02 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 02:00 - 2013-02-12 10:02 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Adobe
2017-02-22 20:48 - 2014-03-25 12:21 - 00000600 _____ C:\Users\mzenk_000\AppData\Local\PUTTY.RND
2017-02-22 18:25 - 2016-09-14 13:16 - 00000000 ____D C:\ProgramData\Razer
2017-02-22 18:25 - 2013-02-26 17:38 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Razer
2017-02-22 18:24 - 2016-09-14 13:16 - 00000000 ____D C:\Program Files (x86)\Razer
2017-02-22 18:22 - 2012-11-29 08:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-22 18:21 - 2016-09-14 13:56 - 00003738 _____ C:\WINDOWS\System32\Tasks\DriverMaxAgent
2017-02-22 18:17 - 2016-04-01 09:32 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2017-02-22 18:17 - 2015-07-29 11:46 - 00000000 ____D C:\Program Files (x86)\Bitcoin
2017-02-22 12:47 - 2016-09-14 13:17 - 04547644 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 12:47 - 2016-07-16 23:51 - 02073388 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-22 12:47 - 2016-07-16 23:51 - 00544078 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-22 12:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-02-22 12:41 - 2016-11-15 10:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-22 12:41 - 2016-09-14 13:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 12:41 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-22 12:41 - 2015-11-19 17:23 - 00001024 _____ C:\.rnd
2017-02-22 12:41 - 2015-11-04 10:57 - 00000946 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-22 12:13 - 2016-09-14 14:02 - 00000306 __RSH C:\Users\mzenk_000\ntuser.pol
2017-02-22 12:13 - 2013-11-21 13:33 - 00000306 __RSH C:\ProgramData\ntuser.pol
2017-02-22 12:08 - 2013-04-06 22:23 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Google
2017-02-22 11:55 - 2014-09-06 19:24 - 00817796 _____ C:\Users\mzenk_000\Documents\MuseLog.txt
2017-02-22 11:47 - 2016-09-14 13:56 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-22 11:47 - 2016-09-14 13:56 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-22 11:42 - 2016-09-14 13:56 - 00004086 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-22 11:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-22 11:42 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 11:42 - 2013-04-06 22:23 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-22 10:31 - 2014-09-06 18:33 - 00000000 ____D C:\Users\mzenk_000\Desktop\userart
2017-02-22 09:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 10:11 - 2013-01-17 12:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Local\Packages
2017-02-21 09:04 - 2017-01-08 12:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC
2017-02-21 07:45 - 2016-05-11 09:07 - 00000033 _____ C:\Users\mzenk_000\AppData\Roaming\AdobeWLCMCache.dat
2017-02-20 18:25 - 2013-02-28 11:43 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\MakerBot
2017-02-15 15:41 - 2013-01-17 12:52 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\Adobe
2017-02-13 10:01 - 2016-05-10 15:42 - 00000000 ___RD C:\Users\mzenk_000\Creative Cloud Files
2017-02-13 10:01 - 2014-02-13 09:56 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-10 09:18 - 2013-09-13 22:07 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\ibf
2017-02-09 12:26 - 2016-11-03 12:05 - 00003976 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1478171135
2017-02-09 12:26 - 2016-11-03 12:05 - 00001131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-09 12:26 - 2014-03-11 14:25 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-07 17:59 - 2015-03-06 12:22 - 00000000 ____D C:\Users\mzenk_000\AppData\Roaming\Fritzing
2017-02-06 20:48 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 18:26 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-06 16:45 - 2016-12-14 09:25 - 00001365 _____ C:\Users\mzenk_000\Desktop\Neues Textdokument (2).txt
2017-01-31 15:58 - 2016-12-08 15:22 - 00000000 ____D C:\Users\mzenk_000\Desktop\sales
2017-01-30 20:10 - 2016-11-22 19:28 - 00008256 _____ C:\Users\mzenk_000\Desktop\_DSC9255.xmp
2017-01-27 13:13 - 2013-04-25 11:31 - 00000000 ____D C:\Users\mzenk_000\Desktop\private
2017-01-26 18:42 - 2016-12-12 15:59 - 00000013 _____ C:\Users\mzenk_000\Desktop\karl.txt
2017-01-25 18:43 - 2017-01-17 11:17 - 00000000 ____D C:\Users\mzenk_000\Desktop\ste_edit
2017-01-24 16:16 - 2017-01-11 18:53 - 00000000 ____D C:\Users\mzenk_000\Documents\MobaXterm
2017-01-24 15:30 - 2013-02-12 10:45 - 00000000 ____D C:\Program Files\Adobe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2013-01-17 12:53 - 2013-01-19 10:33 - 0002347 _____ () C:\Users\mzenk_000\AppData\Roaming\AbsoluteReminder.xml
2013-10-06 10:56 - 2013-10-06 10:56 - 0000132 _____ () C:\Users\mzenk_000\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2014-10-15 07:59 - 2015-01-29 12:34 - 0000132 _____ () C:\Users\mzenk_000\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2016-05-11 09:07 - 2017-02-21 07:45 - 0000033 _____ () C:\Users\mzenk_000\AppData\Roaming\AdobeWLCMCache.dat
2013-02-26 17:52 - 2013-02-26 19:36 - 0001846 _____ () C:\Users\mzenk_000\AppData\Roaming\EliseProfile0.dat
2013-02-26 19:35 - 2013-02-26 19:36 - 0001820 _____ () C:\Users\mzenk_000\AppData\Roaming\EliseProfile1.dat
2015-12-19 19:13 - 2016-04-13 12:23 - 0000600 _____ () C:\Users\mzenk_000\AppData\Roaming\PUTTY.RND
2013-10-06 10:32 - 2013-10-06 10:32 - 0000000 _____ () C:\Users\mzenk_000\AppData\Roaming\sdsce.dll
2013-10-06 10:35 - 2013-10-06 10:35 - 0000000 _____ () C:\Users\mzenk_000\AppData\Roaming\systkr32.dll
2014-03-19 11:33 - 2014-12-12 09:28 - 0000600 _____ () C:\Users\mzenk_000\AppData\Roaming\winscp.rnd
2013-02-13 17:31 - 2016-05-06 08:48 - 0001456 _____ () C:\Users\mzenk_000\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2013-01-17 12:52 - 2016-03-03 12:26 - 0067415 _____ () C:\Users\mzenk_000\AppData\Local\BTServer.log
2014-01-15 13:32 - 2014-01-15 13:32 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\CFHDMNOQAIGPKHIHSRKO.75956.blb
2013-02-26 17:47 - 2013-02-26 17:47 - 0007875 _____ () C:\Users\mzenk_000\AppData\Local\CleanupUninstall.txt
2014-01-25 18:10 - 2014-01-25 18:10 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\CLNTFNCJIMJFDSTBSCHS.5108.blb
2013-12-18 15:28 - 2013-12-18 15:28 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\EFHHTCHONLPNPHRFQANH.30860.blb
2014-01-25 17:27 - 2014-01-25 17:27 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\FPISCFKGEBANHRLFIGGT.5108.blb
2013-12-18 16:44 - 2013-12-18 16:44 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\GBCTOPGKTCGSHDMETAJG.16708.blb
2014-01-25 15:52 - 2014-01-25 15:52 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\HFSSDHRKCHOFPQJHIOHJ.5108.blb
2014-01-15 12:50 - 2014-01-15 12:50 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\LTRMABHCTOJCOQEMCERM.75956.blb
2013-12-18 17:24 - 2013-12-18 17:24 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\NQNKIDCARMBCCFPMHNCI.15028.blb
2013-01-18 09:03 - 2013-07-17 13:09 - 0000008 ____H () C:\Users\mzenk_000\AppData\Local\pcdit.dat
2014-03-25 12:21 - 2017-02-22 20:48 - 0000600 _____ () C:\Users\mzenk_000\AppData\Local\PUTTY.RND
2015-01-15 16:11 - 2015-01-15 16:11 - 0000218 _____ () C:\Users\mzenk_000\AppData\Local\recently-used.xbel
2013-02-18 21:57 - 2013-11-04 12:44 - 0000369 _____ () C:\Users\mzenk_000\AppData\Local\RegisteredPackageInformation.xml
2013-10-30 10:43 - 2013-10-30 10:43 - 0000017 _____ () C:\Users\mzenk_000\AppData\Local\resmon.resmoncfg
2014-01-18 15:59 - 2014-01-18 15:59 - 0000144 _____ () C:\Users\mzenk_000\AppData\Local\RTHHCLTGFPJAKJKLANID.900792.blb
2013-11-11 12:22 - 2013-11-11 12:22 - 0000331 _____ () C:\Users\mzenk_000\AppData\Local\RunFromPB.rtfxoptions
2016-09-14 13:14 - 2016-09-14 13:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-01-18 09:02 - 2013-01-18 09:02 - 0000036 _____ () C:\ProgramData\InstallAlibre.config
2013-12-18 15:13 - 2013-12-18 15:13 - 0000090 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-20 12:57

==================== Ende von FRST.txt ============================
         

Beste Grüße

Alt 23.02.2017, 10:54   #2
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



addition.txt 1/2
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-02-2017
durchgeführt von Martin Zenker (23-02-2017 10:35:53)
Gestartet von C:\Users\mzenk_000\Downloads
Windows 10 Pro Version 1607 (X64) (2016-09-14 13:02:34)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2553620308-2587970361-2745048916-500 - Administrator - Disabled)
alex_000 (S-1-5-21-2553620308-2587970361-2745048916-1014 - Limited - Enabled) => C:\Users\alex_000
DefaultAccount (S-1-5-21-2553620308-2587970361-2745048916-503 - Limited - Disabled)
Gast (S-1-5-21-2553620308-2587970361-2745048916-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2553620308-2587970361-2745048916-1009 - Limited - Enabled)
Martin Zenker (S-1-5-21-2553620308-2587970361-2745048916-1001 - Administrator - Enabled) => C:\Users\mzenk_000

