Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antivir meldet Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und Defender lässt sich nicht aktivieren. (https://www.trojaner-board.de/184390-antivir-meldet-verbindungsfehler-uberpruefen-internetverbindung-defender-laesst-aktivieren.html)

OhSchreck! 14.02.2017 16:12
Antivir meldet Verbindungsfehler - Überprüfen Sie Ihre Internetverbindung und Defender lässt sich nicht aktivieren.
 
Habe Probleme mit meinem Virenschutz,
Antivir lässt sich nicht downloaden und der Defender ist durch eine Gruppenrichtlinie deaktiviert.

Der Antivir Safetystick hat 18 Trojaner gefunden.

Ich komme aber nun nicht mehr weiter und möchte das System wieder Virenfrei haben.

Danke im Voraus für die Hilfe
OhSchreck!

cosinus 14.02.2017 16:34
Zitat:
Der Antivir Safetystick hat 18 Trojaner gefunden.
Log dazu posten.


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

OhSchreck! 14.02.2017 18:19
Hallo Cosinus,

ich finde den report nicht. Deshalb hab ich emsisoft drüberlaufen lassen.
Hier das Ergebnis:
Emsisoft Anti-Malware – Version 2017.1.1.7166
Letztes Update: 14.02.2017 17:54:05
Benutzerkonto: ThomasKeune-PC\Thomas Keune
Computer name: THOMASKEUNE-PC
OS version: Windows 10x64

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien

Erkenne PUPs: An
Archive scannen: Aus
ADS-Scan: An
Dateierweiterungen: Aus
Direct Disk Access: Aus

Scan Beginn: 14.02.2017 18:01:20
C:\Users\Thomas Keune\AppData\Roaming\getrighttogo Application.AppInstall (A) [224838]
C:\ProgramData\simplitec Application.AppInstall (A) [226553]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SIMPLITEC Application.InstallAd (A) [277752]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\CBNOCFNJKMLLJBFGPKBHEFNLPBIEMHIF Application.WebExt (A) [278243]
C:\Users\Thomas Keune\AppData\Local\Temp\DMR\dmr_72.exe Application.AdLoad (A) [281686]
C:\Users\Thomas Keune\Downloads\Avira RegistryCleaner - CHIP-Installer.exe Application.AdLoad (A) [281686]
C:\Users\Thomas Keune\Downloads\Clickster - CHIP-Installer.exe Application.AdLoad (A) [281686]
C:\Users\Thomas Keune\Downloads\Windows Product Key Viewer - CHIP-Installer.exe Application.AdLoad (A) [281686]

Gescannt 97801
Gefunden 8

Scan-Ende: 14.02.2017 18:16:03
Scan-Zeit: 0:14:43

Wie hiesst die Log Datei von Antivir, dann kann ich suchen?

Viele Grüße OhSchreck!

cosinus 14.02.2017 19:22
Zitat:
C:\Users\Thomas Keune\Downloads\Avira RegistryCleaner - CHIP-Installer.exe Application.AdLoad (A) [281686]
C:\Users\Thomas Keune\Downloads\Clickster - CHIP-Installer.exe Application.AdLoad (A) [281686]
C:\Users\Thomas Keune\Downloads\Windows Product Key Viewer - CHIP-Installer.exe Application.AdLoad (A) [281686]

Mit diesem Scheiß holst du dir selbst den Müll ins System. Oder ist dir das noch nicht aufgefallen?

Log vom Virenscanner findet man im Menü des jew. Tools. http://www.trojaner-board.de/125889-...tml#post941520

OhSchreck! 14.02.2017 19:37
Vielen Dank

Habe doch das Tool auf dem Stick und den hab ich durchsucht. Der Report sollte eigentlich auf dem desktop gespeichert werden, aber da ist er nicht!

cosinus 14.02.2017 20:04
dann ist keine Aussage zu den Funden vom AV möglich!


Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

OhSchreck! 14.02.2017 21:11
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-02-2017
durchgeführt von Thomas Keune (Administrator) auf THOMASKEUNE-PC (14-02-2017 20:59:18)
Gestartet von C:\Users\Thomas Keune\Desktop
Geladene Profile: Thomas Keune &  (Verfügbare Profile: Thomas Keune)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Chip Digital GmbH) C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Link64 GmbH) C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
() C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_121\bin\javaw.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2start.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Link64 GmbH) C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [8154184 2017-02-06] (Emsisoft Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [%RunKey%] => C:\Program Files (x86)\FRITZ!vox\FRITZ!vox.exe [1515520 2007-07-26] (AVM Berlin)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2014-03-18] (shbox.de)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61896 2016-12-29] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe [3176264 2017-01-31] (Link64 GmbH)
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe [4535192 2016-07-01] ()
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9292504 2016-12-21] (Piriform Ltd)
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\RunOnce: [Uninstall C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-12-13] (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  -> Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Das Telefonbuch Browserlösung.lnk [2016-01-13]
ShortcutTarget: Das Telefonbuch Browserlösung.lnk -> C:\Program Files (x86)\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FriFax32 - Verknüpfung.lnk [2012-04-15]
ShortcutTarget: FriFax32 - Verknüpfung.lnk -> C:\Program Files (x86)\FRITZ!\FriFax32.exe (AVM Berlin)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\JFritz.lnk [2017-01-04]
ShortcutTarget: JFritz.lnk -> C:\Program Files (x86)\JFritz2\jfritz.exe ()
Startup: C:\Users\Thomas Keune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jfritz.jar - Verknüpfung.lnk [2017-01-17]
ShortcutTarget: jfritz.jar - Verknüpfung.lnk -> C:\Program Files (x86)\JFritz2\jfritz.jar ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

ProxyEnable: [S-1-5-21-4016997756-889063991-563976297-1000] => Proxy ist aktiviert.
ProxyServer: [S-1-5-21-4016997756-889063991-563976297-1000] => http=127.0.0.1:8082;https=127.0.0.1:8082
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => Keine Datei
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => Keine Datei
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5d1d9579-e842-492c-88e3-58021255ae65}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d7841ead-ff00-46b7-9c07-9808ea9293f2}: [DhcpNameServer] 192.168.178.1
ManualProxies: 1http=127.0.0.1:8082;https=127.0.0.1:8082

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-4016997756-889063991-563976297-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-4016997756-889063991-563976297-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: NXIECatcher Class -> {83B80A9C-D91A-4F22-8DCF-EA7204039F79} -> C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll [2010-11-07] (Xi)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-14] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Recorder Toolbar - {120A8821-2BEE-4C29-BCDA-62C577781992} - C:\Program Files (x86)\MedienTeam66\MP3 Recorder for YouTube\IEPlugin.dll [2011-12-29] (MedienTeam66)
Toolbar: HKLM-x32 - NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll [2010-11-07] (Xi)
Toolbar: HKU\S-1-5-21-4016997756-889063991-563976297-1000 -> Kein Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Keine Datei
DPF: HKLM-x32 {39ED5386-A900-4D6C-B564-20BFDE5402CF} hxxp://www.medion.com/de/service/download/MEDION_Treibersuche.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 [2017-02-14]
FF Homepage: Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 -> google.de/
FF NetworkProxy: Mozilla\Firefox\Profiles\1t3lmzvm.default-1486818187624 -> type", 4
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [KavAntiBanner@Kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-03-09] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: (Freemake Video Downloader Plugin) - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2014-03-13] [ist nicht signiert]
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [mail@shopping-preise.de] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\mic35z32.default\extensions\mail@shopping-preise.de => nicht gefunden
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [ist nicht signiert]
FF HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Thomas Keune\AppData\Roaming\Mozilla\Firefox\Profiles\zxjx6lop.default-1409585167823\extensions\cliqz@cliqz.com => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-28] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [Keine Datei]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-28] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll [Keine Datei]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-01-20] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9483200 2017-02-06] (Emsisoft Ltd)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-09-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-09-26] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [372272 2016-12-29] (Avira Operations GmbH & Co. KG)
R2 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [514128 2012-03-19] (REINER SCT)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2011-11-17] (Microsoft) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-11-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-01-20] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-11-17] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1716264 2014-04-17] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-04-17] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Realtek11nSU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [Datei ist nicht signiert]
R2 TVGOnlineUpdateSvc; C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe [401256 2015-02-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 DigitalWave.Update.Service; "C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U4 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-26] (Avira Operations GmbH & Co. KG)
U4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43064 2014-09-26] (Avira Operations GmbH & Co. KG)
R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [39248 2012-06-09] (Paragon Software Group)
R1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [46280 2013-02-22] (AnchorFree Inc.)
S3 IAMTVE; C:\Windows\system32\drivers\IAMTVE.sys [43416 2010-12-17] (Intel Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmoi.inf_amd64_bab0214c8bd45ad2\nvlddmkm.sys [14427064 2017-01-21] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2016-11-17] (NVIDIA Corporation)
R3 taphss6; C:\Windows\System32\drivers\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
R1 UimBus; C:\Windows\System32\drivers\uimx64.sys [90960 2012-06-09] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633296 2012-06-09] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [389968 2012-06-09] (Paragon)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 aspnet_state; kein ImagePath
S3 cpuz139; \??\C:\Users\THOMAS~1\AppData\Local\Temp\cpuz139\cpuz139_x64.sys [X] <==== ACHTUNG
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-14 20:59 - 2017-02-14 21:00 - 00029509 _____ C:\Users\Thomas Keune\Desktop\FRST.txt
2017-02-14 20:58 - 2017-02-14 20:59 - 00000000 ____D C:\FRST
2017-02-14 20:14 - 2017-02-14 20:57 - 02422272 _____ (Farbar) C:\Users\Thomas Keune\Desktop\FRST64.exe
2017-02-14 17:49 - 2017-02-14 18:16 - 00000000 ____D C:\ProgramData\Emsisoft
2017-02-14 17:49 - 2017-02-14 17:49 - 00000901 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-02-14 17:48 - 2017-02-14 20:55 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-02-14 17:45 - 2017-02-14 17:48 - 242868632 _____ (Emsisoft Ltd. ) C:\Users\Thomas Keune\Downloads\EmsisoftAntiMalwareSetup(1).exe
2017-02-14 17:32 - 2017-02-14 17:32 - 00108673 _____ C:\Users\Thomas Keune\Desktop\EmsiClean_2017.02.14_17.32.26.txt
2017-02-14 17:31 - 2017-02-14 17:31 - 00641240 _____ (Emsisoft Ltd) C:\Users\Thomas Keune\Desktop\emsiclean.exe
2017-02-14 17:03 - 2017-02-14 17:03 - 00003078 _____ C:\Windows\System32\Tasks\AviraFirewallManagerUpdater
2017-02-14 17:03 - 2017-02-14 17:03 - 00002090 _____ C:\Users\Public\Desktop\Avira Firewall Manager.lnk
2017-02-14 16:51 - 2017-02-14 16:51 - 00012968 ____N C:\bootsqm.dat
2017-02-14 16:51 - 2017-02-14 16:51 - 00000000 __SHD C:\found.001
2017-02-14 15:59 - 2017-02-14 15:59 - 00001245 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-02-14 15:38 - 2017-02-14 16:00 - 242868632 _____ (Emsisoft Ltd. ) C:\Users\Thomas Keune\Downloads\EmsisoftAntiMalwareSetup.exe
2017-02-14 10:31 - 2017-02-14 10:31 - 04713984 _____ (Geza Kovacs) C:\Users\Thomas Keune\Downloads\unetbootin-windows-625.exe
2017-02-14 10:07 - 2017-02-14 10:15 - 702468096 _____ C:\Users\Thomas Keune\Downloads\rescue916-system.iso
2017-02-14 10:07 - 2017-02-14 10:07 - 00000000 ____D C:\ProgramData\Lavasoft
2017-02-14 09:35 - 2017-02-14 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-02-14 09:31 - 2017-02-14 09:31 - 00000000 __RHD C:\MSOCache
2017-02-14 09:09 - 2014-09-26 10:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-02-14 09:09 - 2014-09-26 10:02 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-02-14 09:09 - 2014-09-26 10:02 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-02-14 09:09 - 2014-09-26 10:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-02-14 08:55 - 2017-02-14 08:55 - 00003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-14 08:55 - 00003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-14 08:55 - 00003830 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-14 08:55 - 00003804 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-14 08:55 - 00003642 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:55 - 2017-02-14 08:55 - 00003600 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-14 08:54 - 2017-02-14 08:54 - 00002170 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2017-02-14 08:54 - 2017-01-20 15:07 - 00134080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-02-14 08:53 - 2017-02-14 08:53 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-14 08:53 - 2017-01-20 17:38 - 00514616 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-02-14 08:53 - 2017-01-20 17:38 - 00420408 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00548800 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-02-14 08:53 - 2016-12-16 01:33 - 00273696 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-02-14 08:53 - 2016-12-16 01:33 - 00266528 _____ C:\Windows\system32\vulkan-1.dll
2017-02-14 08:53 - 2016-12-16 01:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-02-14 08:53 - 2016-12-16 01:32 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-02-14 08:53 - 2016-11-16 17:42 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-14 08:50 - 2017-01-24 01:00 - 00047664 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 40192056 _____ C:\Windows\system32\nvcompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 34974656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 28239928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 19008576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 14677272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 11123936 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 11019192 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 09308896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 08990584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 04079032 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 03597640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 03167288 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 02715072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01985080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437849.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437849.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 01051584 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00988608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00960568 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00909760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00687224 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-02-14 08:50 - 2017-01-20 17:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-02-14 08:50 - 2017-01-20 17:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-02-14 08:50 - 2016-11-17 14:44 - 00101824 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-02-14 08:50 - 2016-11-17 14:44 - 00091584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-02-14 08:47 - 2017-02-14 08:47 - 00000000 ____D C:\NVIDIA