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

3Dconnexion 3DxWare 10 (64-bit) (HKLM-x32\...\{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}) (Version: 10.2.0 - 3Dconnexion)
3Dconnexion 3DxWinCore (Version: 17.2.0.11011 - 3Dconnexion) Hidden
3Dconnexion Add-In for AutoCAD (Version: 5.0.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for Inventor 11 - 2015 (Version: 2.1.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for Solid Edge V18 - ST7 (Version: 3.2.0 - 3Dconnexion) Hidden
3Dconnexion Add-In for SolidWorks 2005 - 2015 (Version: 3.2.0 - 3Dconnexion) Hidden
3Dconnexion Add-On for XSI v5.0 - 2015 (Version: 3.0.3 - 3Dconnexion) Hidden
3Dconnexion Collage (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Extension for SketchUp (Version: 4.1.0 - 3Dconnexion) Hidden
3Dconnexion LCD Applets for SpacePilot Pro (Version: 1.3.3 - 3Dconnexion) Hidden
3Dconnexion Plug-In for 3ds Max 2008 - 2015 (Version: 6.1.0 - 3Dconnexion) Hidden
3Dconnexion Plug-in for Acrobat 3D (x32 Version: 1.3.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Maya v8.5 - 2015 (Version: 5.1.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for NX v4.0 - v10.0 (Version: 3.2.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Photoshop CS3 - CS6 and CC (Version: 2.4.0 - 3Dconnexion) Hidden
3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 3.0 (Version: 2.2.0 - 3Dconnexion) Hidden
3Dconnexion Trainer (x32 Version: 3.2.2 - 3Dconnexion) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Active Directory Authentication Library für SQL Server (Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Active Directory Authentication Library für SQL Server (x86) (x32 Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Edge Animate CC 2015 (HKLM-x32\...\{92AC6B8F-F962-11E4-867D-81149C0292DF}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Edge Code Preview 3 (HKLM-x32\...\{DEDC5560-EC63-4FCE-A1A1-671326862C2B}) (Version: 0.20 - Adobe Systems Incorporated)
Adobe Edge Inspect (HKLM-x32\...\{D830EE30-BF0C-42B7-A13C-927A379353ED}) (Version: 1.0.388 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM\...\{8452F686-0D9B-4450-B723-FCD0582B02C3}) (Version: 0.51.17178 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2017 (HKLM-x32\...\IDSN_12_0_0) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Muse CC 2017 (HKLM-x32\...\MUSE_2017_0_1) (Version: 2017.0.1.13 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.19) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5-r2 - Arduino LLC)
AX88179_AX88178A Windows 8.1 Drivers (HKLM-x32\...\InstallShield_{23CD4583-326F-40FC-A9AA-5A48EA066C16}) (Version: 2.0.1.0 - ASIX Electronics Corporation)
AX88179_AX88178A Windows 8.1 Drivers (x32 Version: 2.0.1.0 - ASIX Electronics Corporation) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitcoin (HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\Bitcoin Core (64-bit)) (Version: 0.10.0 - Bitcoin Core project)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blue Iris 4 (HKLM-x32\...\{24DBFE51-243F-4538-BB28-2FD7EC8E7F16}) (Version: 4.3.0.15 - Perspective Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.30501 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Canon iX4000 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iX4000) (Version:  - )
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CLIQZ 1.8.0 (x86 de) (HKLM-x32\...\CLIQZ 1.8.0 (x86 de)) (Version: 1.8.0 - Cliqz GmbH)
Cliqz Maintenance Service (HKLM-x32\...\CliqzMaintenanceService) (Version: 1.8.0.6141 - Cliqz GmbH)
CMake (HKLM\...\{72DA7A62-0082-4E68-A6FB-52B9A1141C7C}) (Version: 3.7.1 - Kitware)
Complemento do Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Complemento Microsoft Report Viewer para Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Compon. agg. Microsoft Report Viewer per Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Corel Graphics Suite 11 (x32 Version: 11 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 11 (HKLM-x32\...\InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}) (Version: 11 - Corel Corporation)
Cybereason RansomFree 2.2.1.0 (HKLM-x32\...\{F802A027-422D-4C7A-9A02-41886A633794}) (Version: 2.2.1.0 - Cybereason Inc.)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.38.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.30.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (x32 Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Devenv-Ressourcen für Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 6.1 - DiskInternals Research)
D-Link Powerline AV Utility (HKLM-x32\...\D-Link Powerline AV Utility) (Version: 1.0.0.0 - D-Link Corporation.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack 5.19.1 de-DE (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
EaseUS Partition Recovery 5.6.1 (HKLM-x32\...\EaseUS Partition Recovery_is1) (Version:  - EaseUS)
EGR-ShellExtension (HKLM-x32\...\EGR-ShellExtension) (Version: 1.2.0.101 - EasternGraphics)
ELECTRA Demo 5.10 (HKLM-x32\...\ELECTRA_is1) (Version:  - KONEKT)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Entity Framework 6.1.0 Tools  for Visual Studio 2013 (HKLM-x32\...\{D4635FB4-434D-4663-A4C8-CFC00FA9D24E}) (Version: 12.0.30228.0 - Microsoft Corporation)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Erforderliche Komponenten für SSDT RC0 (HKLM-x32\...\{837FF5F6-F0CB-4C80-B003-65B14F1490FE}) (Version: 13.0.1100.286 - Microsoft Corporation)
Gemeinsam genutzte Microsoft Azure-Komponenten für Visual Studio 2015 Sprachpaket (DEU) - v1.7 (x32 Version: 1.7.40113.5 - Microsoft Corporation) Hidden
GeoVision ADPCM (HKLM-x32\...\GeoADPCM) (Version:  - )
GeoVision Audio (HKLM-x32\...\GeoAudio) (Version:  - )
GeoVision H264 (HKLM-x32\...\Codec_264) (Version:  - )
GeoVision JPEG (HKLM-x32\...\Codec_jpeg) (Version:  - )
GeoVision MJPG (HKLM-x32\...\Codec_MJPG) (Version:  - )
GeoVision MPEG2 (HKLM-x32\...\Codec_mp2) (Version:  - )
GeoVision MPEG4 (HKLM-x32\...\GEOXCodec) (Version:  - )
GeoVision MPEG4 ASP (HKLM-x32\...\Codec_amp4) (Version:  - )
GeoVision MPEG4 AVC (HKLM-x32\...\Codec_AVC) (Version:  - )
GeoVision MXPG (HKLM-x32\...\Codec_MXPG) (Version:  - )
GetFoldersize 2.5.24 (HKLM-x32\...\GetFoldersize_is1) (Version: 2.5.24 - Michael Thummerer Software Design)
Git version 2.7.0 (HKLM\...\Git_is1) (Version: 2.7.0 - The Git Development Community)
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.41 - SecureMix LLC)
GNU Tools for ARM Embedded Processors 5.4 2016 (remove only) (HKLM-x32\...\GNU Tools for ARM Embedded Processors 5.4 2016) (Version: 5.4 2016q3 - ARM Holdings)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoPro Studio 2.0.0 (HKLM-x32\...\GoPro Studio) (Version: 2.0.0 - WoodmanLabs Inc. d.b.a. GoPro)
GSurf_Pro_V2 (HKLM-x32\...\GSurf_Pro_V2) (Version: 1.0.2.11 - Grandstream)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}.KB947789) (Version: 1 - Microsoft Corporation)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2106 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IP Camera (HKLM-x32\...\IP Camera) (Version:  - )
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
IsoBuster 3.6 (HKLM-x32\...\IsoBuster_is1) (Version: 3.6 - Smart Projects)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
K-Lite Codec Pack 11.9.6 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.6 - KLCP)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.38.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.5.10 - SunplusIT)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
MakerBot_Bundle_BETA_3.10.0.1725_x64 (HKLM-x32\...\MakerBot) (Version: 3.10.0.1725 - MakerBot)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Memory Profiler (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{72CCBEA1-8D57-4981-A337-81019F28C5BA}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Access 2013 - de-de (HKLM\...\AccessRetail - de-de) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Help Viewer 2.2 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.2 Sprachpaket - DEU) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM-x32\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{BDEC3091-D84B-4F70-B1AB-6487354160F4}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{8C76566F-6B51-43FD-A99E-AAA2E9A96918}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{F5E316A6-F894-4DCF-9088-F07E06A1ABFA}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL-Sprachdienst RC0 (HKLM-x32\...\{F5AF6F7A-E0DC-480C-94E3-B5596C9A239F}) (Version: 13.0.12000.52 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (14.0.60311.1) (HKLM-x32\...\{FE4AF448-6FF2-4996-889F-8F07BA88DB59}) (Version: 14.0.60311.1 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects  (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (x64) (HKLM\...\{03CB711D-679E-46ED-851B-C568418CF914}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 T-SQL Language Service  (HKLM-x32\...\{06BE8B71-46C6-434B-869E-85C58EF3120A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2016 Management Objects RC0 (HKLM-x32\...\{029A7000-E652-4D44-88C2-483C9FD345A7}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{64D5BBC6-5270-3711-AA39-31C1087AF4E6}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - DEU (HKLM-x32\...\{987AE03F-234A-3623-BD28-6B31FD1D3AB3}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2015 Tools for Unity (HKLM-x32\...\{5359C5C6-F83D-4E74-9170-F9A68BE1C57F}) (Version: 2.3.0.0 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{0b3e9a26-155d-42c3-aac0-b7571833df38}) (Version: 12.0.30501 - Microsoft Corporation)
Microsoft Visual Studio Professional 2015 mit Update 2 (HKLM-x32\...\{a54fbb28-1ab6-4d34-a4c8-3f122db12b5f}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8343C2D8-09DF-38B3-9D1A-A26148918E45}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 - DEU Language Pack (HKLM-x32\...\{38F74A0E-357B-336C-B614-FE59F4BC62A0}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 - DEU Language Pack (HKLM-x32\...\{96D7B7B6-424F-3A52-8E8D-32CF2615DBD2}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server*2016 RC0 (HKLM\...\{71F2875A-58DC-432F-B959-67B6D928E08F}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server*2016 RC0 (HKLM-x32\...\{D2C7A7B6-719A-4F6A-881A-555B999F82AC}) (Version: 13.0.1100.286 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mit C# erstellte geräteübergreifende Hybrid-Apps - Vorlagen - DEU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MobaXterm (HKLM-x32\...\{7F6E8FAE-C96A-4B24-B59B-A6E035504B26}) (Version: 9.4.0.0 - Mobatek)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.07.00.03 - Huawei Technologies Co.,Ltd)
Module Microsoft Report Viewer pour Visual Studio*2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
MyHarmony (HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.241 - Logitech)
MyHarmony (HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\036a0e4fc6a247ec) (Version: 1.0.1.241 - Logitech)
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
NetSurveillance (HKLM-x32\...\NetSurveillance) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
ONVIF Device Manager v2.2.250 (HKLM-x32\...\{6AC771CF-4EAA-41B7-A398-61A33701E076}) (Version: 2.2.250 - Synesis)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenTFTPServer (HKLM-x32\...\OpenTFTPServer) (Version:  - )
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM-x32\...\{3F514FDC-F0F2-3B99-86D6-F7B3A2679B39}) (Version: 4.5.51209 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6 (Deutsch) (HKLM-x32\...\{FACF2669-E25A-428A-9167-5EEDE741F3B9}) (Version: 4.6.00127 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
pCon.planner STD (HKLM-x32\...\{86480C70-BDAB-4C58-B96E-3FF5469A6979}) (Version: 7.2.0.101 - EasternGraphics)
PidCAInstall7 (x32 Version: 2.0.0.0 - Microsoft) Hidden
PlayMemories Camera Apps Downloader (HKLM-x32\...\{E4B95A36-0EF2-44C6-B939-5B3DBBC34502}) (Version: 1.1.1975.475 - Sony Network Entertainment International LLC)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.00.08250 - Sony Corporation)
PLCUtility (HKLM-x32\...\PLCUtility) (Version: 4.00 - D-Link)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.0.00 - Sony Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.03.0199 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0230 - REALTEK Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.2.0.1 - Reason Software Company Inc.)
RegIPCPlugin (HKLM-x32\...\{A917EBA8-8C3B-4379-9EAD-9EF23F4A100C}) (Version:  - )
Roadkil's Disk Image Version 1.6 (HKLM-x32\...\{2AE21A08-FF8E-44CF-84C7-F5571DBF7360}_is1) (Version:  - Roadkil.Net)
Roslyn Language Services - x86 (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25125 - Microsoft Corporation) Hidden
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.04.00 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16102.12 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16102.12 - Samsung Electronics Co., Ltd.) Hidden
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
STK02N 2.4.1 (HKLM-x32\...\{3F424493-B0F2-43A4-A892-DFA447B2A59D}) (Version: 2.4.1 - Syntek)
STK03N (HKLM-x32\...\{E83CD823-C522-4B71-B10A-E1088B3BD261}) (Version: 1.00.0 - Syntek)
SX Virtual Link (HKLM\...\SX Virtual Link) (Version: 3.13.0 - silex technology, Inc.)
SXi-Q (HKLM-x32\...\{AEA43572-B9C1-41DB-BBB1-613CA519E52E}) (Version: 1.9.7 - YiHiEcigar)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Target 3001! V18 discover (HKLM-x32\...\Target 3001! V18 discover) (Version:  - Ing. Buero FRIEDRICH)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden
Tenable Nessus (x64) (HKLM\...\{B6332D5D-7E18-49AA-8AC5-710952BFBC65}) (Version: 6.5.3.20040 - Tenable Network Security, Inc.)
Tera Term 4.79 (HKLM-x32\...\Tera Term_is1) (Version:  - )
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TFTPUtil GUI Installer (HKLM-x32\...\TFTPUtil) (Version:  - )
TypeScript Power Tool (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.1.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.29.0 - Microsoft Corporation) Hidden
UC_4.8.2 (HKLM-x32\...\UC) (Version: 4.8.2 - UC(China) Co., Ltd. )
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{FD1F398D-BD56-43E6-8E58-707857AC9A8C}) (Version:  - Microsoft)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
version 5.13.415.31/1.0.0.27/3.4.5.11(H1C307WW) (HKLM-x32\...\{4AD4461B-8BD4-4354-805C-E97E7A404906}_is1) (Version:  - Lenovo Group Limited)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.4148 (HKLM-x32\...\{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.6161 (HKLM-x32\...\{E7E58A3A-D9BD-3D4B-9475-AE757454AD82}.vc_x64runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.4148 (HKLM-x32\...\{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148) (Version: 9.0.30729.4148 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.6161 (HKLM-x32\...\{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161) (Version: 9.0.30729.6161 - Microsoft Corporation)
Visual Micro for Arduino (HKLM-x32\...\{FF1DC9D9-DE05-499F-87D8-5B8EDA4F31BD}) (Version: 14.07.1001 - Visual Micro Limited)
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.30729 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{53952792-BF16-300E-ADF2-E7E4367E00CF}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 2 (KB2829760) (HKLM-x32\...\{3c348532-c3bd-4bae-a928-7b555f8c808f}) (Version: 12.0.30501 - Microsoft Corporation)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 DEU Language Pack (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 DEU Language Pack (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17362 - Microsoft Corporation)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\883C04C33C70062A4AD0ED48685D05F25A854C1D) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\ABE36B9BBD00CD433A4454EBCAD52F303406A488) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (04/17/2013 12.1.0.639) (HKLM\...\F7D0B2D70964C65B3EB37A398A0678DB5B355473) (Version: 04/17/2013 12.1.0.639 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (04/17/2013 12.1.0.650) (HKLM\...\4B9440C349A1879E0CA6A584D511B394F5E9AE6A) (Version: 04/17/2013 12.1.0.650 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (04/17/2013 12.1.0.661) (HKLM\...\05189AFD431C84D49E734EB2833DB0889B646528) (Version: 04/17/2013 12.1.0.661 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (06/19/2013 11.5.25.112) (HKLM\...\6A636E7AF8932FAA275E91F5FF49DF4E32C97BD0) (Version: 06/19/2013 11.5.25.112 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (06/19/2013 11.5.25.117) (HKLM\...\723AA4BB670B9AE16430083DC1ADA79FDDB5D1CE) (Version: 06/19/2013 11.5.25.117 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (06/19/2013 11.5.25.121) (HKLM\...\1CBFF36ABF7BD52443A5772968A0F84D22AC802D) (Version: 06/19/2013 11.5.25.121 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.402) (HKLM\...\3C8B9891A89A64A0D43646719EC82184B33C4048) (Version: 10/24/2013 16.31.44.402 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.418) (HKLM\...\D6083E36A9821DF3D9DCA6F80AECCD3CD8411A75) (Version: 10/24/2013 16.31.44.418 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.418) (HKLM\...\E332B90FD0740040DF2D2CC1865C773283836BB6) (Version: 10/24/2013 16.31.44.418 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.434) (HKLM\...\72D0E03AD363F20E1A8A3FCBA6CDCEEB52988168) (Version: 10/24/2013 16.31.44.434 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\1D8A20A244A54F5B2205DA2E74E00AB42CE9C3C3) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\6EFF38D5C9DAEBC02D00EDAC1B0EBFE09DF3CF76) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\703C503DB153791AFD1609E2315BDA63FB883721) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/27/2014 100.1.0.0) (HKLM\...\FB798FEEF8815896BACE053F2CACE979AC7FA12D) (Version: 10/27/2014 100.1.0.0 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (11/20/2012 14.45.00.00) (HKLM\...\1855175F43A2953479DEC4F169B16991615D0F10) (Version: 11/20/2012 14.45.00.00 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (11/20/2012 14.45.00.00) (HKLM\...\996D101F52A0C99A8CEAD78093656B50AC1C8829) (Version: 11/20/2012 14.45.00.00 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (11/20/2012 14.45.00.00) (HKLM\...\B84C6C11C3DFEE0FE60F577DEA45312843F2EE61) (Version: 11/20/2012 14.45.00.00 - MakerBot Industries, LLC)
Windows Embedded Compact 7 (HKLM-x32\...\{A4FF3FC0-A8B3-47c2-8627-CE1D2988D0D8}) (Version: 7.1.2832.0 - Microsoft Corporation)
Windows Embedded Compact 7 ATL Update for Visual Studio 2008 SP1 (HKLM-x32\...\{94EA0C97-9FFB-438F-8291-F571031627ED}) (Version: 7.0.2806 - Microsoft Corporation)
Windows Embedded Silverlight Tools (HKLM-x32\...\{C0E5BD5A-EE0F-4E50-945F-0E12A04A6BDD}) (Version: 3.1.2830.0 - Microsoft Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports  (10/18/2013 6.6.1.0) (HKLM\...\F92C2D6CB4EA0EE558BDF5F8BDD69083DFC62179) (Version: 10/18/2013 6.6.1.0 - Silicon Laboratories)
winpcap-overlook 4.02 (HKLM-x32\...\winpcap-overlook) (Version:  - )
WinSCP 5.5.1 (HKLM-x32\...\winscp3_is1) (Version: 5.5.1 - Martin Prikryl)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
X264 (HKLM-x32\...\Codec_X264) (Version:  - )
XVID (HKLM-x32\...\Codec_XVID) (Version:  - )
Надстройка Microsoft Report Viewer для Visual Studio 2013 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
用于 Visual Studio 2013 的 Microsoft 报告查看器加载项 (x32 Version: 11.1.3411.3 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mzenk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => Keine Datei
CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-2F60296C886A}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{3A9040F8-9292-886D-2AA4-B732BA1816D55}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{D8145022-B776-96F3-1DFF-F2626BCD0B667}\InprocServer32 -> kein Dateipfad
CustomCLSID: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001_Classes\CLSID\{DEDBE4C9-9E87-40C5-B437-9AAB7EB9C667}\InprocServer32 -> C:\Program Files (x86)\EasternGraphics\EGR-ShellExtension\Win64\egr_se.dll (EasternGraphics)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {00F6FBA3-AAE3-4C8B-B532-45B1DB3C2EA1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {032BB088-4AE1-4E6D-90F1-760E90D88658} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {17ABE341-CC6A-4488-8BA3-3244C375493C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {1F0A9AC9-6275-46CA-9620-F5633E35641A} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2016-09-30] (Reason Software Company Inc.)
Task: {20F1A769-972D-48D3-9431-64BD287D424D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {22490418-AA0F-413D-AA5E-7ADDE59E3B85} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {28AF53FC-C7A6-46F2-82A5-61F1554039D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {2FD41E1C-0957-453E-BC1B-0958C88C6307} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {39E45F24-24C8-4F2D-B158-CCD5E904C12E} - System32\Tasks\Opera scheduled Autoupdate 1478171135 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
Task: {3DD9D26D-B3DC-4F17-8304-13A64DF98E41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {474D3576-9519-4726-9E7C-37B51C34ED9E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {4DA11CFB-17B9-4DBA-B3CF-064E5A894230} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {58D2040B-768F-45FE-948C-C24C5D17754C} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-12] (Cybereason)
Task: {5A36AB38-A708-4D5C-BCEE-DEC4847D02D3} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe [2014-11-13] (3Dconnexion, INC)
Task: {5FA73430-D8A7-406A-A7B3-3EBE223B23E1} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe 
Task: {6EA11936-C5DB-42FD-AB01-39150CD0A502} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-12-14] ()
Task: {6ED188E3-1B35-4A1C-974A-23D8FDE25F28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-22] (Google Inc.)
Task: {6F225C6C-8AEE-450C-AA38-72A14E8B0F8D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {7191338D-880B-45C0-A031-82BE0C1722A0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {820016F4-8784-45A2-A88C-2C986E870819} - System32\Tasks\AdobeAAMUpdater-1.0-MZ_Yoga_1-alex => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {875B3CB3-6A2D-46C9-90B5-584E756D6A3D} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2016-09-30] (Reason Software Company Inc.)
Task: {96FC6AEE-593E-4F39-AFA3-E8D9AEBA8814} - System32\Tasks\3DconnexionCreateProcess_3DxSRV.EXE => C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3DxSRV.EXE 
Task: {97EABFEB-3F77-4E21-A6A5-866D02FEA2E6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {994F5CA2-1B37-4B40-9100-7FBF67E01913} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {9ABEFAEA-745A-4A49-8A30-70B62EA31EE8} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe 
Task: {9F45B991-5A99-4D20-81DE-3D6D28AE8D8C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {AE466FD9-213E-420E-AC1C-87799C3ED285} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe 
Task: {B53594F2-71A1-41A0-8613-A7A9991B16EA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {B569D6B1-A701-4624-A796-9F860AE1B330} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {B56B51CF-C7B1-4E58-9C22-906D5A2256CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {BAEEFE9F-545B-42EE-83DC-A588375405BD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {C39696EC-C836-4E8D-931A-5B85A1D3B642} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-22] (Adobe Systems Incorporated)
Task: {C81BBD2D-65D2-47B6-A923-67455ED2AC4B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {C932C14B-E8BA-4AE3-88FD-6C3FFA7C0B4E} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {CDAEC683-DF26-4E89-8662-B56DBA4AC311} - System32\Tasks\DriverMaxAgent => C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe [2016-03-28] (Innovative Solutions)
Task: {D904BFD0-9B51-443D-8EA3-3B76C6F11C6D} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [2017-01-12] (Cybereason)
Task: {DB943FDA-F7F2-4341-B6F1-4DB77DBFCB04} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {EC978F3E-C7F3-43D4-A281-521CF3E70AE9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {F0B86955-8A53-411D-A8CB-CED93B065B25} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {F0CEBD8B-C4FC-46CA-8CA2-5339781FCCCF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe 
Task: {F0DCAA20-1ADC-49B9-9932-7C8F57E801AA} - System32\Tasks\AdobeAAMUpdater-1.0-MZ_Yoga_1-mz => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {FFDBED15-62AB-41BA-A7FB-F34B9AE1B70C} - System32\Tasks\{9874746C-C047-4C01-84AE-BA7157B12DF0} => pcalua.exe -a "C:\Program Files (x86)\BonanzaDeals\uninst.exe" -d "C:\Program Files (x86)\BonanzaDeals"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\mzenk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TARGET 3001! V18 discover\Online Hilfe.lnk -> hxxp://server.ibfriedrich.com/wiki/ibfwikide/index.ph

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 09:30 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-10-07 10:33 - 2011-04-11 06:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2008-06-04 06:53 - 2008-06-04 06:53 - 00027648 _____ () C:\WINDOWS\System32\ssd2cl6.dll
2015-02-05 17:29 - 2015-02-05 17:29 - 00181752 _____ () C:\windows\system32\3DPrintService.exe
2014-03-21 09:55 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-12 07:21 - 2011-08-12 07:21 - 00227680 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-05-08 01:09 - 2016-05-08 01:09 - 00138240 _____ () C:\Program Files\MakerBot\MakerWare\jsoncpp.dll
2016-08-18 19:35 - 2016-08-18 19:35 - 00111616 _____ () C:\Program Files\MakerBot\MakerWare\py27_dlls\_ctypes.pyd
2016-08-18 19:35 - 2016-08-18 19:35 - 00047616 _____ () C:\Program Files\MakerBot\MakerWare\py27_dlls\_socket.pyd
2016-08-18 19:35 - 2016-08-18 19:35 - 01210368 _____ () C:\Program Files\MakerBot\MakerWare\py27_dlls\_ssl.pyd
2016-08-18 19:35 - 2016-08-18 19:35 - 00474624 _____ () C:\Program Files\MakerBot\MakerWare\py27_dlls\_hashlib.pyd
2016-08-18 19:35 - 2016-08-18 19:35 - 00010752 _____ () C:\Program Files\MakerBot\MakerWare\py27_dlls\select.pyd
2016-08-18 19:35 - 2016-08-18 19:35 - 00689664 _____ () C:\Program Files\MakerBot\MakerWare\py27_dlls\unicodedata.pyd
2015-08-19 22:48 - 2015-08-19 22:48 - 02596352 _____ () C:\Program Files\MakerBot\MakerWare\vtkCommon.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 03111424 _____ () C:\Program Files\MakerBot\MakerWare\vtkFiltering.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 05822464 _____ () C:\Program Files\MakerBot\MakerWare\vtkGraphics.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 04569600 _____ () C:\Program Files\MakerBot\MakerWare\vtkIO.dll
2015-08-19 22:46 - 2015-08-19 22:46 - 02572288 _____ () C:\Program Files\MakerBot\MakerWare\opencv_core2410.dll
2015-08-19 22:46 - 2015-08-19 22:46 - 01200640 _____ () C:\Program Files\MakerBot\MakerWare\opencv_calib3d2410.dll
2015-08-19 22:46 - 2015-08-19 22:46 - 02236928 _____ () C:\Program Files\MakerBot\MakerWare\opencv_imgproc2410.dll
2015-08-19 22:46 - 2015-08-19 22:46 - 02413056 _____ () C:\Program Files\MakerBot\MakerWare\opencv_highgui2410.dll
2014-08-06 14:30 - 2014-08-06 14:30 - 00050688 _____ () C:\Program Files\MakerBot\MakerWare\boost_date_time-vc120-mt-1_56.dll
2014-08-06 14:30 - 2014-08-06 14:30 - 00116224 _____ () C:\Program Files\MakerBot\MakerWare\boost_filesystem-vc120-mt-1_56.dll
2014-08-06 14:29 - 2014-08-06 14:29 - 00019456 _____ () C:\Program Files\MakerBot\MakerWare\boost_system-vc120-mt-1_56.dll
2014-08-06 14:30 - 2014-08-06 14:30 - 00100864 _____ () C:\Program Files\MakerBot\MakerWare\boost_thread-vc120-mt-1_56.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00243200 _____ () C:\Program Files\MakerBot\MakerWare\vtksys.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00159232 _____ () C:\Program Files\MakerBot\MakerWare\vtkverdict.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00116736 _____ () C:\Program Files\MakerBot\MakerWare\vtkDICOMParser.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00783360 _____ () C:\Program Files\MakerBot\MakerWare\vtkNetCDF.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00110592 _____ () C:\Program Files\MakerBot\MakerWare\vtkNetCDF_cxx.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00080896 _____ () C:\Program Files\MakerBot\MakerWare\LSDyna.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00611328 _____ () C:\Program Files\MakerBot\MakerWare\vtkmetaio.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00127488 _____ () C:\Program Files\MakerBot\MakerWare\vtkpng.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00065024 _____ () C:\Program Files\MakerBot\MakerWare\vtkzlib.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00141312 _____ () C:\Program Files\MakerBot\MakerWare\vtkjpeg.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00314880 _____ () C:\Program Files\MakerBot\MakerWare\vtktiff.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00128000 _____ () C:\Program Files\MakerBot\MakerWare\vtkexpat.dll
2015-08-19 22:46 - 2015-08-19 22:46 - 00656896 _____ () C:\Program Files\MakerBot\MakerWare\opencv_flann2410.dll
2015-08-19 22:46 - 2015-08-19 22:46 - 00869888 _____ () C:\Program Files\MakerBot\MakerWare\opencv_features2d2410.dll
2014-08-06 14:29 - 2014-08-06 14:29 - 00028672 _____ () C:\Program Files\MakerBot\MakerWare\boost_chrono-vc120-mt-1_56.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 00097280 _____ () C:\Program Files\MakerBot\MakerWare\vtkhdf5_hl.dll
2015-08-19 22:48 - 2015-08-19 22:48 - 02085888 _____ () C:\Program Files\MakerBot\MakerWare\vtkhdf5.dll
2016-05-08 01:23 - 2016-05-08 01:23 - 00107520 _____ () C:\Program Files\MakerBot\MakerWare\tinything.dll
2016-11-28 16:49 - 2013-05-23 15:33 - 00044104 _____ () C:\Windows\runSW.exe
2014-02-25 02:28 - 2014-02-25 02:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2016-12-14 09:30 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-09-14 14:05 - 2016-09-14 14:05 - 00959168 _____ () C:\Users\mzenk_000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-09-14 14:10 - 2016-09-14 14:10 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 11:08 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-22 08:23 - 2017-02-22 08:24 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 08:23 - 2017-02-22 08:24 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 08:23 - 2017-02-22 08:24 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 09:46 - 2017-02-06 09:46 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-14 13:15 - 2010-10-26 11:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2016-11-23 15:30 - 2016-11-23 15:32 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 15:30 - 2016-11-23 15:32 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 08:10 - 2016-06-03 08:12 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 15:30 - 2016-11-23 15:32 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 15:30 - 2016-11-23 15:32 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2017-02-15 08:15 - 2017-02-15 08:15 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-02-22 18:04 - 2017-02-22 18:05 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2017-02-22 18:04 - 2017-02-22 18:05 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2017-01-11 11:08 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 11:08 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:08 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:08 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:08 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-27 08:11 - 2016-01-27 08:11 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2016-04-27 17:21 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-27 17:21 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-27 17:21 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-27 17:21 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-04-27 17:21 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-11-29 08:14 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2017-02-09 12:26 - 2017-02-06 08:41 - 39820376 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_browser.dll
2016-09-14 14:04 - 2016-09-14 14:04 - 00679624 _____ () C:\Users\mzenk_000\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
2017-02-09 12:26 - 2017-02-06 08:41 - 45837912 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_child.dll
2017-02-09 12:26 - 2017-02-09 12:26 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libglesv2.dll
2017-02-09 12:26 - 2017-02-09 12:26 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libegl.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4 [144]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7865 mehr Seiten.

IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\123simsen.com -> www.123simsen.com

Da befinden sich 7865 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2017-02-22 18:05 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

Da befinden sich 4 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: Lenovo System Agent Service => 2
HKLM\...\StartupApproved\StartupFolder: => "CineForm Status.lnk"
HKLM\...\StartupApproved\Run: => "Windows Mobile-based device management"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "yogaserver"
HKLM\...\StartupApproved\Run: => "Zune Launcher"
HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "AirPort Base Station Agent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\StartupApproved\StartupFolder: => "Collector.lnk"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\StartupApproved\StartupFolder: => "TeraTerm Menu.lnk"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\StartupApproved\StartupFolder: => "Collector.lnk"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\StartupApproved\StartupFolder: => "TeraTerm Menu.lnk"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2553620308-2587970361-2745048916-1014\...\StartupApproved\Run: => "Steam"
         
__________________


Alt 23.02.2017, 10:59   #3
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



addition.txt 2/2
Code:
ATTFilter
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{C539866C-1C5D-446E-8164-6F32993EC8BF}C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe
FirewallRules: [TCP Query User{8721FB81-6CB7-414A-BA52-61B44ED0F0A8}C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe
FirewallRules: [UDP Query User{E884B24E-9F94-4327-9EC4-388FB527652B}C:\program files (x86)\synesis\onvif device manager\odm.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.exe
FirewallRules: [TCP Query User{72ECCA77-F5A6-4325-BFDD-EC68C16C6B3F}C:\program files (x86)\synesis\onvif device manager\odm.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.exe
FirewallRules: [UDP Query User{BF521369-CFAE-414D-B1FD-C56A2B731ABF}C:\program files (x86)\opera\36.0.2130.65\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.65\opera.exe
FirewallRules: [TCP Query User{9160B481-BE26-4E08-A735-6ED4E3AA5DB5}C:\program files (x86)\opera\36.0.2130.65\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.65\opera.exe
FirewallRules: [{0B084810-785B-4906-A007-8DC0F16A24FD}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{2BB7C0AA-9E66-4904-9573-0C79B609BF0E}] => (Allow) C:\Program Files (x86)\CLIQZ\CLIQZ.exe
FirewallRules: [{ED34BD1A-1757-43EC-A607-603B799BDA4C}] => (Block) c:\program files (x86)\sony\playmemories home\pmbannounce.exe
FirewallRules: [{F5CDE744-4C39-4517-A1ED-439749279C61}] => (Block) c:\program files (x86)\sony\playmemories home\pmbannounce.exe
FirewallRules: [{2A12746A-86E5-46C8-8DA7-D838088F11E5}] => (Block) c:\program files\lenovo\imcontroller\autoupdate.exe
FirewallRules: [{9E841CFA-586C-451B-95D8-1B00E28709E4}] => (Block) c:\program files\lenovo\imcontroller\autoupdate.exe
FirewallRules: [{396C264A-E4F9-4885-ADCD-FD47836DC47A}] => (Block) c:\program files\lenovo\imcontroller\plugincommunication.exe
FirewallRules: [{3BE35F65-937B-4796-B1EA-7E910F95C589}] => (Block) c:\program files\lenovo\imcontroller\plugincommunication.exe
FirewallRules: [{AED2C004-3BF8-470D-BB10-82F23ED03A39}] => (Block) c:\program files (x86)\opera\36.0.2130.65\opera_autoupdate.exe
FirewallRules: [{9E4A011C-14B7-437A-9EAF-561E420BB2AA}] => (Block) c:\program files (x86)\opera\36.0.2130.65\opera_autoupdate.exe
FirewallRules: [{39949D60-A579-4122-926D-A9CEB81040FD}] => (Allow) C:\Program Files (x86)\MyGoya\KMPFaster\KMPFaster.exe
FirewallRules: [{67FBBA4E-5006-44AA-8400-0141C78BECC8}] => (Allow) C:\Program Files (x86)\MyGoya\KMPFaster\KMPFaster.exe
FirewallRules: [{E063F46C-377B-472D-9A90-6CFF60C6DF7C}] => (Block) c:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe
FirewallRules: [{79E3718E-395A-433D-B2CC-13D410299EDE}] => (Block) c:\program files (x86)\k-lite codec pack\tools\codectweaktool.exe
FirewallRules: [{AE3BCB13-D121-4A5D-9709-0577353DEC07}] => (Block) c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
FirewallRules: [{0167A45A-85BD-4284-ADD4-8BEE67A4B4C2}] => (Block) c:\program files\microsoft office 15\clientx64\officeclicktorun.exe
FirewallRules: [{DE6995EC-DAB9-4851-A861-6B4F733931B7}] => (Block) c:\program files\microsoft office 15\clientx64\officec2rclient.exe
FirewallRules: [{D7C264B5-062A-4BD3-A0ED-BD48D24CEF59}] => (Block) c:\program files\microsoft office 15\clientx64\officec2rclient.exe
FirewallRules: [{D4997677-AD25-4593-B4EA-D76BAA75BD4E}] => (Block) c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
FirewallRules: [{2E485B70-EBB0-4A4D-94F4-F08B71CDFA32}] => (Block) c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
FirewallRules: [{2CA20BA9-9CC2-4538-B208-0F689CDB3F18}] => (Block) c:\windows\winstore\wshost.exe
FirewallRules: [{61A1B717-A6A1-4A5F-95BC-3EFF0AC285A2}] => (Block) c:\windows\winstore\wshost.exe
FirewallRules: [{7C17B9CE-E986-497E-9793-672A5B0B054B}] => (Block) c:\program files (x86)\sony\playmemories home\pmbvolumewatcher.exe
FirewallRules: [{9EB48771-8D0F-45A1-9190-CBA554603A5B}] => (Block) c:\program files (x86)\sony\playmemories home\pmbvolumewatcher.exe
FirewallRules: [{39FAD5C9-3C7D-4EEE-8D79-B644AC790A90}] => (Block) c:\program files (x86)\common files\java\java update\jusched.exe
FirewallRules: [{DF3EF59D-6131-4B2C-BA6C-AC77E7EAA522}] => (Block) c:\program files (x86)\common files\java\java update\jusched.exe
FirewallRules: [{F02350DE-EFA0-4329-A7AE-6826E7DD419F}] => (Block) c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{D7D50AEA-A520-48B0-8D22-53FF73BF282C}] => (Block) c:\program files\bonjour\mdnsresponder.exe
FirewallRules: [{38AF34DB-5DD6-4D48-9A2A-E2619ABD48F1}] => (Block) c:\program files (x86)\common files\apple\internet services\icloudservices.exe
FirewallRules: [{4FB2E70C-24F3-4F3B-8ED6-E15811EB8719}] => (Block) c:\program files (x86)\common files\apple\internet services\icloudservices.exe
FirewallRules: [{719FB62C-842E-4E5E-B8B6-806FE141112D}] => (Block) c:\program files\makerbot\makerware\conveyor-svc.exe
FirewallRules: [{E460303C-738E-4020-8EA2-A80C0242C4FF}] => (Block) c:\program files\makerbot\makerware\conveyor-svc.exe
FirewallRules: [UDP Query User{E6C5D0AA-275A-4471-8B8A-72F935D4C847}C:\program files (x86)\opera\36.0.2130.46\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.46\opera.exe
FirewallRules: [TCP Query User{8BB6D5E9-D864-4F3F-84E2-99E84DF47D4C}C:\program files (x86)\opera\36.0.2130.46\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.46\opera.exe
FirewallRules: [{CCB57AB8-F647-4937-A7D4-11B62A5939C0}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{ABFEFBE4-A684-476D-9920-1363EE50C81A}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [TCP Query User{FA7DB40D-F0A5-4E29-A8AB-52F53FF8ED27}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [UDP Query User{5AD29607-A1B2-430A-864B-A5E1C24B2CB7}C:\program files (x86)\opera\36.0.2130.46\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.46\opera.exe
FirewallRules: [TCP Query User{5FEB770C-54FE-4886-9774-CB88B0909DB0}C:\program files (x86)\opera\36.0.2130.46\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.46\opera.exe
FirewallRules: [UDP Query User{D6034BB6-04D4-4AC1-B5DC-7231F2508CEA}C:\program files (x86)\opera\36.0.2130.32\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.32\opera.exe
FirewallRules: [TCP Query User{E85FFA0B-F32A-4D4D-A4A8-3AB59DC8CBC4}C:\program files (x86)\opera\36.0.2130.32\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.32\opera.exe
FirewallRules: [UDP Query User{F6990F2E-06A5-402F-9F60-C21A52DF41E5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{6A48493C-2214-4141-B181-9E0CBC48D54C}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{4B20DF94-C8C3-429A-9562-C443649D6258}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{B217FB90-3587-4A7E-9EF8-4CC9474EC21C}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{D3A2947E-CC08-4049-9C8D-016F9E9FD631}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{23B52119-BB80-46B8-9DC8-EE7A74E50940}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D7455F74-875C-4133-AC37-7D5CA27C3052}C:\program files (x86)\opera\35.0.2066.92\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.92\opera.exe
FirewallRules: [TCP Query User{3E42264D-3720-4465-B62F-74F54EE6F667}C:\program files (x86)\opera\35.0.2066.92\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.92\opera.exe
FirewallRules: [UDP Query User{7FE8CE38-8BF3-4321-93B4-856EDD1C7B27}C:\opentftpserver\opentftpservermt.exe] => (Allow) C:\opentftpserver\opentftpservermt.exe
FirewallRules: [TCP Query User{97D1E43A-71CE-4B6A-AB5D-552CA41254A5}C:\opentftpserver\opentftpservermt.exe] => (Allow) C:\opentftpserver\opentftpservermt.exe
FirewallRules: [UDP Query User{EA28B243-0BFD-412D-87FA-858CD8E32188}C:\program files (x86)\tftputil\tftputil gui.exe] => (Allow) C:\program files (x86)\tftputil\tftputil gui.exe
FirewallRules: [TCP Query User{B504F6C9-1B9B-46E5-8720-B34283EB1EA4}C:\program files (x86)\tftputil\tftputil gui.exe] => (Allow) C:\program files (x86)\tftputil\tftputil gui.exe
FirewallRules: [UDP Query User{AD1D7CF5-FF66-47F2-B8E5-E9D845E0EA27}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe
FirewallRules: [TCP Query User{147241BC-180A-4630-BDA7-6F540A40731C}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe
FirewallRules: [{880B1D27-CB39-4E78-8750-878CDB12B7E7}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe
FirewallRules: [UDP Query User{6D4A7A57-CA57-4F5E-96F1-4E11FF7C48AA}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{D26E3DC0-BCA3-4328-9156-D2BA6FEE5681}C:\program files (x86)\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files (x86)\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{5A4799E7-CC05-48B3-9C90-75447438894E}C:\program files (x86)\common files\microsoft shared\corecon\5.01\bin\cesvchost.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\corecon\5.01\bin\cesvchost.exe
FirewallRules: [TCP Query User{16123181-B027-4783-A8E0-D67F4BC00419}C:\program files (x86)\common files\microsoft shared\corecon\5.01\bin\cesvchost.exe] => (Allow) C:\program files (x86)\common files\microsoft shared\corecon\5.01\bin\cesvchost.exe
FirewallRules: [UDP Query User{BFDF6221-7DC7-4153-B0BE-1CB1A80040C6}C:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun.exe
FirewallRules: [TCP Query User{A8EB795F-8294-46CC-821A-2202BBFB34B2}C:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{2A78B9CD-3B29-4647-87D1-BD09F4978209}C:\users\mzenk_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mzenk_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{DF0735C0-1280-471F-8650-32BEBD7FB3F6}C:\users\mzenk_000\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mzenk_000\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{6121C3B9-EB25-43A7-9048-216FFFAE646F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{189D70DC-6A2C-49ED-8261-24F11FFC631D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E06FB0CB-5DC8-4985-934B-7DF3063865A3}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [UDP Query User{4978060A-99D8-4B76-A58F-BD94878E069A}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe
FirewallRules: [TCP Query User{E38C2A62-3FA3-4E76-84F6-DF44BCD02C91}C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate\edgeanimate.exe
FirewallRules: [UDP Query User{99534576-E4C7-407D-9E93-D994455EBC56}C:\program files (x86)\adobe\adobe edge animate cc\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc\edgeanimate.exe
FirewallRules: [TCP Query User{3CC2C99D-3B03-47A5-8CEE-5442EAB3CA04}C:\program files (x86)\adobe\adobe edge animate cc\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc\edgeanimate.exe
FirewallRules: [{10634E18-BDBD-42BA-BF2C-D4533C5BA7A7}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Edge Inspect\EdgeInspect.exe
FirewallRules: [UDP Query User{E8EAB8FB-9C36-4AA9-A895-65383C5EDAF4}C:\program files (x86)\winhttrack\winhttrack.exe] => (Allow) C:\program files (x86)\winhttrack\winhttrack.exe
FirewallRules: [TCP Query User{323144B0-E11B-42A5-8C98-768BA463E832}C:\program files (x86)\winhttrack\winhttrack.exe] => (Allow) C:\program files (x86)\winhttrack\winhttrack.exe
FirewallRules: [UDP Query User{466270C7-3E68-4050-A5A1-21281F0031A8}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{A7BD5620-E3C6-4FFF-B03B-B7479D30BBD6}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{60F16F56-C340-43EF-8BDA-91D49EBC9F02}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [TCP Query User{D23221F8-5D84-4473-980E-E9660AE5185A}C:\windows\syswow64\ipcamera.exe] => (Allow) C:\windows\syswow64\ipcamera.exe
FirewallRules: [UDP Query User{8E7E24A4-1CA5-4C5C-B06E-D5B7DF81104D}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{4FBB0959-2DCA-4E96-A194-82E64CDC1C49}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [UDP Query User{DC6C6915-BC36-46C6-8BE9-0EB982536F83}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{6DF30743-4E0D-469A-AD69-635F4943183B}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Allow) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [{F39B402D-602C-46AB-A6A9-60AAC781A82A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{561DCDBB-341D-4937-B75C-2BF176035A2F}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [TCP Query User{BE3AD444-66CF-4A71-98DA-BA9113F4761D}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{99D2923D-49D3-40B1-983B-881AA4E57430}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{124EF397-677F-4D85-8CD5-6C7D8A49FAC3}C:\program files (x86)\bitcoin\daemon\bitcoind.exe] => (Allow) C:\program files (x86)\bitcoin\daemon\bitcoind.exe
FirewallRules: [UDP Query User{FC6E7DB1-F18D-4CF3-A3CB-53D54FA38ACE}C:\program files (x86)\bitcoin\daemon\bitcoind.exe] => (Allow) C:\program files (x86)\bitcoin\daemon\bitcoind.exe
FirewallRules: [{F3804DEA-2B52-47FF-B61B-D6F12A5C6AF8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{BD6D6041-72BC-40E4-868A-3BFA7BD69678}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{FB70A244-34AD-4F08-A834-48CB829F5D4A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{74F6A998-D494-41BF-AA98-91F100501D85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{70B2E9DB-669C-459B-A676-9C2912247362}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{7B3A9D77-DC9A-40C6-B20E-63B46BAEC0B0}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{5DFD160D-AA05-4B55-96A7-E9557939E537}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{53FF7E43-607A-403F-9CEF-6A0F89194897}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [TCP Query User{DF903CF0-B12D-438E-93E3-13520518A04D}C:\users\mzenk_000\desktop\50miner\miners\cgminer\cgminer.exe] => (Allow) C:\users\mzenk_000\desktop\50miner\miners\cgminer\cgminer.exe
FirewallRules: [UDP Query User{C6CC8158-481B-4712-B651-74F42BAAF9EA}C:\users\mzenk_000\desktop\50miner\miners\cgminer\cgminer.exe] => (Allow) C:\users\mzenk_000\desktop\50miner\miners\cgminer\cgminer.exe
FirewallRules: [TCP Query User{F344B30D-0C18-42DC-A3DA-23718126A4CF}C:\program files (x86)\easy miner\bfgminer\bfgminer.exe] => (Allow) C:\program files (x86)\easy miner\bfgminer\bfgminer.exe
FirewallRules: [UDP Query User{DFF6FE3E-4C25-4C16-9845-15342FE9AA65}C:\program files (x86)\easy miner\bfgminer\bfgminer.exe] => (Allow) C:\program files (x86)\easy miner\bfgminer\bfgminer.exe
FirewallRules: [TCP Query User{5AC23E19-398D-4BC6-A77E-A48C3C962F08}C:\cmd_sys\opentftpserver\opentftpservermt.exe] => (Allow) C:\cmd_sys\opentftpserver\opentftpservermt.exe
FirewallRules: [UDP Query User{F8989813-D885-4A3C-8370-FDA9D6A111DA}C:\cmd_sys\opentftpserver\opentftpservermt.exe] => (Allow) C:\cmd_sys\opentftpserver\opentftpservermt.exe
FirewallRules: [TCP Query User{ED4BA71F-94CA-4F2F-AA6F-2B13B5C839B4}C:\program files (x86)\easy miner\cgminer\cgminer-nogpu.exe] => (Allow) C:\program files (x86)\easy miner\cgminer\cgminer-nogpu.exe
FirewallRules: [UDP Query User{C44B16D0-1EB3-4F7C-8E7D-20FF24C868DF}C:\program files (x86)\easy miner\cgminer\cgminer-nogpu.exe] => (Allow) C:\program files (x86)\easy miner\cgminer\cgminer-nogpu.exe
FirewallRules: [TCP Query User{DB5429FA-4771-49C9-818F-51A08F5CC075}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{FDDE1E56-042B-408B-908B-EAD799C4A535}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{0C38AC78-1A21-4FC6-BB72-CFF5DAF31610}C:\cmd_sys\opentftpserver\opentftpservermt.exe] => (Allow) C:\cmd_sys\opentftpserver\opentftpservermt.exe
FirewallRules: [UDP Query User{59D60C2D-4BC9-4A66-B822-A4993CCADDC2}C:\cmd_sys\opentftpserver\opentftpservermt.exe] => (Allow) C:\cmd_sys\opentftpserver\opentftpservermt.exe
FirewallRules: [TCP Query User{6CEB3768-6EE4-47AB-889D-CB61AB74ABE6}C:\users\mzenk_000\downloads\emarks-1.0.0\emark-qt.exe] => (Allow) C:\users\mzenk_000\downloads\emarks-1.0.0\emark-qt.exe
FirewallRules: [UDP Query User{6072969A-CBBB-4CC8-8980-29DF08AFF2D9}C:\users\mzenk_000\downloads\emarks-1.0.0\emark-qt.exe] => (Allow) C:\users\mzenk_000\downloads\emarks-1.0.0\emark-qt.exe
FirewallRules: [TCP Query User{41638ED1-F660-41E2-BDF6-FFC2BE991006}C:\users\mzenk_000\appdata\roaming\unobtanium\unobtanium-qt.exe] => (Allow) C:\users\mzenk_000\appdata\roaming\unobtanium\unobtanium-qt.exe
FirewallRules: [UDP Query User{231AC54C-C142-4D42-9B54-D19668A2AD53}C:\users\mzenk_000\appdata\roaming\unobtanium\unobtanium-qt.exe] => (Allow) C:\users\mzenk_000\appdata\roaming\unobtanium\unobtanium-qt.exe
FirewallRules: [TCP Query User{A3282695-34D1-4860-956E-541C4C3A11B4}C:\program files (x86)\look@lan\lookathost.exe] => (Allow) C:\program files (x86)\look@lan\lookathost.exe
FirewallRules: [UDP Query User{2D7CED4C-C562-40F8-884B-3EE301910E61}C:\program files (x86)\look@lan\lookathost.exe] => (Allow) C:\program files (x86)\look@lan\lookathost.exe
FirewallRules: [TCP Query User{E1E1DD0F-4AB5-44F5-A186-0F7AB6E323E1}C:\program files (x86)\look@lan\lookatlan.exe] => (Allow) C:\program files (x86)\look@lan\lookatlan.exe
FirewallRules: [UDP Query User{B2EFC205-230F-46B4-9C0A-95E797650C18}C:\program files (x86)\look@lan\lookatlan.exe] => (Allow) C:\program files (x86)\look@lan\lookatlan.exe
FirewallRules: [TCP Query User{7AC6EC3D-A94F-4764-ABB8-CBACA1072A2A}C:\users\mzenk_000\desktop\auroracoin-qt\auroracoin-qt.exe] => (Allow) C:\users\mzenk_000\desktop\auroracoin-qt\auroracoin-qt.exe
FirewallRules: [UDP Query User{51ED3471-8008-454F-9678-3585C62AD5A1}C:\users\mzenk_000\desktop\auroracoin-qt\auroracoin-qt.exe] => (Allow) C:\users\mzenk_000\desktop\auroracoin-qt\auroracoin-qt.exe
FirewallRules: [{13D842A6-E8C2-4ADD-A004-E337E7350648}] => (Allow) C:\Program Files (x86)\Grandstream\GSurf_Pro\Client.exe
FirewallRules: [{799F36C9-BC79-4DDA-9EBF-3053B004FF89}] => (Allow) C:\Program Files (x86)\Grandstream\GSurf_Pro\Client.exe
FirewallRules: [{6028C793-7952-421D-B5D4-0F6FCFFDA8D6}] => (Allow) C:\Program Files (x86)\Grandstream\GSurf_Pro\Client.exe
FirewallRules: [{60F6C88D-23E5-48FE-BD80-8E66E9834CF1}] => (Allow) C:\Program Files (x86)\Grandstream\GSurf_Pro\Client.exe
FirewallRules: [{FB822741-7518-418A-AD58-24EAE0E43FA2}] => (Allow) C:\Program Files\silex technology\SX Virtual Link\Connect.exe
FirewallRules: [{90BE72DA-E170-4400-BD87-2196FEC7016A}] => (Allow) LPort=19540