2017-02-14 08:46 - 2017-02-14 09:01 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_isec0_58a2b5e13e36d__wsd.exe
2017-02-14 08:34 - 2017-02-14 08:34 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-02-14 08:33 - 2017-02-14 08:46 - 398382600 _____ (NVIDIA Corporation) C:\Users\Thomas Keune\Downloads\378.49-desktop-win10-64bit-international-whql.exe
2017-02-14 08:27 - 2017-02-14 08:28 - 00739392 _____ (Oracle Corporation) C:\Users\Thomas Keune\Downloads\JavaSetup8u121.exe
2017-02-14 08:24 - 2017-02-14 08:23 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2017-02-14 08:21 - 2017-02-14 08:21 - 01181390 _____ C:\Users\Thomas Keune\Documents\cc_20170214_082136.reg
2017-02-13 22:43 - 2017-02-14 08:54 - 00000000 ____D C:\Windows\LastGood
2017-02-13 21:53 - 2017-02-13 21:53 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Thomas Keune\Downloads\flashplayer24au_ha_install(1).exe
2017-02-13 21:52 - 2017-02-13 22:11 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-02-13 21:19 - 2017-02-13 21:27 - 00000000 ____D C:\Users\Thomas Keune\Downloads\CHIP_Update_Pack_Windows_10_64_Bit_Jan
2017-02-13 20:21 - 2017-02-13 21:19 - 160718565 _____ C:\Users\Thomas Keune\Downloads\CHIP_Update_Pack_Windows_10_64_Bit_Jan.zip
2017-02-13 16:14 - 2017-02-13 16:14 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-13 15:15 - 2017-02-13 15:15 - 00928176 _____ (Magical Jelly Bean ) C:\Users\Thomas Keune\Downloads\keyfinderinstaller.exe
2017-02-13 13:33 - 2017-02-13 13:33 - 00000000 ___HD C:\$SysReset
2017-02-10 08:41 - 2017-02-14 08:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-03 18:55 - 2017-02-03 19:24 - 63184896 _____ C:\Users\Thomas Keune\Downloads\calibre-2.78.0.msi
2017-02-03 14:58 - 2017-02-03 14:58 - 00035784 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2017-02-03 09:06 - 2017-02-03 09:06 - 00000000 ____D C:\Users\Thomas Keune\Downloads\MediathekView-13.0.1
2017-02-03 09:05 - 2017-02-03 09:05 - 27674457 _____ C:\Users\Thomas Keune\Downloads\MediathekView-13.0.1.zip
2017-01-31 21:15 - 2017-01-31 21:15 - 00082348 _____ C:\Users\Thomas Keune\Downloads\CheapTickets.de - E-ticket CDE-3125487.zip
2017-01-31 21:15 - 2017-01-31 21:15 - 00042295 _____ C:\Users\Thomas Keune\Downloads\CheapTickets.de - Bestätigung Ihrer Reservierung CDE-3125487.zip
2017-01-31 21:11 - 2017-01-31 21:11 - 00050990 _____ C:\Users\Thomas Keune\Downloads\JP793, FRA-TIA, 17NOV16, 08_55, GTB59, S13A, Mobile Boarding Pass.zip
2017-01-28 11:16 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2017-01-28 11:16 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2017-01-26 11:31 - 2017-01-26 11:31 - 01995824 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437667.dll
2017-01-26 11:31 - 2017-01-26 11:31 - 01600048 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437667.dll
2017-01-20 06:14 - 2017-01-20 06:16 - 63160320 _____ C:\Users\Thomas Keune\Downloads\calibre-2.77.0.msi
2017-01-17 18:26 - 2017-01-17 18:26 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSYS2 64bit
2017-01-17 18:24 - 2017-01-17 18:24 - 00000000 ____D C:\Users\Thomas Keune\Downloads\uocte-1.1.0-win32
2017-01-17 18:23 - 2017-01-17 18:27 - 00000000 ____D C:\msys64
2017-01-17 18:21 - 2017-01-17 18:23 - 71003102 _____ C:\Users\Thomas Keune\Downloads\msys2-x86_64-20161025.exe
2017-01-17 18:18 - 2017-01-17 18:18 - 00000000 ____D C:\Users\Thomas Keune\Downloads\uocte-uocte-8ed70b7ecd5c
2017-01-17 17:31 - 2017-01-17 17:33 - 00000000 ____D C:\Users\Thomas Keune\Desktop\1082_Kosak++Alma_20170103140130
2017-01-17 17:25 - 2017-01-17 17:29 - 358668960 _____ C:\Users\Thomas Keune\Desktop\1082_Kosak++Alma_20170103140130.zip
2017-01-17 17:14 - 2017-01-17 17:14 - 00000000 ____D C:\Users\Thomas Keune\Downloads\uocte-1.1.2-win64
2017-01-17 17:11 - 2017-01-17 17:11 - 24906692 _____ C:\Users\Thomas Keune\Downloads\uocte-1.1.2-win64.zip
2017-01-17 17:11 - 2017-01-17 17:11 - 00334647 _____ C:\Users\Thomas Keune\Downloads\uocte-uocte-8ed70b7ecd5c.zip
2017-01-17 16:54 - 2017-01-17 16:54 - 24865278 _____ C:\Users\Thomas Keune\Downloads\uocte-1.1.0-win32.zip
2017-01-17 16:15 - 2016-12-14 05:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-17 16:15 - 2016-12-14 05:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-17 16:14 - 2016-12-21 09:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-17 16:14 - 2016-12-21 09:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-17 16:14 - 2016-12-21 09:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-17 16:14 - 2016-12-21 08:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-17 16:14 - 2016-12-21 08:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-17 16:14 - 2016-12-21 08:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-17 16:14 - 2016-12-21 08:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-17 16:14 - 2016-12-21 08:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-17 16:14 - 2016-12-21 08:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-17 16:14 - 2016-12-21 08:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-17 16:14 - 2016-12-21 08:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-17 16:14 - 2016-12-21 08:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-17 16:14 - 2016-12-21 08:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-17 16:14 - 2016-12-21 08:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-17 16:14 - 2016-12-21 08:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-17 16:14 - 2016-12-21 08:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-17 16:14 - 2016-12-21 08:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-17 16:14 - 2016-12-21 08:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-17 16:14 - 2016-12-21 08:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-17 16:14 - 2016-12-21 08:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-17 16:14 - 2016-12-21 08:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-17 16:14 - 2016-12-21 08:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-17 16:14 - 2016-12-21 08:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-17 16:14 - 2016-12-21 08:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-17 16:14 - 2016-12-21 08:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-17 16:14 - 2016-12-21 08:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-17 16:14 - 2016-12-21 08:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-17 16:14 - 2016-12-21 08:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-17 16:14 - 2016-12-21 08:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-17 16:14 - 2016-12-21 08:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-17 16:14 - 2016-12-21 08:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-17 16:14 - 2016-12-21 08:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-17 16:14 - 2016-12-21 08:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-17 16:14 - 2016-12-21 07:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-17 16:14 - 2016-12-21 07:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-17 16:14 - 2016-12-21 07:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-17 16:14 - 2016-12-21 07:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-17 16:14 - 2016-12-21 07:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-17 16:14 - 2016-12-21 07:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-17 16:14 - 2016-12-21 07:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-17 16:14 - 2016-12-21 07:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-17 16:14 - 2016-12-21 07:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-17 16:14 - 2016-12-21 07:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-17 16:14 - 2016-12-21 07:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-17 16:14 - 2016-12-21 07:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-17 16:14 - 2016-12-21 07:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-17 16:14 - 2016-12-21 07:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-17 16:14 - 2016-12-21 07:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-17 16:14 - 2016-12-21 07:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-17 16:14 - 2016-12-21 07:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-17 16:14 - 2016-12-21 07:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-17 16:14 - 2016-12-21 06:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-17 16:14 - 2016-12-21 06:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-17 16:14 - 