FirewallRules: [TCP Query User{6EE89E2E-11EE-490B-ACCB-19ACB8647794}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{F32D4D95-3759-43C7-9597-C6E5869236F1}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{D7B71A2E-780B-4755-9A65-6DD079AF74CC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{5F4610BC-239D-4103-8D03-B3A47987F338}] => (Allow) LPort=12292
FirewallRules: [TCP Query User{CEFA2A38-84F9-4BEA-B2F5-A38E1CE9FF7E}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [UDP Query User{F5788EA8-5877-464B-818F-B985EDD78A4C}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [{259AC1E1-F243-4231-9135-C0A2E7D01973}] => (Allow) C:\Users\mzenk_000\AppData\Local\Temp\InsDCC5\Setup.exe
FirewallRules: [{44ABB3AC-FC1E-4797-B8DB-2048818070D2}] => (Allow) C:\Users\mzenk_000\AppData\Local\Temp\InsDCC5\Setup.exe
FirewallRules: [{EEDF813A-643F-482E-8AF7-F38D89004229}] => (Allow) C:\Users\mzenk_000\AppData\Local\Temp\InsDCC5\Setup.exe
FirewallRules: [{1C446182-0021-4F4B-A8CA-68948A281F32}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{4710CA33-839D-4846-9798-D9324D3CAFF1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18F7E2DF-E4B1-41B8-881B-B4ED46A14B91}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3E87A2D0-BC5E-4C88-BFBE-CFB154DDCBE8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D0CA3F8C-697D-4417-8DD7-F396276D52A0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{1FCF8224-5E38-4664-9E71-963EBBEE9D23}C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe] => (Allow) C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe
FirewallRules: [UDP Query User{23128187-C801-41ED-8010-7BFF78D431E0}C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe] => (Allow) C:\program files (x86)\disney interactive\disney infinity 2.0 pc\disneyinfinity2.exe
FirewallRules: [TCP Query User{831E71D4-9D19-4EDB-9915-1DDACF060CA0}C:\program files (x86)\opera\27.0.1689.69\opera.exe] => (Allow) C:\program files (x86)\opera\27.0.1689.69\opera.exe
FirewallRules: [UDP Query User{AEEB87F9-0177-4C12-A678-CC9757B3F54B}C:\program files (x86)\opera\27.0.1689.69\opera.exe] => (Allow) C:\program files (x86)\opera\27.0.1689.69\opera.exe
FirewallRules: [TCP Query User{B31F660A-844D-45F8-93F0-426A44388625}C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\clientdemo.exe] => (Allow) C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\clientdemo.exe
FirewallRules: [UDP Query User{749E46C6-1D92-441E-AC22-759D229DD2FB}C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\clientdemo.exe] => (Allow) C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\clientdemo.exe
FirewallRules: [TCP Query User{6534A3B1-CB86-4FDA-83BA-72A2F701AF4C}C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\playerdemo.exe] => (Allow) C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\playerdemo.exe
FirewallRules: [UDP Query User{DB6C7F92-072F-4D2F-8CBA-294EDF5428F7}C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\playerdemo.exe] => (Allow) C:\users\mzenk_000\documents\visual studio 2013\projects\sdkdemo_csharp\build\playerdemo.exe
FirewallRules: [TCP Query User{D202E5DC-04E2-4DB3-8E68-C2D5AD2500FB}C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe
FirewallRules: [UDP Query User{14A683C0-6B59-4117-B2DF-4E1CA0115C2C}C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe] => (Allow) C:\program files (x86)\adobe\adobe edge animate cc 2014.1\edgeanimate.exe
FirewallRules: [TCP Query User{29FA37E2-4591-46D2-96C9-8BD13317657A}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [UDP Query User{9C53560B-486C-48C9-A9DF-5376DF1A4064}C:\program files\adobe\adobe muse cc 2014\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2014\muse.exe
FirewallRules: [TCP Query User{F301CE00-3F39-441F-8505-63DE8598D736}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [UDP Query User{1BA2DB30-B2F9-4275-BF48-EF962FF0EDA7}C:\program files (x86)\plex home theater\plex home theater.exe] => (Allow) C:\program files (x86)\plex home theater\plex home theater.exe
FirewallRules: [TCP Query User{D6DEE1FF-5FCE-4D0C-B9A1-DB4873E0601F}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{7ECEDEA0-CA16-41FD-A7F9-242F12AC85BE}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{549F66E7-5485-4763-B06C-4CA62F296DF0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{13E54769-4339-43BE-AEDC-9685F0FCBA79}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{E11BDA1E-590C-4FA8-B5B5-B7B01051FE00}C:\program files (x86)\grandstream\gsurf_pro_v2\httpserver.exe] => (Allow) C:\program files (x86)\grandstream\gsurf_pro_v2\httpserver.exe
FirewallRules: [UDP Query User{BD66E6F5-9EB0-4E2D-9C6D-544A1378AD0C}C:\program files (x86)\grandstream\gsurf_pro_v2\httpserver.exe] => (Allow) C:\program files (x86)\grandstream\gsurf_pro_v2\httpserver.exe
FirewallRules: [TCP Query User{3B8560C4-6E62-44E8-ABAF-7FBDE18ED233}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CA460918-970F-4640-85C7-45CF1B6CD984}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CADD7549-62A7-4676-A47B-681032766DDE}C:\program files\adobe\adobe photoshop cc 2014\node.exe] => (Allow) C:\program files\adobe\adobe photoshop cc 2014\node.exe
FirewallRules: [UDP Query User{A52D8C41-7141-4B04-A423-634515AD7DB5}C:\program files\adobe\adobe photoshop cc 2014\node.exe] => (Allow) C:\program files\adobe\adobe photoshop cc 2014\node.exe
FirewallRules: [{6A2D9542-EBA1-4A06-A94A-80952C5F98C3}] => (Allow) C:\windows\system32\hasplms.exe
FirewallRules: [{AB726CCA-476E-48C4-8F6B-105ADCF09981}] => (Allow) C:\Program Files (x86)\Milesight VMS Pro\Milesight VMS Server\Milesight VMS Server.exe
FirewallRules: [{D540AE2E-A00B-444D-863A-115ECDF569FB}] => (Allow) C:\Program Files (x86)\Milesight VMS Pro\Milesight VMS Server\Milesight VMS Server.exe
FirewallRules: [{DAF501E7-94BB-4A50-BE5F-1EBFF037CC75}] => (Allow) C:\Program Files (x86)\Milesight VMS Pro\Milesight VMS Client\Milesight VMS Client.exe
FirewallRules: [{CE066D9B-A129-45DB-B878-997C78206422}] => (Allow) C:\Program Files (x86)\Milesight VMS Pro\Milesight VMS Client\Milesight VMS Client.exe
FirewallRules: [{45590E6B-4975-40A9-B947-607B29D61104}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C69469A9-D771-474B-80B4-5D50B428ADE2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E033787E-9950-4502-B0EB-CABCF7CD0653}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A2C5A796-C41B-4E61-84A4-FBA57866BBED}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{AE959EC1-CCC8-4275-9748-71FD3BE5A3D5}C:\program files (x86)\opera\31.0.1889.174\opera.exe] => (Allow) C:\program files (x86)\opera\31.0.1889.174\opera.exe
FirewallRules: [UDP Query User{B915D9EE-6352-43EB-847F-2C646B94B866}C:\program files (x86)\opera\31.0.1889.174\opera.exe] => (Allow) C:\program files (x86)\opera\31.0.1889.174\opera.exe
FirewallRules: [TCP Query User{B0475908-1C79-4835-8563-4E82D11B4808}C:\program files (x86)\opera\31.0.1889.174\opera.exe] => (Allow) C:\program files (x86)\opera\31.0.1889.174\opera.exe
FirewallRules: [UDP Query User{166ED26D-0A26-4C80-9D1B-47A1CE8AAF6F}C:\program files (x86)\opera\31.0.1889.174\opera.exe] => (Allow) C:\program files (x86)\opera\31.0.1889.174\opera.exe
FirewallRules: [TCP Query User{963F1154-F2ED-4ACC-930C-31150109F454}C:\program files (x86)\opera\32.0.1948.25\opera.exe] => (Allow) C:\program files (x86)\opera\32.0.1948.25\opera.exe
FirewallRules: [UDP Query User{BDB9926D-3C8F-43FF-8636-8EC238A1D41A}C:\program files (x86)\opera\32.0.1948.25\opera.exe] => (Allow) C:\program files (x86)\opera\32.0.1948.25\opera.exe
FirewallRules: [TCP Query User{BBF61CD5-64E4-4A72-A456-4ED368E9CD12}C:\program files (x86)\opera\32.0.1948.69\opera.exe] => (Allow) C:\program files (x86)\opera\32.0.1948.69\opera.exe
FirewallRules: [UDP Query User{3BAD41F1-F299-4242-AC73-F8B22DBE8AEE}C:\program files (x86)\opera\32.0.1948.69\opera.exe] => (Allow) C:\program files (x86)\opera\32.0.1948.69\opera.exe
FirewallRules: [TCP Query User{2130C17C-E994-4C17-A426-CD339F63F26A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D9909994-BD3A-4930-9983-5F862939B653}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D5A6ED43-A64B-4056-93FF-650DADA5E3F8}C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe] => (Allow) C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe
FirewallRules: [UDP Query User{33CBE5FB-A71C-4CBC-AD07-8B4A5E594A8E}C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe] => (Allow) C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe
FirewallRules: [TCP Query User{BFFECD9C-284C-4AE3-8F08-EB4C290DB129}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{359CF8A9-AF11-45E9-BBCC-8C0CB3257536}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{06EE0DA0-A9EC-4071-A683-892828DB02F3}C:\program files (x86)\opera\33.0.1990.58\opera.exe] => (Allow) C:\program files (x86)\opera\33.0.1990.58\opera.exe
FirewallRules: [UDP Query User{73C25877-7C06-4F36-ADC5-D8E64A105E4B}C:\program files (x86)\opera\33.0.1990.58\opera.exe] => (Allow) C:\program files (x86)\opera\33.0.1990.58\opera.exe
FirewallRules: [TCP Query User{D35ED0D6-CA16-46CB-864A-43E1975DC73D}C:\program files (x86)\uc\autoconfig.exe] => (Allow) C:\program files (x86)\uc\autoconfig.exe
FirewallRules: [UDP Query User{FFAF0DA1-028F-4A77-9CA1-920A245C4203}C:\program files (x86)\uc\autoconfig.exe] => (Allow) C:\program files (x86)\uc\autoconfig.exe
FirewallRules: [TCP Query User{46BF8FFC-62E7-4853-A590-33D7BE961AC3}C:\program files (x86)\uc\uc.exe] => (Allow) C:\program files (x86)\uc\uc.exe
FirewallRules: [UDP Query User{A139D40B-173E-468B-B7CF-D279D2C4CA7B}C:\program files (x86)\uc\uc.exe] => (Allow) C:\program files (x86)\uc\uc.exe
FirewallRules: [TCP Query User{4E48CD62-72BC-464E-AAC1-293ECEE27CA6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{77F374A0-19B2-4BAB-AEA0-F7B16BEADBAC}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{B26782A2-A01E-4878-A436-10303C35CD9D}C:\users\mzenk_000\documents\userart\smtsec\run\c#_demo.exe] => (Allow) C:\users\mzenk_000\documents\userart\smtsec\run\c#_demo.exe
FirewallRules: [UDP Query User{828BAABC-0274-4D38-BB97-97D04C2CE073}C:\users\mzenk_000\documents\userart\smtsec\run\c#_demo.exe] => (Allow) C:\users\mzenk_000\documents\userart\smtsec\run\c#_demo.exe
FirewallRules: [{61FC4299-9791-4FF0-8A5F-983C0DED9055}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{30508F20-833D-4B9B-BFC8-44BD90140380}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [TCP Query User{371B8C38-6808-40CA-A8C6-0AC75A0A67BA}C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe] => (Allow) C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe
FirewallRules: [UDP Query User{C812F4B8-20A1-4DDD-A44E-F30904D45941}C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe] => (Allow) C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe
FirewallRules: [TCP Query User{6FB39597-3398-4988-AD19-84181FBFC34C}C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe] => (Allow) C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe
FirewallRules: [UDP Query User{1873365A-D1BB-43A8-86ED-67477E39732B}C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe] => (Allow) C:\users\mzenk_000\desktop\userart\suppliers\netsdk_1.9_20140410_003\netsdk_1.9_20140410_003\run\vc_netsdkdemo.exe
FirewallRules: [TCP Query User{B21D7C2C-DFAF-4E74-8FF0-53238B8FB451}C:\program files (x86)\uc\uc.exe] => (Block) C:\program files (x86)\uc\uc.exe
FirewallRules: [UDP Query User{CB2C6F6D-7B9F-4461-BE68-E38BC7C6CE50}C:\program files (x86)\uc\uc.exe] => (Block) C:\program files (x86)\uc\uc.exe
FirewallRules: [TCP Query User{36BD9E72-C674-46D3-B536-C4172422396F}C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe] => (Allow) C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe
FirewallRules: [UDP Query User{1A1B4FE4-3E8C-4773-8DE5-BE41B2269A46}C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe] => (Allow) C:\users\mzenk_000\appdata\local\temp\mxt83\bin\xwin_mobax.exe
FirewallRules: [TCP Query User{13555045-4EB4-4D87-89CD-016206483E5A}C:\program files (x86)\vitamin d video\vitamin d agent.exe] => (Allow) C:\program files (x86)\vitamin d video\vitamin d agent.exe
FirewallRules: [UDP Query User{A0E399A1-6A3D-4EE1-AA8C-F8A9037997AB}C:\program files (x86)\vitamin d video\vitamin d agent.exe] => (Allow) C:\program files (x86)\vitamin d video\vitamin d agent.exe
FirewallRules: [{48CB1929-C248-4B97-8C9F-885ABF4E8EDF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D041AFE6-F324-4B93-B038-0670646B8C88}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{F98E801A-0049-4CB5-9813-CC5E31405B5F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B40269DC-8A7D-485C-9E4A-773C91A351E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{06A6B318-95FE-4CFB-9535-504ADC1BD035}C:\program files (x86)\opera\35.0.2066.37\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.37\opera.exe
FirewallRules: [UDP Query User{4EEDA6F7-B92F-4E45-B688-F47CBF979638}C:\program files (x86)\opera\35.0.2066.37\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.37\opera.exe
FirewallRules: [TCP Query User{D38D2D81-14FD-48F6-8850-7AEDB2AE39F2}C:\program files (x86)\ispy\ispy.exe] => (Allow) C:\program files (x86)\ispy\ispy.exe
FirewallRules: [UDP Query User{75CD8870-6F61-4CE5-ACC9-9571D373789C}C:\program files (x86)\ispy\ispy.exe] => (Allow) C:\program files (x86)\ispy\ispy.exe
FirewallRules: [TCP Query User{1EF0C63F-E441-4FDC-9887-3AFC61AAF121}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{FB01AEB7-23F8-4468-BB2D-E5BDFF7083C0}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{D05984C4-7195-42C4-B9EB-E36374EC17B0}C:\program files (x86)\opera\35.0.2066.82\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.82\opera.exe
FirewallRules: [UDP Query User{7BE51130-0584-497B-85DA-856993B25CEC}C:\program files (x86)\opera\35.0.2066.82\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.82\opera.exe
FirewallRules: [TCP Query User{5DFD309B-E1A6-4C1D-8814-BB12A7065DB6}C:\program files (x86)\opera\35.0.2066.82\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.82\opera.exe
FirewallRules: [UDP Query User{74BD14C3-F63A-4586-9B26-9F9A965487DC}C:\program files (x86)\opera\35.0.2066.82\opera.exe] => (Allow) C:\program files (x86)\opera\35.0.2066.82\opera.exe
FirewallRules: [{CBDAC4E7-1B9E-490F-BD71-8107FDD14334}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [{257609EF-ABCD-47F5-8DB3-9C8F074A03D5}] => (Allow) C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
FirewallRules: [{471D7EE2-3017-4DDC-9EE1-646EE2BB0C91}] => (Allow) C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
FirewallRules: [TCP Query User{C1DC27D6-2C70-4273-8FAD-234D83AEC63D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{E71FAF36-ED81-4ED4-A812-941F90A56728}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{8BE92144-7505-41BA-BD30-6CD3BCA23D31}C:\program files (x86)\opera\36.0.2130.65\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.65\opera.exe
FirewallRules: [UDP Query User{4190E635-688A-4B9B-856A-3E3BA3F4C986}C:\program files (x86)\opera\36.0.2130.65\opera.exe] => (Allow) C:\program files (x86)\opera\36.0.2130.65\opera.exe
FirewallRules: [{29963B2A-4944-4C01-A97D-2FBB7E688B5A}] => (Allow) C:\Users\mzenk_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0788F607-3700-48D9-AFA6-12CB84E4DF96}] => (Allow) C:\Users\mzenk_000\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{64F73045-51B0-4E31-98E9-CAF9C1F1152B}C:\users\mzenk_000\eclipse\cpp-neon\eclipse\eclipse.exe] => (Allow) C:\users\mzenk_000\eclipse\cpp-neon\eclipse\eclipse.exe
FirewallRules: [UDP Query User{9C465338-E389-4080-B7E2-E3C220B84928}C:\users\mzenk_000\eclipse\cpp-neon\eclipse\eclipse.exe] => (Allow) C:\users\mzenk_000\eclipse\cpp-neon\eclipse\eclipse.exe
FirewallRules: [{605C4D2D-CCD6-4E86-BFB5-C42DF4F96CE8}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity\2015\UnityVS.OpenFile.exe
FirewallRules: [{43EA67A3-A086-4F90-B79C-2D458DD8F215}] => (Allow) C:\PROGRA~1\Unity\Editor\Unity.exe
FirewallRules: [{8ECC5CBD-3225-42DA-A968-5AEDB29554B1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{DA665FC7-A2F2-475D-9DF1-6B233263A414}] => (Block) c:\windows\system32\hasplms.exe
FirewallRules: [{291D66AB-254A-4FEC-B092-8F7352C502AB}] => (Block) c:\windows\system32\hasplms.exe
FirewallRules: [{1E11A179-5BD5-48C1-9E24-D3FBB75BEDDA}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
FirewallRules: [{A3A3A6C2-5110-401D-B225-5417A967E3A7}] => (Block) c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
FirewallRules: [TCP Query User{B6E5FAC3-4F44-41A7-B900-9CAE9410598C}C:\program files (x86)\synesis\onvif device manager\odm.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.exe
FirewallRules: [UDP Query User{1237A59C-4142-443F-8F53-B674A17ED62F}C:\program files (x86)\synesis\onvif device manager\odm.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.exe
FirewallRules: [TCP Query User{05781CB8-F247-4784-8AB2-68A3A95B8B3F}C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe
FirewallRules: [UDP Query User{EAB268EB-D5F9-4F6C-85C9-6155201A66A1}C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe] => (Allow) C:\program files (x86)\synesis\onvif device manager\odm.player.host.exe
FirewallRules: [TCP Query User{B785EFAA-A88A-4208-B8A6-05E5AC6CD58A}C:\users\mzenk_000\downloads\netscan (1)\32-bit\netscan.exe] => (Allow) C:\users\mzenk_000\downloads\netscan (1)\32-bit\netscan.exe
FirewallRules: [UDP Query User{1795F4DD-A90F-4EA1-B137-1A5443E3AC3F}C:\users\mzenk_000\downloads\netscan (1)\32-bit\netscan.exe] => (Allow) C:\users\mzenk_000\downloads\netscan (1)\32-bit\netscan.exe
FirewallRules: [TCP Query User{22CF1F15-D0D4-4C86-810F-DA3A46C2078F}C:\users\mzenk_000\appdata\local\temp\mxt94\bin\xwin_mobax.exe] => (Allow) C:\users\mzenk_000\appdata\local\temp\mxt94\bin\xwin_mobax.exe
FirewallRules: [UDP Query User{3839C81B-3F2D-4308-89F8-01A13452D940}C:\users\mzenk_000\appdata\local\temp\mxt94\bin\xwin_mobax.exe] => (Allow) C:\users\mzenk_000\appdata\local\temp\mxt94\bin\xwin_mobax.exe
FirewallRules: [TCP Query User{5737668C-999A-4D23-BC30-2D71F6560C64}C:\mobax_root\slash\bin\xwin_mobax.exe] => (Allow) C:\mobax_root\slash\bin\xwin_mobax.exe
FirewallRules: [UDP Query User{8F369E60-3A27-4CDC-A288-91E5ADC3B3DE}C:\mobax_root\slash\bin\xwin_mobax.exe] => (Allow) C:\mobax_root\slash\bin\xwin_mobax.exe
FirewallRules: [{92B9FA57-95C5-4723-9B7C-A2750F9CAB40}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
FirewallRules: [{B9C06742-438B-4953-B3BC-E3C7CA1F0036}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
FirewallRules: [TCP Query User{0BF5A407-4E95-4663-BA90-5AB5E2EEE4E1}C:\program files\adobe\adobe muse cc 2017\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2017\muse.exe
FirewallRules: [UDP Query User{D50315D1-F91E-4F21-A6E5-D27C43C32444}C:\program files\adobe\adobe muse cc 2017\muse.exe] => (Allow) C:\program files\adobe\adobe muse cc 2017\muse.exe
FirewallRules: [{BD92D199-5FA8-4381-9A9C-B4C408FC7CCD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{901262C4-CD7C-433B-9882-168609028CB4}E:\pc_surface\pc_surface01.exe] => (Allow) E:\pc_surface\pc_surface01.exe
FirewallRules: [UDP Query User{898034FA-AB39-497F-B870-DA9961E1207C}E:\pc_surface\pc_surface01.exe] => (Allow) E:\pc_surface\pc_surface01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/23/2017 10:34:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 23.2.2017.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 392c

Startzeit: 01d28db7d016973b

Beendigungszeit: 4294967295

Anwendungspfad: C:\Users\MZENK_~1\AppData\Local\Temp\scoped_dir14044_30695\FRST64.exe

Berichts-ID: 462d37e1-f9ab-11e6-8058-20689deb9778

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (02/23/2017 10:30:24 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\msiexec.exe /V; Beschreibung = Removed Tenable Nessus (x64).; Fehler = 0x80070005).

Error: (02/23/2017 10:28:48 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\msiexec.exe /V; Beschreibung = Removed Tenable Nessus (x64).; Fehler = 0x80070005).

Error: (02/23/2017 10:25:00 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\redist\1033\vcredist_arm.exe".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/23/2017 10:24:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.

Error: (02/23/2017 10:22:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (02/23/2017 10:22:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (02/23/2017 09:48:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HijackThis.exe, Version 2.0.0.5 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2494

Startzeit: 01d28db175e17dea

Beendigungszeit: 4294967295

Anwendungspfad: C:\Users\MZENK_~1\AppData\Local\Temp\scoped_dir14044_6099\HijackThis.exe

Berichts-ID: dbb99258-f9a4-11e6-8058-20689deb9778

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (02/22/2017 08:40:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PC_Surface01.exe, Version: 1.0.0.1, Zeitstempel: 0x5734a2a5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256d37
Ausnahmecode: 0xc000041d
Fehleroffset: 0x00154882
ID des fehlerhaften Prozesses: 0x1344
Startzeit der fehlerhaften Anwendung: 0x01d28d43715146e4
Pfad der fehlerhaften Anwendung: E:\PC_Surface\PC_Surface01.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: e4ab9c14-5de6-454b-8eeb-8b5af0d443f6
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/22/2017 08:40:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PC_Surface01.exe, Version: 1.0.0.1, Zeitstempel: 0x5734a2a5
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256d37
Ausnahmecode: 0x80000003
Fehleroffset: 0x00154882
ID des fehlerhaften Prozesses: 0x1344
Startzeit der fehlerhaften Anwendung: 0x01d28d43715146e4
Pfad der fehlerhaften Anwendung: E:\PC_Surface\PC_Surface01.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 7605d2f6-3b86-4b15-bd90-41b759e7b3a7
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (02/23/2017 10:35:02 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
Zugriff verweigert

Error: (02/23/2017 10:33:52 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/23/2017 10:32:01 AM) (Source: DCOM) (EventID: 10010) (User: MZ_YOGA_1)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/23/2017 10:31:30 AM) (Source: DCOM) (EventID: 10010) (User: MZ_YOGA_1)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/23/2017 10:31:05 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
Zugriff verweigert

Error: (02/23/2017 10:30:59 AM) (Source: DCOM) (EventID: 10010) (User: MZ_YOGA_1)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/23/2017 10:30:28 AM) (Source: DCOM) (EventID: 10010) (User: MZ_YOGA_1)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/23/2017 10:30:25 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "DeleteFlag" aufgrund folgenden Fehlers fehlgeschlagen: 
Zugriff verweigert

Error: (02/23/2017 10:29:57 AM) (Source: DCOM) (EventID: 10010) (User: MZ_YOGA_1)
Description: Der Server "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/23/2017 10:29:46 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Type" aufgrund folgenden Fehlers fehlgeschlagen: 
Zugriff verweigert


CodeIntegrity:
===================================
  Date: 2016-11-03 16:43:01.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.291
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.239
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.211
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.172
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-06 15:16:01.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Prozentuale Nutzung des RAM: 54%
Installierter physikalischer RAM: 8071.27 MB
Verfügbarer physikalischer RAM: 3704.7 MB
Summe virtueller Speicher: 16142.55 MB
Verfügbarer virtueller Speicher: 7174.32 MB

==================== Laufwerke ================================

Drive a: (Windows8_OS) (Network) (Total:211.34 GB) (Free:23.07 GB) NTFS
Drive c: (Windows8_OS) (Fixed) (Total:211.34 GB) (Free:23.07 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (USB DISK) (Removable) (Total:7.2 GB) (Free:6.65 GB) FAT32
Drive f: (ssd) (Fixed) (Total:116.5 GB) (Free:66.78 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3A649FA6)

Partition: GPT.

========================================================
Disk: 1 (Size: 116.5 GB) (Disk ID: BA2EDFB9)
Partition 1: (Not Active) - (Size=116.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 298C27AA)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)

==================== Ende von Addition.txt ============================
         
__________________

Alt 23.02.2017, 11:51   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Hi,

ist das ein gewerblich genutztes System?!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.02.2017, 12:30   #5
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Nein, privat. Aber natürlich mit lizenzierter Software ausgestattet.


Alt 23.02.2017, 12:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Zitat:
3Dconnexion 3DxWare 10
Adobe Creative Cloud
Microsoft Office Professional Plus 2013
Microsoft Office Project Professional 2007
Sicher? Project Professional REIN PRIVAT?!!
__________________
--> Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit

Alt 23.02.2017, 15:45   #7
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Ja, warum denn nicht? Braucht man auch, wenn man sauber arbeiten will.
Die Diablo3 Einträge sagen doch auch was aus. Ich bin halt ein Entwickler und befasse mich auch in meiner Freizeit mit dem was manche nur unter Zwang beruflich machen.

3Dconnexion 3DxWare 10 - 3D Mouse für Konstruktion
Adobe Creative Cloud - Photographie und Grafik macht doch Spaß
Microsoft Office Professional Plus 2013 - 2013???!!!! Wir schreiben 2017!
Microsoft Office Project Professional 2007 - 2007! Für Studienarbeiten sinnvoll?!

Das Notebook hat mich über meine Studiengänge begleitet und das waren nicht wenige. Bin halt einfach gern mehr Produktiv den Tag über.

Wäre wirklich nett, wenn man mir hier helfen kann. Habe nie groß auf Virensoftware gesetzt, da ich bislang recht gut damit fuhr einfach Webseiten und Downloads zu meiden, die unseriös wirken.
Viele meiner Tools fertige ich selbst, ich schätze ich hab mir den eingefangen, als ich versehentlich den Partitiontable einer USB-HDD zerlegt )-: Was schon tragisch genug war, weil ich weder die Daten habe, noch die Festplatte nutzen kann und wohl dadurch auch mein System (in Panik) kompromittierte.

Alt 23.02.2017, 16:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Weil die Lizenzen für diese Software SCHWEINETEUER sind und für ein rein privates Vergnügen idR völlig übertrieben sind!

Dann auch noch die dicksten Versionen, da muss es doch nachvollziehbar sein wenn ein helfer da nachhakt!


1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.02.2017, 12:40   #9
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Danke für die Fährte! Letztlich habe ich nun eine Odyssee hinter mir. Mbar konnte anfänglich nicht den dda Treiber installieren. Mein System war bereits so kompromitiert, durch meine vorherigen falschen löschversuche, dass immer nur neue Viren geladen wurden, die sich als mbar und co ausgaben. Letztlich führte das zu plötzlich fehlenden Netzwerkschnittstellen, blockierte systemsteuerung, defekter Explorer usw.

Ich saß nun die gesamte Nacht.

Fixdamage von mbar half anfänglich nicht, den Safe mode konnte ich auch nicht starten.

Was half - mit div. Abstürzen, immer neuen aufrufen und dem deaktivieren sämtlicher Firewalls, Scanner usw.:
Rkill
Fixdamage

Konnte dann heute morgen wieder in den Safe mode .

In diesem wieder
Rkill
Mbar scan + clean

Nun hatte ich Internet und konnte die virendefinitionen aktualisieren und führte mbar erneut aus.

Das System arbeitet nun wieder. Phuuu

Alt 24.02.2017, 12:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Wir sind noch nicht fertig. Und das Log von MBAR fehlt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.02.2017, 11:34   #11
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Habe alle logs aufbewahrt und stelle die dann hier rein. Brauche ne pause von rechnern. Danke für die weitere Hilfestellung!

Edit:
Einen schönen guten Morgen. Folgend das letzte mbar - log.
Aktuell sind sämtliche ungewöhnlichen Effekte nicht aufgetaucht.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.02.24.04
  rootkit: v2017.02.15.01

Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.576.14393.0
Martin Zenker :: MZ_YOGA_1 [administrator]

24.02.2017 10:37:34
mbar-log-2017-02-24 (10-37-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 775171
Time elapsed: 23 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{A19842D9-66F2-4325-874C-FAE83313D956}|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://nonestops.net/wpad.dat?89e382b56eda289e10ebbc854016a45018971410 -> Delete on reboot. [556f55517038fc3ae293d06d4eb21fe1]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
ich verfahre nun weiter mit Kaspersky