2016-12-21 06:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-17 16:14 - 2016-12-21 06:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-17 16:14 - 2016-12-21 06:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-17 16:14 - 2016-12-21 06:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-17 16:14 - 2016-12-21 06:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-17 16:14 - 2016-12-21 06:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-17 16:14 - 2016-12-21 06:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-17 16:14 - 2016-12-21 05:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-17 16:14 - 2016-12-21 05:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-17 16:14 - 2016-12-21 05:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-17 16:14 - 2016-12-21 05:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-17 16:14 - 2016-12-21 05:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-17 16:14 - 2016-12-21 05:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-17 16:14 - 2016-12-21 05:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-17 16:14 - 2016-12-21 05:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-17 16:14 - 2016-12-21 05:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-17 16:14 - 2016-12-21 05:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-17 16:14 - 2016-12-21 05:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-17 16:14 - 2016-12-21 05:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-17 16:14 - 2016-12-21 05:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-17 16:14 - 2016-12-21 05:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-17 16:14 - 2016-12-21 05:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-17 16:14 - 2016-12-21 05:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-17 16:14 - 2016-12-21 05:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-17 16:14 - 2016-12-21 05:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-17 16:14 - 2016-12-21 05:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-17 16:14 - 2016-12-21 05:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-17 16:14 - 2016-12-21 05:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-17 16:14 - 2016-12-21 05:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-17 16:14 - 2016-12-21 05:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-17 16:14 - 2016-12-21 05:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-17 16:14 - 2016-12-14 06:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-17 16:14 - 2016-12-14 06:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-17 16:14 - 2016-12-14 06:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-17 16:14 - 2016-12-14 06:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-17 16:14 - 2016-12-14 06:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-17 16:14 - 2016-12-14 06:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-17 16:14 - 2016-12-14 06:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-17 16:14 - 2016-12-14 06:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-17 16:14 - 2016-12-14 06:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-17 16:14 - 2016-12-14 06:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-17 16:14 - 2016-12-14 06:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-17 16:14 - 2016-12-14 06:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-17 16:14 - 2016-12-14 06:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-17 16:14 - 2016-12-14 06:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-17 16:14 - 2016-12-14 06:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-17 16:14 - 2016-12-14 05:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-17 16:14 - 2016-12-14 05:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-17 16:14 - 2016-12-14 05:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-17 16:14 - 2016-12-14 05:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-17 16:14 - 2016-12-14 05:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-17 16:14 - 2016-12-14 05:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-17 16:14 - 2016-12-14 05:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-17 16:14 - 2016-12-14 05:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-17 16:14 - 2016-12-14 05:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-17 16:14 - 2016-12-14 05:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-17 16:14 - 2016-12-14 05:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-17 16:14 - 2016-12-14 05:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-17 16:14 - 2016-12-14 05:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-17 16:14 - 2016-12-14 05:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-17 16:14 - 2016-12-14 05:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-17 16:14 - 2016-12-14 05:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-17 16:14 - 2016-12-14 05:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-17 16:14 - 2016-12-14 05:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-17 16:14 - 2016-12-14 05:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-17 16:14 - 2016-12-14 05:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-17 16:14 - 2016-12-14 05:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-17 16:14 - 2016-12-14 05:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-17 16:14 - 2016-12-14 05:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-17 16:14 - 2016-12-14 05:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-17 16:14 - 2016-12-14 05:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-17 16:14 - 2016-12-14 05:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-17 16:14 - 2016-12-14 05:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-17 16:14 - 2016-12-14 05:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-17 16:14 - 2016-12-14 05:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-17 16:14 - 2016-12-14 05:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-17 16:14 - 2016-12-14 05:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-17 16:14 - 2016-12-14 05:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-17 16:14 - 2016-12-14 05:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-17 16:14 - 2016-12-14 05:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-17 16:14 - 2016-12-14 05:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-17 16:14 - 2016-12-14 05:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-17 16:14 - 2016-12-14 05:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-17 16:14 - 2016-12-14 05:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-17 16:14 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-17 16:14 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-17 16:14 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-17 16:14 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-17 16:14 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-17 16:14 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-17 16:13 - 2016-12-21 08:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-17 16:13 - 2016-12-21 08:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-17 16:13 - 2016-12-21 08:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-17 16:13 - 2016-12-21 08:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-17 16:13 - 2016-12-21 08:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-17 16:13 - 2016-12-21 08:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-17 16:13 - 2016-12-21 07:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-17 16:13 - 2016-12-21 07:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-17 16:13 - 2016-12-21 05:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-17 16:13 - 2016-12-21 05:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-17 16:13 - 2016-12-21 05:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-17 16:13 - 2016-12-21 05:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-17 16:13 - 2016-12-14 06:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-17 16:13 - 2016-12-14 06:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-17 16:13 - 2016-12-14 06:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-17 16:13 - 2016-12-14 05:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-17 16:13 - 2016-12-14 05:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-17 16:13 - 2016-12-14 05:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-17 16:13 - 2016-12-14 05:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-17 16:13 - 2016-12-14 05:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-17 16:13 - 2016-12-14 05:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-17 15:56 - 2017-01-17 15:56 - 10041653 _____ C:\Users\Thomas Keune\Downloads\TV-20170115-1354-5401.webxl.h264.mp4
2017-01-17 15:45 - 2017-01-17 15:45 - 00000000 ____D C:\Users\Thomas Keune\Documents\Neuer Ordner (3)
2017-01-17 15:43 - 2017-01-21 06:37 - 08813488 _____ (Piriform Ltd) C:\Users\Thomas Keune\Downloads\ccsetup526.exe
2017-01-17 05:55 - 2017-01-17 05:55 - 01964600 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437654.dll
2017-01-17 05:55 - 2017-01-17 05:55 - 01598392 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437654.dll
2017-01-17 00:59 - 2017-01-20 17:38 - 00043556 _____ C:\Windows\system32\nvinfo.pb