Code:
ATTFilter
10:31:27.0858 0x2fb8  PMBDeviceInfoProvider - ok
10:31:27.0874 0x2fb8  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
10:31:27.0874 0x2fb8  PNRPAutoReg - ok
10:31:27.0890 0x2fb8  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
10:31:27.0905 0x2fb8  PNRPsvc - ok
10:31:27.0921 0x2fb8  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
10:31:27.0943 0x2fb8  PolicyAgent - ok
10:31:27.0943 0x2fb8  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
10:31:27.0974 0x2fb8  Power - ok
10:31:27.0974 0x2fb8  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
10:31:27.0990 0x2fb8  PptpMiniport - ok
10:31:28.0059 0x2fb8  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
10:31:28.0159 0x2fb8  PrintNotify - ok
10:31:28.0175 0x2fb8  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
10:31:28.0191 0x2fb8  Processor - ok
10:31:28.0206 0x2fb8  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
10:31:28.0222 0x2fb8  ProfSvc - ok
10:31:28.0222 0x2fb8  [ 577C79B8F5C6A6925F6EF0AE1B0D4051, B9C1F62310B26C1009A55261667CA04349B1A89F96AD1DCFFE8348289668E579 ] prwntdrv        C:\WINDOWS\system32\prwntdrv.sys
10:31:28.0242 0x2fb8  prwntdrv - detected UnsignedFile.Multi.Generic ( 1 )
10:31:28.0544 0x2fb8  Detect skipped due to KSN trusted
10:31:28.0544 0x2fb8  prwntdrv - ok
10:31:28.0544 0x2fb8  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
10:31:28.0559 0x2fb8  Psched - ok
10:31:28.0559 0x2fb8  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\windows\system32\pwdrvio.sys
10:31:28.0575 0x2fb8  pwdrvio - ok
10:31:28.0575 0x2fb8  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\windows\system32\pwdspio.sys
10:31:28.0591 0x2fb8  pwdspio - ok
10:31:28.0591 0x2fb8  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
10:31:28.0606 0x2fb8  QWAVE - ok
10:31:28.0622 0x2fb8  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
10:31:28.0622 0x2fb8  QWAVEdrv - ok
10:31:28.0643 0x2fb8  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:31:28.0644 0x2fb8  RasAcd - ok
10:31:28.0644 0x2fb8  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
10:31:28.0660 0x2fb8  RasAgileVpn - ok
10:31:28.0675 0x2fb8  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
10:31:28.0691 0x2fb8  RasAuto - ok
10:31:28.0691 0x2fb8  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
10:31:28.0707 0x2fb8  Rasl2tp - ok
10:31:28.0722 0x2fb8  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\WINDOWS\System32\rasmans.dll
10:31:28.0760 0x2fb8  RasMan - ok
10:31:28.0760 0x2fb8  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:31:28.0776 0x2fb8  RasPppoe - ok
10:31:28.0776 0x2fb8  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
10:31:28.0791 0x2fb8  RasSstp - ok
10:31:28.0807 0x2fb8  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:31:28.0823 0x2fb8  rdbss - ok
10:31:28.0843 0x2fb8  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
10:31:28.0845 0x2fb8  rdpbus - ok
10:31:28.0860 0x2fb8  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
10:31:28.0860 0x2fb8  RDPDR - ok
10:31:28.0876 0x2fb8  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
10:31:28.0892 0x2fb8  RdpVideoMiniport - ok
10:31:28.0892 0x2fb8  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
10:31:28.0907 0x2fb8  rdyboost - ok
10:31:28.0940 0x2fb8  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
10:31:28.0961 0x2fb8  ReFSv1 - ok
10:31:28.0976 0x2fb8  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
10:31:29.0007 0x2fb8  RemoteAccess - ok
10:31:29.0007 0x2fb8  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
10:31:29.0023 0x2fb8  RemoteRegistry - ok
10:31:29.0045 0x2fb8  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
10:31:29.0076 0x2fb8  RetailDemo - ok
10:31:29.0076 0x2fb8  [ E82F3B1918C6A5FE6EB761CDF1E772AF, 0C993FCB7BFD6E01B70A1821E0DEAFA2CB241AF8C2E6D4CC120F59C1B5F6FF5F ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
10:31:29.0092 0x2fb8  RFCOMM - ok
10:31:29.0107 0x2fb8  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
10:31:29.0123 0x2fb8  RmSvc - ok
10:31:29.0123 0x2fb8  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
10:31:29.0146 0x2fb8  RpcEptMapper - ok
10:31:29.0146 0x2fb8  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
10:31:29.0161 0x2fb8  RpcLocator - ok
10:31:29.0177 0x2fb8  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
10:31:29.0224 0x2fb8  RpcSs - ok
10:31:29.0242 0x2fb8  [ 0F44FEA610B74258762F925C61A8D9CC, ADB1B7F55FFC02687614CA7459F22AEBA0A3156CD95FBC470648AC3DC1E4A205 ] rscp            C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
10:31:29.0246 0x2fb8  rscp - ok
10:31:29.0246 0x2fb8  [ DCAA9E6A211B0928FA9AE4BD57377EB6, 99BCF5E48D3D343156302CD290FB8F7E8DDF02426EBF13A2B50EEE727F4ABA76 ] rsEngineSvc     C:\Program Files\Reason\Security\rsEngineSvc.exe
10:31:29.0261 0x2fb8  rsEngineSvc - ok
10:31:29.0261 0x2fb8  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
10:31:29.0277 0x2fb8  rspndr - ok
10:31:29.0293 0x2fb8  [ 8EB6DCEB7473C232D8BC9A886E3183AC, D81B089443306AD9D89F59DBC5F9C2F5B6A86112B4AB59316B97EE7D8B97D2FA ] RSUSBVSTOR      C:\WINDOWS\System32\Drivers\RtsUVStor.sys
10:31:29.0293 0x2fb8  RSUSBVSTOR - ok
10:31:29.0308 0x2fb8  [ 7876D414526C82EFAC5DF3FF00A680BD, EF1A26CA4212311CE9993BF851D473FCC4A1DACCCD830DCAF551583881EF00AC ] RtkBtFilter     C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys
10:31:29.0340 0x2fb8  RtkBtFilter - ok
10:31:29.0409 0x2fb8  [ 301FEB2D456DE694F5B505399520488B, BC3915336E7AA0A308D485C8437CBB747B3D1647BAE23133AFC5C7BDC79E32B2 ] RtlWlanu_OldIC  C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys
10:31:29.0525 0x2fb8  RtlWlanu_OldIC - ok
10:31:29.0547 0x2fb8  [ 4DBBD2B451A2C45536F14FA972DD3E83, 22B47D79452593E57640B70F3A2EAA9D448046BD1BACBFD2851366DD6FC6DCAE ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
10:31:29.0547 0x2fb8  RTSUER - ok
10:31:29.0562 0x2fb8  [ 6106526CA0AB6DFE788BDB29C98B5004, B4E6BD6C79E513600DBEA4CDAAAE27D1A95A51ECD565BCC2DADF7EEB546B4962 ] RunSwUSB        C:\Windows\runSW.exe
10:31:29.0562 0x2fb8  RunSwUSB - ok
10:31:29.0562 0x2fb8  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
10:31:29.0578 0x2fb8  s3cap - ok
10:31:29.0578 0x2fb8  [ B3A62D2AEED3DE93239252A2DFFA9728, 7CDE07B59B5BEFD4A9FB295D14AABC95A8EDA807A4F357817824723C26A5C6AD ] SaiK1705        C:\WINDOWS\system32\DRIVERS\SaiK1705.sys
10:31:29.0594 0x2fb8  SaiK1705 - ok
10:31:29.0594 0x2fb8  [ B08581EDF3290210D3366CD2D992F6C2, FF1BE97B8F37FF39B784CAB254F2460B7F7A84C45BAD5CDB06FE5C29CF293BE5 ] SaiMini         C:\WINDOWS\System32\drivers\SaiMini.sys
10:31:29.0609 0x2fb8  SaiMini - ok
10:31:29.0609 0x2fb8  [ D086C2F45D328C2F63FC6B4CD79FCB66, BF3D27D95C83D2454AE62BAFE9297E08BB58EA4C7FBFBDEE075A4FFC6085735C ] SaiNtBus        C:\WINDOWS\system32\drivers\SaiBus.sys
10:31:29.0609 0x2fb8  SaiNtBus - ok
10:31:29.0625 0x2fb8  [ 338F85CC164C90F46B5580D94F1E740E, B677E79F41D5027769E75488B2B91C88E9D76CA51FA85BF0E6AA66013D047E04 ] SaiU1705        C:\WINDOWS\System32\drivers\SaiU1705.sys
10:31:29.0625 0x2fb8  SaiU1705 - ok
10:31:29.0625 0x2fb8  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
10:31:29.0647 0x2fb8  SamSs - ok
10:31:29.0647 0x2fb8  SAService - ok
10:31:29.0647 0x2fb8  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
10:31:29.0663 0x2fb8  sbp2port - ok
10:31:29.0678 0x2fb8  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
10:31:29.0694 0x2fb8  SCardSvr - ok
10:31:29.0694 0x2fb8  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
10:31:29.0709 0x2fb8  ScDeviceEnum - ok
10:31:29.0725 0x2fb8  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
10:31:29.0741 0x2fb8  scfilter - ok
10:31:29.0763 0x2fb8  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
10:31:29.0794 0x2fb8  Schedule - ok
10:31:29.0810 0x2fb8  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
10:31:29.0825 0x2fb8  scmbus - ok
10:31:29.0825 0x2fb8  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
10:31:29.0845 0x2fb8  scmdisk0101 - ok
10:31:29.0847 0x2fb8  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
10:31:29.0863 0x2fb8  SCPolicySvc - ok
10:31:29.0879 0x2fb8  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
10:31:29.0879 0x2fb8  sdbus - ok
10:31:29.0894 0x2fb8  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
10:31:29.0910 0x2fb8  SDRSVC - ok
10:31:29.0951 0x2fb8  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:31:29.0979 0x2fb8  SDScannerService - ok
10:31:29.0995 0x2fb8  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
10:31:29.0995 0x2fb8  sdstor - ok
10:31:30.0048 0x2fb8  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:31:30.0079 0x2fb8  SDUpdateService - ok
10:31:30.0095 0x2fb8  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:31:30.0095 0x2fb8  SDWSCService - ok
10:31:30.0110 0x2fb8  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
10:31:30.0126 0x2fb8  seclogon - ok
10:31:30.0126 0x2fb8  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
10:31:30.0147 0x2fb8  SENS - ok
10:31:30.0148 0x2fb8  Sense - ok
10:31:30.0179 0x2fb8  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
10:31:30.0226 0x2fb8  SensorDataService - ok
10:31:30.0241 0x2fb8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] SensorsAlsDriver C:\WINDOWS\System32\drivers\WUDFRd.sys
10:31:30.0248 0x2fb8  SensorsAlsDriver - ok
10:31:30.0263 0x2fb8  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
10:31:30.0279 0x2fb8  SensorService - ok
10:31:30.0295 0x2fb8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] SensorsSimulatorDriver C:\WINDOWS\System32\drivers\WUDFRd.sys
10:31:30.0310 0x2fb8  SensorsSimulatorDriver - ok
10:31:30.0326 0x2fb8  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
10:31:30.0342 0x2fb8  SensrSvc - ok
10:31:30.0348 0x2fb8  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
10:31:30.0348 0x2fb8  SerCx - ok
10:31:30.0364 0x2fb8  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
10:31:30.0364 0x2fb8  SerCx2 - ok
10:31:30.0379 0x2fb8  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
10:31:30.0379 0x2fb8  Serenum - ok
10:31:30.0395 0x2fb8  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
10:31:30.0395 0x2fb8  Serial - ok
10:31:30.0411 0x2fb8  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
10:31:30.0426 0x2fb8  sermouse - ok
10:31:30.0443 0x2fb8  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
10:31:30.0464 0x2fb8  SessionEnv - ok
10:31:30.0464 0x2fb8  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
10:31:30.0480 0x2fb8  sfloppy - ok
10:31:30.0495 0x2fb8  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
10:31:30.0511 0x2fb8  SharedAccess - ok
10:31:30.0527 0x2fb8  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:31:30.0564 0x2fb8  ShellHWDetection - ok
10:31:30.0580 0x2fb8  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
10:31:30.0596 0x2fb8  shpamsvc - ok
10:31:30.0596 0x2fb8  [ 7799106FEE728B907A86D9C9751E02D5, EE85E8D3CF3819DB28221BFC103DE8DF0E14E1878CECF54E8CD8C161B0E0AF3C ] silabenm        C:\WINDOWS\system32\DRIVERS\silabenm.sys
10:31:30.0596 0x2fb8  silabenm - detected UnsignedFile.Multi.Generic ( 1 )
10:31:30.0927 0x2fb8  Detect skipped due to KSN trusted
10:31:30.0927 0x2fb8  silabenm - ok
10:31:30.0948 0x2fb8  [ 447209C314E6E0D26E01962075802B18, AB1AC5854EB0EDF66025609CF9CB5639014C264327F4DEE1223BF7F6E1BD2D15 ] silabser        C:\WINDOWS\system32\DRIVERS\silabser.sys
10:31:30.0949 0x2fb8  silabser - detected UnsignedFile.Multi.Generic ( 1 )
10:31:31.0265 0x2fb8  Detect skipped due to KSN trusted
10:31:31.0265 0x2fb8  silabser - ok
10:31:31.0265 0x2fb8  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
10:31:31.0280 0x2fb8  SiSRaid2 - ok
10:31:31.0280 0x2fb8  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
10:31:31.0296 0x2fb8  SiSRaid4 - ok
10:31:31.0311 0x2fb8  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:31:31.0327 0x2fb8  SkypeUpdate - ok
10:31:31.0327 0x2fb8  [ 8A6571231D93C08434A56E19E33A35CB, 78A12B58D129D5B2017C9A94734656B9F1ED41345DF1D01F82702D4D95C1BE3F ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
10:31:31.0327 0x2fb8  SmbDrvI - ok
10:31:31.0344 0x2fb8  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
10:31:31.0349 0x2fb8  smphost - ok
10:31:31.0364 0x2fb8  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
10:31:31.0396 0x2fb8  SmsRouter - ok
10:31:31.0411 0x2fb8  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
10:31:31.0411 0x2fb8  SNMPTRAP - ok
10:31:31.0427 0x2fb8  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
10:31:31.0450 0x2fb8  spaceport - ok
10:31:31.0465 0x2fb8  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
10:31:31.0465 0x2fb8  SpbCx - ok
10:31:31.0496 0x2fb8  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\WINDOWS\System32\spoolsv.exe
10:31:31.0528 0x2fb8  Spooler - ok
10:31:31.0628 0x2fb8  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
10:31:31.0765 0x2fb8  sppsvc - ok
10:31:31.0790 0x2fb8  [ 3FE2F3796B4C62D0155C0C91C8975C89, 7D0B6C2D4D89BB98104BD6C403AC626285A3B977DB148461C28D0913FD736BDD ] SPUVCbv         C:\WINDOWS\System32\Drivers\SPUVCbv64.sys
10:31:31.0821 0x2fb8  SPUVCbv - ok
10:31:31.0821 0x2fb8  [ FAD8A14CAE92E805E48DA87B9564391A, B4BD026B6C9EE72CDE5E9215D903F16AE15893A1491ECFC346CB030C56D592A5 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:31:31.0837 0x2fb8  SQLWriter - ok
10:31:31.0853 0x2fb8  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
10:31:31.0868 0x2fb8  srv - ok
10:31:31.0890 0x2fb8  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
10:31:31.0921 0x2fb8  srv2 - ok
10:31:31.0921 0x2fb8  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
10:31:31.0937 0x2fb8  srvnet - ok
10:31:31.0953 0x2fb8  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
10:31:31.0968 0x2fb8  SSDPSRV - ok
10:31:31.0988 0x2fb8  [ BE9AD856DC28955E5933553421F99DFD, F60B5429B50CFAA6D336D8384BCD16FF262ADBCD997A5CB9CD9BCC06B67C96F8 ] SshBroker       C:\WINDOWS\System32\SshBroker.dll
10:31:32.0006 0x2fb8  SshBroker - ok
10:31:32.0006 0x2fb8  [ 284FB23A402836877FBCD735E0C07A7E, EA47FD98220DFA80B78D4E747602FD6D39DCAD54030EB8E478DA4EA6C9B1DC68 ] SshProxy        C:\WINDOWS\System32\SshProxy.dll
10:31:32.0037 0x2fb8  SshProxy - ok
10:31:32.0037 0x2fb8  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
10:31:32.0053 0x2fb8  SstpSvc - ok
10:31:32.0069 0x2fb8  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
10:31:32.0069 0x2fb8  ssudmdm - ok
10:31:32.0090 0x2fb8  [ 7DB9E612A2742ACEAB080B882E83141C, FFD1FA36E732F55223F3F4B5F845331DBB3073B023C2C5BF51A0E7680DEE7FA7 ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
10:31:32.0122 0x2fb8  ss_conn_service - ok
10:31:32.0191 0x2fb8  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
10:31:32.0339 0x2fb8  StateRepository - ok
10:31:32.0351 0x2fb8  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
10:31:32.0359 0x2fb8  stexstor - ok
10:31:32.0368 0x2fb8  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
10:31:32.0407 0x2fb8  stisvc - ok
10:31:32.0407 0x2fb8  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
10:31:32.0423 0x2fb8  storahci - ok
10:31:32.0423 0x2fb8  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
10:31:32.0438 0x2fb8  storflt - ok
10:31:32.0438 0x2fb8  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
10:31:32.0454 0x2fb8  stornvme - ok
10:31:32.0470 0x2fb8  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
10:31:32.0470 0x2fb8  storqosflt - ok
10:31:32.0492 0x2fb8  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
10:31:32.0507 0x2fb8  StorSvc - ok
10:31:32.0507 0x2fb8  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
10:31:32.0523 0x2fb8  storufs - ok
10:31:32.0523 0x2fb8  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
10:31:32.0539 0x2fb8  storvsc - ok
10:31:32.0539 0x2fb8  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
10:31:32.0554 0x2fb8  svsvc - ok
10:31:32.0554 0x2fb8  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
10:31:32.0570 0x2fb8  swenum - ok
10:31:32.0591 0x2fb8  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
10:31:32.0608 0x2fb8  swprv - ok
10:31:32.0623 0x2fb8  [ 7D33F42955235182C234A1D7B1AFDF4A, E73067BEE7E12A7C68F79AAEF6A2EB04C69468A6DDFC636500C2A00C60660708 ] sxuptp          C:\WINDOWS\System32\drivers\sxuptp.sys
10:31:32.0639 0x2fb8  sxuptp - ok
10:31:32.0639 0x2fb8  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
10:31:32.0654 0x2fb8  Synth3dVsc - ok
10:31:32.0670 0x2fb8  [ 7DC2B34FB6F1798F2D13453E0321D025, 60EF12A8824384DD88D9C5D188E8FB137F0F85A63C06AAF720CB2D616EB847F4 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:31:32.0691 0x2fb8  SynTP - ok
10:31:32.0692 0x2fb8  [ 6FBDBC24B1642868E041463795CBFA44, E9FA0DB094E7B2129ABD325BC91A48D6646380D6AA97BE6233C220E0C98637AF ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
10:31:32.0712 0x2fb8  SynTPEnhService - ok
10:31:32.0732 0x2fb8  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
10:31:32.0779 0x2fb8  SysMain - ok
10:31:32.0793 0x2fb8  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
10:31:32.0808 0x2fb8  SystemEventsBroker - ok
10:31:32.0824 0x2fb8  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
10:31:32.0839 0x2fb8  TabletInputService - ok
10:31:32.0839 0x2fb8  [ 7F5BFF7A547AE4BBF9CB8A80F844206C, B4D7DBDDECF5C8E632B1207311BC7899A0E0CD1020A46ECB59955C6B9361CF7A ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
10:31:32.0855 0x2fb8  tap0901 - ok
10:31:32.0855 0x2fb8  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
10:31:32.0889 0x2fb8  TapiSrv - ok
10:31:32.0924 0x2fb8  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
10:31:32.0993 0x2fb8  Tcpip - ok
10:31:33.0040 0x2fb8  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
10:31:33.0109 0x2fb8  Tcpip6 - ok
10:31:33.0125 0x2fb8  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
10:31:33.0125 0x2fb8  tcpipreg - ok
10:31:33.0140 0x2fb8  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
10:31:33.0156 0x2fb8  tdx - ok
10:31:33.0156 0x2fb8  [ 950AD1AE7498A492126FB9F9B2E27DB5, C4C9A972015F567FC87A4094C86835B2DD3476426AB8B40CD4872A725CA89CFC ] Te.Service      C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe
10:31:33.0171 0x2fb8  Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
10:31:33.0493 0x2fb8  Detect skipped due to KSN trusted
10:31:33.0493 0x2fb8  Te.Service - ok
10:31:33.0493 0x2fb8  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
10:31:33.0509 0x2fb8  terminpt - ok
10:31:33.0524 0x2fb8  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
10:31:33.0571 0x2fb8  TermService - ok
10:31:33.0571 0x2fb8  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
10:31:33.0593 0x2fb8  Themes - ok
10:31:33.0609 0x2fb8  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
10:31:33.0625 0x2fb8  TieringEngineService - ok
10:31:33.0640 0x2fb8  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
10:31:33.0671 0x2fb8  tiledatamodelsvc - ok
10:31:33.0691 0x2fb8  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
10:31:33.0694 0x2fb8  TimeBrokerSvc - ok
10:31:33.0709 0x2fb8  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
10:31:33.0725 0x2fb8  TPM - ok
10:31:33.0725 0x2fb8  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
10:31:33.0741 0x2fb8  TrkWks - ok
10:31:33.0756 0x2fb8  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
10:31:33.0756 0x2fb8  TrustedInstaller - ok
10:31:33.0772 0x2fb8  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
10:31:33.0789 0x2fb8  tsusbflt - ok
10:31:33.0793 0x2fb8  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
10:31:33.0794 0x2fb8  TsUsbGD - ok
10:31:33.0810 0x2fb8  [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub        C:\WINDOWS\system32\drivers\tsusbhub.sys
10:31:33.0825 0x2fb8  tsusbhub - ok
10:31:33.0825 0x2fb8  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
10:31:33.0849 0x2fb8  tunnel - ok
10:31:33.0857 0x2fb8  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
10:31:33.0869 0x2fb8  tzautoupdate - ok
10:31:33.0869 0x2fb8  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
10:31:33.0888 0x2fb8  UASPStor - ok
10:31:33.0894 0x2fb8  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
10:31:33.0894 0x2fb8  UcmCx0101 - ok
10:31:33.0909 0x2fb8  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
10:31:33.0925 0x2fb8  UcmTcpciCx0101 - ok
10:31:33.0925 0x2fb8  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
10:31:33.0941 0x2fb8  UcmUcsi - ok
10:31:33.0941 0x2fb8  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
10:31:33.0956 0x2fb8  Ucx01000 - ok
10:31:33.0956 0x2fb8  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
10:31:33.0972 0x2fb8  UdeCx - ok
10:31:33.0993 0x2fb8  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
10:31:34.0010 0x2fb8  udfs - ok
10:31:34.0010 0x2fb8  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
10:31:34.0025 0x2fb8  UEFI - ok
10:31:34.0025 0x2fb8  [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver  C:\WINDOWS\system32\drivers\UevAgentDriver.sys
10:31:34.0041 0x2fb8  UevAgentDriver - ok
10:31:34.0072 0x2fb8  [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService C:\WINDOWS\system32\AgentService.exe
10:31:34.0110 0x2fb8  UevAgentService - ok
10:31:34.0126 0x2fb8  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
10:31:34.0141 0x2fb8  Ufx01000 - ok
10:31:34.0141 0x2fb8  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
10:31:34.0157 0x2fb8  UfxChipidea - ok
10:31:34.0157 0x2fb8  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
10:31:34.0172 0x2fb8  ufxsynopsys - ok
10:31:34.0172 0x2fb8  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
10:31:34.0195 0x2fb8  UI0Detect - ok
10:31:34.0195 0x2fb8  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
10:31:34.0210 0x2fb8  umbus - ok
10:31:34.0210 0x2fb8  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
10:31:34.0226 0x2fb8  UmPass - ok
10:31:34.0241 0x2fb8  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
10:31:34.0257 0x2fb8  UmRdpService - ok
10:31:34.0293 0x2fb8  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
10:31:34.0326 0x2fb8  UnistoreSvc - ok
10:31:34.0357 0x2fb8  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:31:34.0357 0x2fb8  UNS - ok
10:31:34.0391 0x2fb8  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
10:31:34.0410 0x2fb8  upnphost - ok
10:31:34.0426 0x2fb8  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
10:31:34.0441 0x2fb8  UrsChipidea - ok
10:31:34.0457 0x2fb8  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
10:31:34.0457 0x2fb8  UrsCx01000 - ok
10:31:34.0473 0x2fb8  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
10:31:34.0473 0x2fb8  UrsSynopsys - ok
10:31:34.0494 0x2fb8  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\WINDOWS\System32\Drivers\usbaapl64.sys
10:31:34.0495 0x2fb8  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
10:31:34.0826 0x2fb8  Detect skipped due to KSN trusted
10:31:34.0826 0x2fb8  USBAAPL64 - ok
10:31:34.0826 0x2fb8  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
10:31:34.0842 0x2fb8  usbccgp - ok
10:31:34.0842 0x2fb8  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
10:31:34.0858 0x2fb8  usbcir - ok
10:31:34.0873 0x2fb8  [ 635686E528F2C9CB916EC1BB04EE6AD1, 080A0F209773232860F510F17005EF92650BA831F69BB0006AEF11A2BB0A4906 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
10:31:34.0889 0x2fb8  UsbClientService - detected UnsignedFile.Multi.Generic ( 1 )
10:31:35.0195 0x2fb8  Detect skipped due to KSN trusted
10:31:35.0195 0x2fb8  UsbClientService - ok
10:31:35.0211 0x2fb8  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
10:31:35.0227 0x2fb8  usbehci - ok
10:31:35.0242 0x2fb8  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
10:31:35.0258 0x2fb8  usbhub - ok
10:31:35.0274 0x2fb8  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
10:31:35.0296 0x2fb8  USBHUB3 - ok
10:31:35.0296 0x2fb8  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
10:31:35.0311 0x2fb8  usbohci - ok
10:31:35.0311 0x2fb8  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
10:31:35.0327 0x2fb8  usbprint - ok
10:31:35.0343 0x2fb8  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
10:31:35.0343 0x2fb8  usbser - ok
10:31:35.0358 0x2fb8  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
10:31:35.0358 0x2fb8  USBSTOR - ok
10:31:35.0374 0x2fb8  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
10:31:35.0390 0x2fb8  usbuhci - ok
10:31:35.0396 0x2fb8  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
10:31:35.0412 0x2fb8  USBXHCI - ok
10:31:35.0443 0x2fb8  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
10:31:35.0496 0x2fb8  UserDataSvc - ok
10:31:35.0528 0x2fb8  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\WINDOWS\System32\usermgr.dll
10:31:35.0559 0x2fb8  UserManager - ok
10:31:35.0591 0x2fb8  [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc          C:\WINDOWS\system32\usocore.dll
10:31:35.0612 0x2fb8  UsoSvc - ok
10:31:35.0612 0x2fb8  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
10:31:35.0628 0x2fb8  VaultSvc - ok
10:31:35.0628 0x2fb8  [ 3C8E2C591345F38149C69FE8E5DF8C90, 9F4BB9BDA09CB2E99A6A888B288F322AE5C460B5D124CD714C6F00FF5029144B ] VClone          C:\WINDOWS\System32\drivers\VClone.sys
10:31:35.0644 0x2fb8  VClone - ok
10:31:35.0644 0x2fb8  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
10:31:35.0659 0x2fb8  vdrvroot - ok
10:31:35.0675 0x2fb8  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
10:31:35.0713 0x2fb8  vds - ok
10:31:35.0713 0x2fb8  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
10:31:35.0728 0x2fb8  VerifierExt - ok
10:31:35.0744 0x2fb8  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
10:31:35.0775 0x2fb8  vhdmp - ok
10:31:35.0775 0x2fb8  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
10:31:35.0797 0x2fb8  vhf - ok
10:31:35.0797 0x2fb8  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
10:31:35.0813 0x2fb8  vmbus - ok
10:31:35.0813 0x2fb8  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
10:31:35.0828 0x2fb8  VMBusHID - ok
10:31:35.0828 0x2fb8  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
10:31:35.0844 0x2fb8  vmgid - ok
10:31:35.0844 0x2fb8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
10:31:35.0875 0x2fb8  vmicguestinterface - ok
10:31:35.0875 0x2fb8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
10:31:35.0897 0x2fb8  vmicheartbeat - ok
10:31:35.0897 0x2fb8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
10:31:35.0929 0x2fb8  vmickvpexchange - ok
10:31:35.0944 0x2fb8  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
10:31:35.0960 0x2fb8  vmicrdv - ok
10:31:35.0976 0x2fb8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
10:31:35.0997 0x2fb8  vmicshutdown - ok
10:31:35.0997 0x2fb8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
10:31:36.0013 0x2fb8  vmictimesync - ok
10:31:36.0029 0x2fb8  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
10:31:36.0044 0x2fb8  vmicvmsession - ok
10:31:36.0060 0x2fb8  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
10:31:36.0075 0x2fb8  vmicvss - ok
10:31:36.0092 0x2fb8  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
10:31:36.0098 0x2fb8  volmgr - ok
10:31:36.0114 0x2fb8  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
10:31:36.0129 0x2fb8  volmgrx - ok
10:31:36.0129 0x2fb8  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
10:31:36.0145 0x2fb8  volsnap - ok
10:31:36.0161 0x2fb8  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
10:31:36.0161 0x2fb8  volume - ok
10:31:36.0176 0x2fb8  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
10:31:36.0176 0x2fb8  vpci - ok
10:31:36.0195 0x2fb8  [ 6814DDD37C300F845C4FFE4D4CC9A8C7, 206D5D0A803B8EC26A190C5BF72FF12137C1B8D76A674B6C7C16C8C9BBE44C29 ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
10:31:36.0198 0x2fb8  VsEtwService120 - ok
10:31:36.0198 0x2fb8  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
10:31:36.0214 0x2fb8  vsmraid - ok
10:31:36.0245 0x2fb8  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
10:31:36.0314 0x2fb8  VSS - ok
10:31:36.0314 0x2fb8  [ 558B8E6F99E198519FD87F1575F7D92D, B176F51B72D9BCD6472A710D4E0B78A7A7D1C3CAEC12725289C1EBA54E35083D ] VSStandardCollectorService140 C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe
10:31:36.0330 0x2fb8  VSStandardCollectorService140 - ok
10:31:36.0330 0x2fb8  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
10:31:36.0345 0x2fb8  VSTXRAID - ok
10:31:36.0361 0x2fb8  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
10:31:36.0361 0x2fb8  vwifibus - ok
10:31:36.0377 0x2fb8  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
10:31:36.0377 0x2fb8  vwififlt - ok
10:31:36.0395 0x2fb8  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
10:31:36.0399 0x2fb8  vwifimp - ok
10:31:36.0414 0x2fb8  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\WINDOWS\system32\w32time.dll
10:31:36.0446 0x2fb8  W32Time - ok
10:31:36.0446 0x2fb8  [ 4053FB949F48647A327BC18DFEEA4374, 52511C35854A673ADCD9084FEF9BC6A339BCA0290374B81140A371D67B13A8FB ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
10:31:36.0461 0x2fb8  w3logsvc - ok
10:31:36.0477 0x2fb8  [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] W3SVC           C:\WINDOWS\system32\inetsrv\iisw3adm.dll
10:31:36.0499 0x2fb8  W3SVC - ok
10:31:36.0499 0x2fb8  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
10:31:36.0515 0x2fb8  WacomPen - ok
10:31:36.0530 0x2fb8  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
10:31:36.0546 0x2fb8  WalletService - ok
10:31:36.0562 0x2fb8  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:31:36.0577 0x2fb8  wanarp - ok
10:31:36.0577 0x2fb8  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:31:36.0599 0x2fb8  wanarpv6 - ok
10:31:36.0615 0x2fb8  [ 85461F6AD65CCE84A7BC6D9F2A5861B3, 0C9A662F1BADF429B1DF62E91F4626DE996F84945D3A42D26A0FA09EC15CC9D7 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
10:31:36.0647 0x2fb8  WAS - ok
10:31:36.0675 0x2fb8  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
10:31:36.0731 0x2fb8  wbengine - ok
10:31:36.0746 0x2fb8  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
10:31:36.0794 0x2fb8  WbioSrvc - ok
10:31:36.0799 0x2fb8  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
10:31:36.0799 0x2fb8  wcifs - ok
10:31:36.0830 0x2fb8  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
10:31:36.0862 0x2fb8  Wcmsvc - ok
10:31:36.0877 0x2fb8  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
10:31:36.0900 0x2fb8  wcncsvc - ok
10:31:36.0900 0x2fb8  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
10:31:36.0916 0x2fb8  wcnfs - ok
10:31:36.0916 0x2fb8  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
10:31:36.0931 0x2fb8  WdBoot - ok
10:31:36.0947 0x2fb8  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
10:31:36.0978 0x2fb8  Wdf01000 - ok
10:31:36.0997 0x2fb8  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
10:31:37.0000 0x2fb8  WdFilter - ok
10:31:37.0016 0x2fb8  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
10:31:37.0032 0x2fb8  WdiServiceHost - ok
10:31:37.0032 0x2fb8  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
10:31:37.0047 0x2fb8  WdiSystemHost - ok
10:31:37.0063 0x2fb8  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
10:31:37.0101 0x2fb8  wdiwifi - ok
10:31:37.0101 0x2fb8  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
10:31:37.0116 0x2fb8  WdNisDrv - ok
10:31:37.0116 0x2fb8  WdNisSvc - ok
10:31:37.0132 0x2fb8  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
10:31:37.0147 0x2fb8  WebClient - ok
10:31:37.0179 0x2fb8  [ 2D1C892A586B9EF5B9DB2E26D744AB0E, B61173946A3784A503940FD8F231CFEA4D47ADE3E28E6F2853D5A5473EB775F8 ] WebManagement   C:\WINDOWS\system32\WebManagement.exe
10:31:37.0216 0x2fb8  WebManagement - ok
10:31:37.0216 0x2fb8  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
10:31:37.0248 0x2fb8  Wecsvc - ok
10:31:37.0248 0x2fb8  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
10:31:37.0263 0x2fb8  WEPHOSTSVC - ok
10:31:37.0263 0x2fb8  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
10:31:37.0279 0x2fb8  wercplsupport - ok
10:31:37.0300 0x2fb8  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
10:31:37.0301 0x2fb8  WerSvc - ok
10:31:37.0317 0x2fb8  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
10:31:37.0332 0x2fb8  WFPLWFS - ok
10:31:37.0332 0x2fb8  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
10:31:37.0348 0x2fb8  WiaRpc - ok
10:31:37.0364 0x2fb8  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
10:31:37.0364 0x2fb8  WIMMount - ok
10:31:37.0364 0x2fb8  WinDefend - ok
10:31:37.0379 0x2fb8  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
10:31:37.0399 0x2fb8  WindowsTrustedRT - ok
10:31:37.0401 0x2fb8  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
10:31:37.0401 0x2fb8  WindowsTrustedRTProxy - ok
10:31:37.0432 0x2fb8  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
10:31:37.0464 0x2fb8  WinHttpAutoProxySvc - ok
10:31:37.0464 0x2fb8  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
10:31:37.0479 0x2fb8  WinMad - ok
10:31:37.0479 0x2fb8  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
10:31:37.0501 0x2fb8  Winmgmt - ok
10:31:37.0564 0x2fb8  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
10:31:37.0649 0x2fb8  WinRM - ok
10:31:37.0664 0x2fb8  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
10:31:37.0680 0x2fb8  WINUSB - ok
10:31:37.0680 0x2fb8  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
10:31:37.0701 0x2fb8  WinVerbs - ok
10:31:37.0718 0x2fb8  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
10:31:37.0733 0x2fb8  wisvc - ok
10:31:37.0780 0x2fb8  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
10:31:37.0877 0x2fb8  WlanSvc - ok
10:31:37.0918 0x2fb8  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
10:31:38.0002 0x2fb8  wlidsvc - ok
10:31:38.0002 0x2fb8  [ 89F278FBC9FCDD63BDC0E7A27E6C8DA9, F0AE847C58BF380E9CB235D7EB56C1E2DA714F756E5E2EE5D718A147B14D73DE ] WLNdis50        C:\WINDOWS\system32\DRIVERS\wlndis50.sys
10:31:38.0018 0x2fb8  WLNdis50 - ok
10:31:38.0018 0x2fb8  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
10:31:38.0034 0x2fb8  WmiAcpi - ok
10:31:38.0049 0x2fb8  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
10:31:38.0065 0x2fb8  wmiApSrv - ok
10:31:38.0065 0x2fb8  WMPNetworkSvc - ok
10:31:38.0081 0x2fb8  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
10:31:38.0102 0x2fb8  Wof - ok
10:31:38.0134 0x2fb8  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
10:31:38.0203 0x2fb8  workfolderssvc - ok
10:31:38.0218 0x2fb8  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
10:31:38.0234 0x2fb8  WPDBusEnum - ok
10:31:38.0250 0x2fb8  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
10:31:38.0250 0x2fb8  WpdUpFltr - ok
10:31:38.0265 0x2fb8  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
10:31:38.0297 0x2fb8  WpnService - ok
10:31:38.0302 0x2fb8  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
10:31:38.0302 0x2fb8  WpnUserService - ok
10:31:38.0318 0x2fb8  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
10:31:38.0334 0x2fb8  ws2ifsl - ok
10:31:38.0334 0x2fb8  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
10:31:38.0349 0x2fb8  wscsvc - ok
10:31:38.0365 0x2fb8  [ 696EC2EAA2A42A137CCBB9A84D6917C0, 424089F4F373962AF8357C5D4D43F35948989BE3F58EAD3690F565F4C1BBC66F ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
10:31:38.0365 0x2fb8  WSDPrintDevice - ok
10:31:38.0381 0x2fb8  [ 46E4A69825A7554A5DB784A55F8AD203, 7F347054FCDD5DEF93083D420E56EBE5EEBBAE2BD2FED9B2E75E85149DE52780 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
10:31:38.0381 0x2fb8  WSDScan - ok
10:31:38.0399 0x2fb8  WSearch - ok
10:31:38.0402 0x2fb8  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
10:31:38.0402 0x2fb8  wsvd - ok
10:31:38.0449 0x2fb8  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
10:31:38.0534 0x2fb8  wuauserv - ok
10:31:38.0534 0x2fb8  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
10:31:38.0550 0x2fb8  WudfPf - ok
10:31:38.0565 0x2fb8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
10:31:38.0581 0x2fb8  WUDFRd - ok
10:31:38.0581 0x2fb8  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
10:31:38.0603 0x2fb8  wudfsvc - ok
10:31:38.0619 0x2fb8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
10:31:38.0634 0x2fb8  WUDFWpdFs - ok
10:31:38.0634 0x2fb8  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
10:31:38.0650 0x2fb8  WUDFWpdMtp - ok
10:31:38.0681 0x2fb8  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
10:31:38.0734 0x2fb8  WwanSvc - ok
10:31:38.0750 0x2fb8  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
10:31:38.0800 0x2fb8  XblAuthManager - ok
10:31:38.0819 0x2fb8  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
10:31:38.0866 0x2fb8  XblGameSave - ok
10:31:38.0882 0x2fb8  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
10:31:38.0902 0x2fb8  xboxgip - ok
10:31:38.0919 0x2fb8  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
10:31:38.0966 0x2fb8  XboxNetApiSvc - ok
10:31:38.0966 0x2fb8  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
10:31:38.0982 0x2fb8  xinputhid - ok
10:31:39.0000 0x2fb8  [ 21E13F2CB269DEFEAE5E1D09887D47BB, 543991CA8D1C65113DFF039B85AE3F9A87F503DAEC30F46929FD454BC57E5A91 ] ZAM             C:\WINDOWS\System32\drivers\zam64.sys
10:31:39.0003 0x2fb8  ZAM - ok
10:31:39.0003 0x2fb8  [ 21E13F2CB269DEFEAE5E1D09887D47BB, 543991CA8D1C65113DFF039B85AE3F9A87F503DAEC30F46929FD454BC57E5A91 ] ZAM_Guard       C:\WINDOWS\System32\drivers\zamguard64.sys
10:31:39.0019 0x2fb8  ZAM_Guard - ok
10:31:39.0051 0x2fb8  ================ Scan global ===============================
10:31:39.0051 0x2fb8  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
10:31:39.0066 0x2fb8  [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
10:31:39.0066 0x2fb8  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
10:31:39.0082 0x2fb8  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
10:31:39.0082 0x2fb8  [ Global ] - ok
10:31:39.0082 0x2fb8  ================ Scan MBR ==================================
10:31:39.0100 0x2fb8  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk1\DR1
10:31:40.0506 0x2fb8  \Device\Harddisk1\DR1 - ok
10:31:40.0522 0x2fb8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:31:40.0569 0x2fb8  \Device\Harddisk0\DR0 - ok
10:31:40.0569 0x2fb8  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk1\DR1
10:31:41.0989 0x2fb8  \Device\Harddisk1\DR1 - ok
10:31:42.0004 0x2fb8  ================ Scan VBR ==================================
10:31:42.0007 0x2fb8  [ F68E68F0890DC2414FD86BEDA8A0F7D1 ] \Device\Harddisk1\DR1\Partition1
10:31:42.0008 0x2fb8  \Device\Harddisk1\DR1\Partition1 - ok
10:31:42.0010 0x2fb8  [ 26BD3D425C2B773547904565F23579AF ] \Device\Harddisk0\DR0\Partition1
10:31:42.0010 0x2fb8  \Device\Harddisk0\DR0\Partition1 - ok
10:31:42.0010 0x2fb8  [ 17BE8265382E56DE6499C13860C246BC ] \Device\Harddisk0\DR0\Partition2
10:31:42.0010 0x2fb8  \Device\Harddisk0\DR0\Partition2 - ok
10:31:42.0010 0x2fb8  [ 58A1B73E15ECB3CCA4420D90BB1C9CE7 ] \Device\Harddisk0\DR0\Partition3
10:31:42.0010 0x2fb8  \Device\Harddisk0\DR0\Partition3 - ok
10:31:42.0010 0x2fb8  [ EBE53444C41E5298BADB1D83D301163B ] \Device\Harddisk0\DR0\Partition4
10:31:42.0010 0x2fb8  \Device\Harddisk0\DR0\Partition4 - ok
10:31:42.0026 0x2fb8  [ 168C882C8848521892794A26CCB15497 ] \Device\Harddisk0\DR0\Partition5
10:31:42.0026 0x2fb8  \Device\Harddisk0\DR0\Partition5 - ok
10:31:42.0026 0x2fb8  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition6
10:31:42.0026 0x2fb8  \Device\Harddisk0\DR0\Partition6 - ok
10:31:42.0026 0x2fb8  [ 787ADDBF8CF3799F354919F442041831 ] \Device\Harddisk0\DR0\Partition7
10:31:42.0026 0x2fb8  \Device\Harddisk0\DR0\Partition7 - ok
10:31:42.0026 0x2fb8  [ F68E68F0890DC2414FD86BEDA8A0F7D1 ] \Device\Harddisk1\DR1\Partition1
10:31:42.0026 0x2fb8  \Device\Harddisk1\DR1\Partition1 - ok
10:31:42.0026 0x2fb8  ================ Scan generic autorun ======================
10:31:42.0042 0x2fb8  [ 09B7C685A35DFB954BD2C7FE30268C0A, 2657727699AF7B8F8D6F3DD4B86300091817FF314555C2471A8CBC04D95F7A73 ] C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
10:31:42.0042 0x2fb8  DptfPolicyLpmServiceHelper - ok
10:31:42.0042 0x2fb8  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
10:31:42.0057 0x2fb8  ForteConfig - ok
10:31:42.0073 0x2fb8  [ FFBFE1175531CD582D89796835CBB598, 7DC1FEB90AFC08C829001849985C7B20CB782F05CD9C000C6C9D42D3FDB1DDF4 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
10:31:42.0089 0x2fb8  cAudioFilterAgent - ok
10:31:42.0142 0x2fb8  [ 4F8B94EC4D4FFA0712CCADF8145F28D1, 6CED9332100CA71FB17930AAC4ED1798E6F3A83CEBEE0A3412EFA01F6F1A6F22 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
10:31:42.0173 0x2fb8  SmartAudio - ok
10:31:42.0173 0x2fb8  [ E71D67CC5FF2DB3D44B717EC259DB83A, 13A90DF0B7224FC26D179F2DCF588628D380A5CCA32EDF4B0B0FB1D29B672C52 ] C:\ProgramData\YogaSmartSwicth\yogaserver.exe
10:31:42.0188 0x2fb8  yogaserver - ok
10:31:42.0490 0x2fb8  [ DF99547E3CD8C828202546ED9C4D7D25, 83013EEE760004E812CD63662843D1F3972AFBF83B4739935FC746F470FA7188 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
10:31:42.0807 0x2fb8  Energy Management - ok
10:31:42.0828 0x2fb8  [ D41309D7717CC5D62C2E0C5EB6B127B3, 50F46F762320C9B2560AA356B31EB564651F92BDA2DBCE34E3E349A65E347FAC ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
10:31:42.0828 0x2fb8  EnergyUtility - ok
10:31:42.0844 0x2fb8  [ 48515EEA1608ECD83FE26C7490460F59, C7C552D13ED12B4165FDE45F69E170D4F18B746D84B3B08E7254AAF8D9671D0C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
10:31:42.0860 0x2fb8  AdobeAAMUpdater-1.0 - ok
10:31:42.0860 0x2fb8  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
10:31:42.0860 0x2fb8  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
10:31:43.0191 0x2fb8  Detect skipped due to KSN trusted
10:31:43.0191 0x2fb8  IAStorIcon - ok
10:31:43.0191 0x2fb8  SynTPEnh - ok
10:31:43.0191 0x2fb8  [ 3BD79A1F6D2EA0FDDEA3F8914B2A6A0C, 332E6806EFF846A2E6D0DC04A70D3503855DABFA83E6EC27F37E2D9103E80E51 ] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
10:31:43.0211 0x2fb8  VirtualCloneDrive - ok
10:31:43.0212 0x2fb8  [ 0080EB1CDD83F14C01534B1DC754234D, D0FC9B95A12D0C92730F8031B3DB287D1309008CF15EA0C02FC14B56FAE8C320 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
10:31:43.0212 0x2fb8  APSDaemon - ok
10:31:43.0260 0x2fb8  [ 7D5E8D5BDF324718BBC91DF02D830317, AA6A8B0536C14A7D11FDFFA5F980E90059F6C3BE99DE57503EC58DEA022C5398 ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
10:31:43.0313 0x2fb8  Adobe Creative Cloud - ok
10:31:43.0313 0x2fb8  Lenovo App Shop - ok
10:31:43.0313 0x2fb8  EaseUS EPM tray - ok
10:31:43.0329 0x2fb8  [ C2CE42005E3381A95460876020518440, 562EB30DA9A1DB58DB221423177C0680E69A4C38EEE2D5FD936633B2EB8A616E ] C:\Program Files (x86)\QuickTime\QTTask.exe
10:31:43.0344 0x2fb8  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
10:31:43.0675 0x2fb8  Detect skipped due to KSN trusted
10:31:43.0675 0x2fb8  QuickTime Task - ok
10:31:43.0729 0x2fb8  [ DC87E00FD7B2E6CBA4997A9CB2914B59, 05BF560B2303B5E33CBCAFA82C351375CDD7E7B72DD9EAB8886463D3744FCB98 ] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
10:31:43.0776 0x2fb8  PMBVolumeWatcher - ok
10:31:43.0860 0x2fb8  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
10:31:43.0934 0x2fb8  SDTray - ok
10:31:43.0949 0x2fb8  [ A8AD6D36CA5A1D7E280621BB7E8117CA, 5E6A5589D72E8FF7A739D14739D06FBE218C4132943E643BD0317EDC8FD8952E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
10:31:43.0965 0x2fb8  SunJavaUpdateSched - ok
10:31:44.0161 0x2fb8  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:31:44.0315 0x2fb8  OneDriveSetup - ok
10:31:44.0478 0x2fb8  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:31:44.0647 0x2fb8  OneDriveSetup - ok
10:31:44.0763 0x2fb8  [ 6CE0A962E0AF81BD2EE8FE6B37A1FEE1, 987545ED7F4B10212393CD62DE4C36E307E92C08ADA741571029DC8091CBB30C ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
10:31:44.0879 0x2fb8  Spybot-S&D Cleaning - ok
10:31:45.0063 0x2fb8  [ 4BEC28F2CB50F1AEF969351CB0520B56, C8A1DD8254622E4C80EC1096CE7D2D1D9253E2623BFDDF5B23E58031BDB29D30 ] C:\Program Files (x86)\GlassWire\glasswire.exe
10:31:45.0280 0x2fb8  GlassWire - ok
10:31:45.0348 0x2fb8  [ F4F684066175B77E0C3A000549D2922C, 935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2 ] C:\WINDOWS\system32\cmd.exe
10:31:45.0364 0x2fb8  Uninstall C:\Users\mzenk_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 - ok
10:31:45.0517 0x2fb8  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:31:45.0680 0x2fb8  OneDriveSetup - ok
10:31:45.0696 0x2fb8  Skype - ok
10:31:45.0718 0x2fb8  [ 2781E6EF593909A8B73FE1AD397F778A, E892D6C57F8903E20129E75A9B877690229280FD8106B5C7F96173175EA1AC4E ] C:\Program Files (x86)\Windows Mail\wab.exe
10:31:45.0734 0x2fb8  WAB Migrate - ok
10:31:45.0896 0x2fb8  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
10:31:46.0073 0x2fb8  OneDriveSetup - ok
10:31:46.0095 0x2fb8  [ 2781E6EF593909A8B73FE1AD397F778A, E892D6C57F8903E20129E75A9B877690229280FD8106B5C7F96173175EA1AC4E ] C:\Program Files (x86)\Windows Mail\wab.exe
10:31:46.0119 0x2fb8  WAB Migrate - ok
10:31:46.0120 0x2fb8  Waiting for KSN requests completion. In queue: 23
10:31:47.0141 0x2fb8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
10:31:47.0141 0x2fb8  Win FW state via NFP2: enabled ( trusted )
10:31:47.0234 0x2fb8  ============================================================
10:31:47.0235 0x2fb8  Scan finished
10:31:47.0235 0x2fb8  ============================================================
10:31:47.0240 0x2fb0  Detected object count: 1
10:31:47.0240 0x2fb0  Actual detected object count: 1
10:31:52.0589 0x2fb0  OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
10:31:52.0589 0x2fb0  OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Edit 1:
2x durchlaufen lassen.