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-14 20:55 - 2016-10-14 03:29 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-02-14 20:24 - 2014-10-25 13:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-14 18:32 - 2016-11-22 15:29 - 00000000 ____D C:\Users\Thomas Keune\AppData\LocalLow\Mozilla
2017-02-14 18:26 - 2013-04-07 09:21 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\CrashDumps
2017-02-14 18:26 - 2012-04-15 16:43 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\JFritz
2017-02-14 18:26 - 2011-12-29 14:27 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\FreePDF_XP
2017-02-14 18:25 - 2016-10-14 03:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-14 18:21 - 2016-10-14 04:07 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-14 18:20 - 2016-07-16 07:04 - 01310720 _____ C:\Windows\system32\config\BBI
2017-02-14 17:49 - 2013-08-19 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2017-02-14 17:16 - 2016-10-14 03:38 - 00000000 ____D C:\Users\Thomas Keune
2017-02-14 17:03 - 2016-11-06 22:23 - 00000000 ____D C:\Program Files (x86)\Avira
2017-02-14 17:03 - 2016-03-13 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-02-14 17:03 - 2011-12-27 09:28 - 00000000 ____D C:\ProgramData\Avira
2017-02-14 15:58 - 2015-12-30 11:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-14 15:56 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-02-14 14:33 - 2016-07-14 20:03 - 00000000 ____D C:\Users\Thomas Keune\Documents\alida@keune.info
2017-02-14 14:28 - 2011-12-27 09:00 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\DVDVideoSoft
2017-02-14 10:30 - 2016-03-22 11:41 - 00000424 _____ C:\Users\Thomas Keune\Desktop\Dieser PC - Verknüpfung.lnk
2017-02-14 09:45 - 2016-10-14 03:29 - 00399824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-14 09:24 - 2015-03-22 15:31 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\NVIDIA Corporation
2017-02-14 09:00 - 2016-10-14 03:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-14 08:59 - 2015-03-22 15:30 - 00001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-14 08:55 - 2016-10-14 03:31 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-14 08:54 - 2015-03-22 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-14 08:44 - 2014-11-01 17:24 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\Avira
2017-02-14 08:43 - 2016-04-09 17:44 - 04734128 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_avpn0_570931d1a801d__ws.exe
2017-02-14 08:42 - 2016-04-15 07:21 - 04734128 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_ispm0_3017605605_6e4tda59yy4v1w5mn34a_wd.exe
2017-02-14 08:42 - 2014-10-23 14:38 - 168004048 _____ C:\Users\Thomas Keune\Downloads\avira_antivirus_pro_de.exe
2017-02-14 08:37 - 2013-12-18 09:58 - 00000000 ____D C:\ProgramData\Oracle
2017-02-14 08:34 - 2013-12-18 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-14 08:33 - 2011-12-25 22:15 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-14 08:23 - 2016-11-06 20:55 - 00000000 ____D C:\Program Files\Java
2017-02-14 08:23 - 2016-02-04 16:09 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-02-14 08:22 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-14 08:11 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-13 23:02 - 2016-11-06 16:44 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_asu60_581f4fd2262c1__ws.exe
2017-02-13 23:01 - 2016-11-06 19:19 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Thomas Keune\Downloads\avira_de_issudl_581f4fd2262c1__wsd.exe
2017-02-13 22:56 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-13 22:49 - 2016-11-09 01:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-13 22:40 - 2016-04-15 07:29 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\Avira
2017-02-13 21:44 - 2016-11-06 18:29 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-13 21:30 - 2011-12-26 10:12 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\ElevatedDiagnostics
2017-02-13 21:29 - 2016-11-08 20:35 - 00000006 _____ C:\ScrubRetValFile.txt
2017-02-13 21:16 - 2015-10-30 19:44 - 00000000 ____D C:\Windows\ShellNew
2017-02-13 17:54 - 2012-10-06 15:01 - 00000000 ____D C:\Users\Thomas Keune\MEDION NAS TOOL
2017-02-13 16:14 - 2016-10-14 04:26 - 00000000 ___DC C:\Windows\Panther
2017-02-13 16:08 - 2016-10-14 04:09 - 00001908 _____ C:\Windows\diagwrn.xml
2017-02-13 16:08 - 2016-10-14 04:09 - 00001908 _____ C:\Windows\diagerr.xml
2017-02-13 16:04 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-13 13:46 - 2016-11-22 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-13 13:46 - 2012-05-04 03:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-12 19:56 - 2016-10-14 03:38 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-12 19:51 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\registration
2017-02-12 18:28 - 2011-12-26 13:36 - 00000000 ____D C:\Users\Thomas Keune\Desktop\Briefe
2017-02-11 15:18 - 2011-12-25 13:19 - 00000000 ____D C:\Users\Thomas Keune\Documents\Calibre Library
2017-02-11 14:32 - 2016-12-01 08:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-11 14:03 - 2013-05-19 13:08 - 00000000 ____D C:\Users\Thomas Keune\Desktop\Alte Firefox-Daten
2017-02-10 18:42 - 2016-11-06 10:53 - 00000000 ____D C:\Users\Thomas Keune\Downloads\Musik
2017-02-04 12:55 - 2016-09-20 20:02 - 00000000 ____D C:\Users\Thomas Keune\Documents\Scheidung-Alida
2017-02-03 19:59 - 2012-01-21 12:20 - 00000000 ____D C:\Users\Thomas Keune\Documents\Briefe
2017-02-03 19:26 - 2016-11-14 08:37 - 00000000 ____D C:\Program Files (x86)\Calibre2
2017-02-03 19:26 - 2015-07-03 06:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2017-02-03 19:26 - 2014-01-18 10:33 - 00000993 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2017-02-03 19:11 - 2011-12-24 10:35 - 00000000 ____D C:\Users\Thomas Keune\AppData\Local\FRITZ!
2017-02-03 09:07 - 2014-02-17 09:42 - 00000000 ____D C:\Users\Thomas Keune\.mediathek3
2017-01-31 20:08 - 2016-11-06 10:44 - 00000000 ____D C:\ProgramData\VideoDownloaderUltimateWinApp
2017-01-31 20:02 - 2016-11-06 10:44 - 00000935 _____ C:\Users\Thomas Keune\Desktop\Video Downloader Ultimate.lnk
2017-01-31 20:02 - 2016-11-06 10:44 - 00000000 _____ C:\Users\Thomas Keune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Downloader Ultimate.lnk
2017-01-31 19:59 - 2016-12-13 20:18 - 00000000 ____D C:\Users\Thomas Keune\Documents\Sicherung VR-Networld
2017-01-31 19:59 - 2011-12-23 20:07 - 00000000 ____D C:\Users\Public\Documents\VR-NetWorld
2017-01-24 01:00 - 2015-04-16 19:03 - 00217528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-01-24 01:00 - 2015-04-16 07:19 - 01600056 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-01-21 06:37 - 2016-12-14 07:02 - 00000827 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-20 19:39 - 2016-11-07 11:48 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 16:13 - 2016-10-14 03:32 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-01-20 16:13 - 2016-10-14 03:32 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-01-20 16:13 - 2016-10-14 03:32 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-01-20 16:13 - 2016-10-14 03:32 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-01-20 16:13 - 2016-10-14 03:32 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-01-18 21:45 - 2017-01-02 22:28 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\FileZilla
2017-01-18 13:57 - 2016-10-14 03:32 - 07755067 _____ C:\Windows\system32\nvcoproc.bin
2017-01-17 20:37 - 2016-01-06 20:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-17 20:26 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\rescache
2017-01-17 19:18 - 2016-07-16 12:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-17 19:18 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-17 19:18 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-17 19:18 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-17 19:18 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-17 18:08 - 2013-08-14 11:03 - 00000000 ____D C:\Windows\system32\MRT
2017-01-17 18:05 - 2012-03-31 11:26 - 00000000 ____D C:\Users\Thomas Keune\Documents\HE
2017-01-17 18:00 - 2011-03-14 15:08 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-17 17:20 - 2012-08-15 13:32 - 00000000 ____D C:\Users\Thomas Keune\AppData\Roaming\NVIDIA
2017-01-17 15:46 - 2016-09-20 20:02 - 00000000 ____D C:\Users\Thomas Keune\Documents\Neuer Ordner
2017-01-17 15:31 - 2016-10-14 04:07 - 00004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-01-26 19:41 - 2015-12-30 11:29 - 0000000 _____ () C:\Users\Thomas Keune\AppData\Roaming\Basic Synth
2012-04-15 16:43 - 2013-01-14 10:51 - 0000000 _____ () C:\Users\Thomas Keune\AppData\Roaming\JFritz.lock
2012-01-26 12:08 - 2012-01-26 12:08 - 0033134 _____ () C:\Users\Thomas Keune\AppData\Roaming\UserTile.png
2014-10-26 17:51 - 2017-01-02 14:58 - 0003584 _____ () C:\Users\Thomas Keune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-22 13:03 - 2015-11-22 13:03 - 0000036 _____ () C:\Users\Thomas Keune\AppData\Local\housecall.guid.cache
2017-01-02 23:01 - 2017-01-02 23:01 - 0000600 _____ () C:\Users\Thomas Keune\AppData\Local\PUTTY.RND
2015-04-27 12:44 - 2015-04-27 12:44 - 0002065 _____ () C:\Users\Thomas Keune\AppData\Local\recently-used.xbel
2012-10-11 08:33 - 2016-05-10 05:58 - 0000040 ___SH () C:\ProgramData\.zreglib
2013-02-25 18:01 - 2013-02-25 18:01 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-10-14 03:32 - 2016-10-14 03:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-01-22 12:40 - 2016-11-07 07:42 - 0006058 _____ () C:\ProgramData\hpzinstall.log
2014-01-26 19:41 - 2015-12-30 11:29 - 0000000 ____H () C:\ProgramData\PKP_DLeo.DAT
2014-01-26 19:42 - 2015-12-30 11:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-01-26 19:42 - 2016-11-08 19:52 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-01-26 19:42 - 2016-11-08 19:52 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT

ZeroAccess:
C:\Users\Thomas Keune\AppData\Local\13d278f4

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Thomas Keune\fritzDummy.reg


Einige Dateien in TEMP:
====================
2017-02-14 09:10 - 2017-02-14 09:10 - 0000000 ____D () C:\Users\Thomas Keune\AppData\Local\Temp\avgnt.exe
2017-02-14 08:20 - 2017-02-14 08:20 - 0739904 _____ (Oracle Corporation) C:\Users\Thomas Keune\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-14 08:51 - 2015-07-23 01:46 - 0783688 _____ (NVIDIA Corporation) C:\Users\Thomas Keune\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-10 08:34

==================== Ende von FRST.txt ============================

OhSchreck! 14.02.2017 21:12
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-02-2017
durchgeführt von Thomas Keune (14-02-2017 21:02:08)
Gestartet von C:\Users\Thomas Keune\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-14 03:12:07)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4016997756-889063991-563976297-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4016997756-889063991-563976297-503 - Limited - Disabled)
Gast (S-1-5-21-4016997756-889063991-563976297-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4016997756-889063991-563976297-1002 - Limited - Enabled)
Thomas Keune (S-1-5-21-4016997756-889063991-563976297-1000 - Administrator - Enabled) => C:\Users\Thomas Keune