rkill Auszug:

Code:
ATTFilter
Rkill 2.8.4 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 hxxp://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/25/2017 11:11:44 AM in x64 mode.
Windows Version: Windows 10 Pro 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SwUSB.exe (PID: 8540) [WD-HEUR]
 * C:\Windows\STK03N\STK03NM.exe (PID: 2816) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * agp440 [Missing ImagePath]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * Cannot edit the HOSTS file.
 * Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: hxxp://www.bleepingcomputer.com/download/hosts-permbat/

 * HOSTS file entries found: 

  0.0.0.0	0.0.0.0
  0.0.0.0	tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0	media.opencandy.com
  0.0.0.0	cdn.opencandy.com
  0.0.0.0	tracking.opencandy.com
  0.0.0.0	api.opencandy.com
  0.0.0.0	api.recommendedsw.com
  0.0.0.0	installer.betterinstaller.com
  0.0.0.0	installer.filebulldog.com
  0.0.0.0	d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0	inno.bisrv.com
  0.0.0.0	nsis.bisrv.com
  0.0.0.0	cdn.file2desktop.com
  0.0.0.0	cdn.goateastcach.us
  0.0.0.0	cdn.guttastatdk.us
  0.0.0.0	cdn.inskinmedia.com
  0.0.0.0	cdn.insta.oibundles2.com
  0.0.0.0	cdn.insta.playbryte.com
  0.0.0.0	cdn.llogetfastcach.us
  0.0.0.0	cdn.montiera.com

  20 out of 15654 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 02/25/2017 11:12:26 AM
Execution time: 0 hours(s), 0 minute(s), and 42 seconds(s)
         

Alt 25.02.2017, 14:28   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Und das soll echt jetzt der einzige Fund gewesen sein? Ich dachte dein System sei "so stark kompromittiert"?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.02.2017, 10:15   #13
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
Martin Zenker :: MZ_YOGA_1 [administrator]

23.02.2017 23:16:42
mbar-log-2017-02-23 (23-16-42).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 820543
Time elapsed: 22 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [34090d30502ccc6aebe217dd29dafa06]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [57e61726225a0d29ad39bf35f112b54b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [cb720b327804ab8b25e19b5cb74c669a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [79c482bb700c3006fbd28a6afa091ce4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [98a5b08d2755023408de22d22bd89070]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [122b6ad35c20072f709651a6de25c937]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.02.24.04
  rootkit: v2017.02.15.01

Windows 10 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.576.14393.0
Martin Zenker :: MZ_YOGA_1 [administrator]

24.02.2017 10:37:34
mbar-log-2017-02-24 (10-37-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 775171
Time elapsed: 23 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{A19842D9-66F2-4325-874C-FAE83313D956}|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://nonestops.net/wpad.dat?89e382b56eda289e10ebbc854016a45018971410 -> Delete on reboot. [556f55517038fc3ae293d06d4eb21fe1]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 27.02.2017, 10:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.02.2017, 11:38   #15
nekropolit
 
Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Standard

Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit



AdwCleaner:

Code:
ATTFilter
# AdwCleaner v6.030 - Bericht erstellt am 22/11/2016 um 09:30:22
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-11-21.2 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Martin Zenker - MZ_YOGA_1
# Gestartet von : C:\Users\mzenk_000\AppData\Local\Temp\scoped_dir3776_8101\adwcleaner_6.030.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Keine schädlichen Dienste gefunden.


***** [ Ordner ] *****

Ordner Gefunden: C:\Users\mzenk_000\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
Ordner Gefunden: C:\Users\mzenk_000\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
Ordner Gefunden: C:\ProgramData\FFinder LTD
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uc
Ordner Gefunden: C:\Program Files (x86)\uc


***** [ Dateien ] *****

Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_picture-resizer.softonic.de_0.localstorage
Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_picture-resizer.softonic.de_0.localstorage-journal
Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_picture-resizer.softonic.de_0.localstorage
Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_picture-resizer.softonic.de_0.localstorage-journal
Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gefunden: C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Aufgabe Gefunden: DigitalSite


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper.1.0
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Microsoft.PlatformBuilder.Automation.RegEditValueType
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Microsoft.IIsScriptHelper.1.0
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Microsoft.PlatformBuilder.Automation.RegEditValueType
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Schlüssel Gefunden: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\Software\Softonic
Schlüssel Gefunden: HKCU\Software\Softonic
Schlüssel Gefunden: HKLM\SOFTWARE\OverLook
Schlüssel Gefunden: HKLM\SOFTWARE\FFinder LTD
Schlüssel Gefunden: [x64] HKCU\Software\Softonic
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRggadA8OWAhHFBhBJA0OTA1GRQYOIQwOVRQVQgVFJl8JUQoXEwMFIk0FA1ADB0VXfVBdFElXTwhwJVhK
Schlüssel Gefunden: HKU\S-1-5-21-2553620308-2587970361-2745048916-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A53DF0EE-AB77-42C7-AFEA-2CCD5BFF2EDE}
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A53DF0EE-AB77-42C7-AFEA-2CCD5BFF2EDE}
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A53DF0EE-AB77-42C7-AFEA-2CCD5BFF2EDE}
Wert Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DoNotAskAgain]
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Daten Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - 
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Chrome pref Gefunden: [C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Web data] - picture-resizer.softonic.de
Chrome pref Gefunden: [C:\Users\mzenk_000\AppData\Local\Google\Chrome\User Data\Default\Web data] - picture-resizer.softonic.de

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5126 Bytes] - [22/11/2016 09:30:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5199 Bytes] ##########
         
JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by Martin Zenker (Administrator) on 27.02.2017 at 11:35:04,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2 

Successfully deleted: C:\WINDOWS\system32\Tasks\DriverMaxAgent (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File) 



Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A3FF90B-A977-47EC-9633-3E2C2D312AFD} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.02.2017 at 11:37:15,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Antwort

Themen zu Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit
adobe, avast, bonjour, cpu, defender, desktop, fehler, flash player, google, home, installation, kaspersky, malware, mozilla, prozesse, rambler, realtek, registry, rootkit, security, software, svchost.exe, symantec, system, temp, windows



Ähnliche Themen: Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit


  1. nova.rambler.ru nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 16.02.2017 (24)
  2. Win 7: Chrome leitet auf nova rambler . ru um
    Log-Analyse und Auswertung - 31.01.2017 (28)
  3. h**p://nova.rambler.ru/ bitte um hilfe reste zu finden
    Plagegeister aller Art und deren Bekämpfung - 26.01.2017 (7)
  4. Windows 7: nova.rambler.ru in Firefox
    Plagegeister aller Art und deren Bekämpfung - 22.12.2016 (8)
  5. Windows XP Firefox öffnet http://nova.rambler.ru/search und andere neue Tabs
    Log-Analyse und Auswertung - 21.12.2016 (3)
  6. Trojaner-Problem, automatische Weiterleitung in Firefox (http://nova.rambler.ru)
    Plagegeister aller Art und deren Bekämpfung - 20.12.2016 (9)
  7. Mozilla Firefox - Google Search weiterleitung auf nova.rambler.ru/search....
    Plagegeister aller Art und deren Bekämpfung - 19.12.2016 (19)
  8. h**p://nova.rambler.ru/ entfernen
    Plagegeister aller Art und deren Bekämpfung - 11.07.2016 (12)
  9. Windows 8.1(Bootcamp;MacBookPro)- Verdacht auf Rootkit bzw. Malware
    Log-Analyse und Auswertung - 21.05.2015 (5)
  10. Windows 7 Verdacht auf Rootkit
    Log-Analyse und Auswertung - 22.09.2014 (3)
  11. Sporadische Adf.ly-Popups, Verdacht auf Rootkit
    Log-Analyse und Auswertung - 16.06.2013 (28)
  12. Verdacht auf ZeroAccess Rootkit
    Log-Analyse und Auswertung - 23.04.2013 (7)
  13. Hartnäckigen Virus! (5) (Verdacht auf Rootkit?)
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (20)
  14. Verdacht auf Virus Trojaner Rootkit
    Log-Analyse und Auswertung - 08.06.2012 (1)
  15. Verdacht auf Rootkit-Verseuchung Windows 7 64bit
    Log-Analyse und Auswertung - 22.08.2011 (4)
  16. GMER Auswertung verdacht auf Rootkit
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (14)
  17. Verdacht auf RootKit
    Plagegeister aller Art und deren Bekämpfung - 29.11.2007 (57)

Zum Thema Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit - Hallo, ich bin mit meinem Latein etwas am Ende. Mein System zeigt folgende Probleme: Symptome: - opera & chrome srpingen auf werbeseiten, google leitet auf rambler um. - NPE scans - Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit...
Archiv
Du betrachtest: Win - 10 Nova / Rambler.ru malware und NPE 0x8 Fehler - Verdacht auf rootkit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.