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {701CB209-EBBC-AADC-11E6-DE73E7AF4C9D}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
8000A809 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_eDocs (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AKVIS Magnifier (HKLM-x32\...\{9FDD51C9-F7AA-40AF-A4FF-0500E45E4A06}) (Version: 5.5.967.8527 - AKVIS)
Ansel (Version: 378.49 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
Avira Firewall Manager (HKLM-x32\...\{06C2608C-CD4C-44A8-84E6-9A12D818E15C}) (Version: 1.0.3.292 - Avira Operations GmbH & Co. KG)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!Box Monitor (HKLM-x32\...\AVMFBoxMonitor) (Version:  - AVM Berlin)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AVM FRITZ!vox (HKLM-x32\...\AVMFBoxAnswerMachine) (Version:  - AVM Berlin)
AVM ISDN TAPI Services for CAPI (HKLM-x32\...\AVM ISDN TAPI Services) (Version:  - )
BMWi-Businessplaner Gründung (HKLM-x32\...\BMWiBusinessplanerGruenden) (Version: 1.0.1 - UNKNOWN)
BMWi-Businessplaner Gründung (x32 Version: 1.0.1 - UNKNOWN) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
calibre (HKLM-x32\...\{BDE6D02A-86B7-4D4C-8248-7705C1C0CC79}) (Version: 2.78.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
chip 1-click download service (HKLM-x32\...\{503CA94E-0834-4CEE-AD92-BA17AF4E809A}) (Version: 3.6.9.0 - Chip Digital GmbH)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
COMPUTER BILD Spionage-Stopper 2017 für Windows 10 (HKLM-x32\...\{F9565211-5480-408D-BC7C-1FE7B8366ACE}_is1) (Version: 2.0.0.1 - pXc-coding.com)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.0 - REINER SCT)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3418 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.3726 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Das Telefonbuch Deutschland (HKLM-x32\...\DasTelefonbuch Deutschland) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
D-i-v-X AVI Codec Pack Pro 2.4.0 (HKLM-x32\...\D-i-v-X - AVI Codec Pack Pro) (Version:  - D-i-v-X AVI Codec Pack Pro)
Dropbox Update Helper (x32 Version: 1.3.51.1 - Dropbox, Inc.) Hidden
Duden-Rechtschreibprüfung (HKLM-x32\...\{BF420B0C-DD5B-4ACD-AD7A-CB8F25CA0D2F}) (Version: 8.0 - Bibliographisches Institut GmbH)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.4.20130909 - Landesfinanzdirektion Thüringen)
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.1 - Emsisoft Ltd.)
Erinnerung 2.1.0  (HKLM-x32\...\Erinnerung) (Version: 2.1.0 - Paul Finkler)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.23.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.23.0.2 - Tim Kosse)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gelbe Seiten Deutschland (HKLM-x32\...\Gelbe Seiten Deutschland) (Version:  - )
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 8000 A809 Series (HKLM\...\{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}) (Version: 14.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{D2D05FDB-4EDA-462D-8DB6-E0B9AD4FA25F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM-x32\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iBackupBot for iTunes 3.6.5 (HKLM-x32\...\iBackupBot for iTunes) (Version: 3.6.5 - VOWSoft, Ltd.)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
InfoPrint AFP Workbench Viewer (HKLM-x32\...\{EE899171-9FBD-4650-A1C2-A937342B57A9}) (Version: 2.05.04.01 - InfoPrint Solutions Company)
InfoPrint AFP Workbench Viewer (x32 Version: 2.05.04.01 - InfoPrint Solutions Company) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Network Connections 17.4.95.0 (HKLM\...\PROSetDX) (Version: 17.4.95.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Java 2 SDK Standard Edition v1.2.2_017 (HKLM-x32\...\Java 2 SDK Standard Edition v1.2.2_017) (Version:  - )
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
Java(TM) SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JFritz 0.7.5 Rev. 23 (HKLM-x32\...\{AF5B3ED5-70D3-48CF-A00F-FC29F5261A37}_is1) (Version:  - JFritz Team)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version:  - MEDION)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Micrografx Picture Publisher 10 (HKLM-x32\...\{04AABF6D-55C5-4779-ABF9-992016E913A2}) (Version: 1.0.0.0 - Micrografx, Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 de)) (Version: 45.2.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSYS2 64bit (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\{495974d3-70a1-4ee2-8469-589be4831f36}) (Version: 20161025 - The MSYS2 Developers)
Music Recorder (HKLM-x32\...\{DFC20C50-021D-49CA-9790-D608B12722DB}) (Version: 14.1.7200.0 - Audials AG)
Nero CoverDesigner 2017 (HKLM-x32\...\{29102D23-A61D-48BC-876D-449BF9937B62}) (Version: 18.0.00900 - Nero AG)
NetObjects Fusion 12.0 (HKLM-x32\...\{4D15B53C-DACF-4548-929D-137F7FA1B39B}) (Version: 12 German - NetObjects)
NetObjects Fusion 12.0 (x32 Version: 12.00.5000.5041 - NetObjects) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NirSoft VideoCacheView (HKLM-x32\...\NirSoft VideoCacheView) (Version:  - )
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.2.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.2.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Paragon Festplatten Manager™ 2012 Kompakt (HKLM-x32\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Architect 2 View Module (HKLM-x32\...\{3DA20A12-AD9F-4A75-8A6F-5204EEB94359}) (Version: 2.0.5.16319 - pdfforge GmbH)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PhotoFiltre 7 (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\PhotoFiltre 7) (Version:  - )
Pinnacle Instant DVD Recorder (HKLM-x32\...\{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}) (Version: 2.5.0.092 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.029 - Pinnacle Systems)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polaroid Dust and Scratch Removal v1.0.0.15.2e (HKLM-x32\...\{7B03B4E6-E3F9-11D5-B9D9-00D0B75C082C}) (Version: Polaroid Polaroid Dust and Scratch Removal v1.0.0.15.2e - Polaroid Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 18.0.0003 - Nero AG) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Readiris Pro 15 (HKLM-x32\...\{04C206EA-E327-4291-B54F-65EF89D94B3A}) (Version: 15.01.6224 - I.R.I.S.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0187 - REALTEK Semiconductor Corp.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 9.0.3.168 - Recover Keys)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Rx Compensator (HKLM-x32\...\ST6UNST #1) (Version:  - )
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Security-Plugins-Chipcard (HKLM-x32\...\SecurityPluginsChipcard) (Version: 2.6.4.0 - PPI AG, Hamburg, Germany)
SHIELD Streaming (Version: 7.1.0340 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.2.31 - NVIDIA Corporation) Hidden
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
SmartDraw 2013 (HKLM-x32\...\SmartDraw 2013) (Version:  - SmartDraw, LLC)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{B9824225-2055-4700-BCD4-64B25EC88264}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.86.105304 - SugarSync, Inc.)
SUPER (C) v2016.Build.70+3D+Recorder Version released on (2016/ (HKLM-x32\...\{FF00DB05-B936-4B9A-B41B-1780A23D6050}_is1) (Version: released on (2016/12/15), - eRightSoft)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
System Requirements Lab for Intel (HKLM-x32\...\{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}) (Version: 4.5.11.0 - Husdawg, LLC)
Telescope Driver (HKLM-x32\...\{B2920232-19DA-44FC-835F-68E427EAE2CE}) (Version: 10.30.09 - PixArt)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionpc.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
Video DVD Maker v3.32.0.80 (HKLM-x32\...\{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}) (Version:  - )
VideoDownloaderUltimate (HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.98 - Link64)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VR-NetWorld (HKLM-x32\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version:  - )
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0) (Version: 1.0.37.0 - LunarG, Inc.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WinAVI iPhone Data Recovery (HKLM-x32\...\WinAVI iPhone Data Recovery) (Version: 1.2.0.1085 - WinAVI Software Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Winmail Opener 1.4 (HKLM-x32\...\Winmail Opener) (Version: 1.4 - Eolsoft)
zebNet® Backup for Thunderbird® Free Edition 1.0.1.0 (HKLM\...\{9286F0E0-0A38-4B3C-AB46-5DCC49A2E997}) (Version: 1.0.1.0 - zebNet® Ltd)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0093112F-88E6-45ED-BCAD-AF7548316A28} - System32\Tasks\{30F47FBD-E9AA-4830-82E7-A91F8A356A47} => C:\Users\Thomas Keune\Downloads\AdobeDownloadAssistant.exe
Task: {0387743C-AF26-4336-88C9-BC4BBAB2116C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-17] (Microsoft Corporation)
Task: {04539A0F-7FB5-4F42-A848-8F192EB28D7B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {07BE422C-FCAD-4746-A9A1-49EC2D6F9E12} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {09450F48-8AAF-4ACD-A50F-D653784E7DA4} - System32\Tasks\{D642B5D6-EA45-4700-922F-E23876D3FB65} => pcalua.exe -a E:\FSetup.exe -d E:\
Task: {0C603520-E6AD-4055-996E-0CF570DF31BD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {0DCB9430-19AE-4A3D-8CE8-BA5E643E92F6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {182A9598-E490-412D-A219-AA2F3FC3C11A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {189877C2-B588-49E0-A7C8-41D10F0EDE8D} - System32\Tasks\{FDDA34B2-8198-4284-9B20-F7BAF40CFEDB} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\PinnacleInstantDVDRecorderSetup_2.6.1.127.exe" -d "C:\Program Files (x86)\Mozilla Thunderbird"
Task: {19895852-25E1-412D-9DE9-BAED34BFBBCF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {19C81672-4514-45F8-8774-0E0E7C195871} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {1FA05CAE-505C-4156-9F8E-784B02CFF4C6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {22A79C0A-5A05-48A6-8DA0-37E118EA352E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {2D44F6A2-874F-4D7A-AFB5-CB43B0685B17} - System32\Tasks\{DAB1E480-3AD5-4504-87BC-FF354AD1C780} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\TAPI_Services_for_CAPI_02.03.01_Deutsch(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {2DECBEC1-4174-4022-A7B5-3B002C60F230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd)
Task: {3098B355-30B4-43C8-8A3B-5365B996B33E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {32393DCB-3FBA-4600-8FDE-6B8EBB4FDEF8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {32AAD558-1F1F-485B-BC7E-8A13025209D2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {35DB159B-E719-4F8F-985E-3BFDC4F09474} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {3B905FB9-A4C0-4A37-9811-7181F380B671} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
Task: {3E563C68-3A90-46C5-9894-075027184440} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {40AE0875-6A3A-4187-A791-4A516200E8F6} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {433E3C53-9AA2-4D67-8F3F-DEB070589A33} - System32\Tasks\{329A0C86-ED7D-4E05-976B-6F2749FECAB9} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\ipsafpwb.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {472ED569-889E-43B9-88AC-E07120AD7654} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {47C5A85C-370A-4159-B991-CF8B1C126060} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {51F93248-2E61-4D5B-840C-B5BEE104930A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {532A6C0C-D91B-4237-BBBC-D65464FA2468} - System32\Tasks\AviraFirewallManagerUpdater => C:\Program Files (x86)\Avira\FirewallManager\Avira.FirewallManager.Updater.exe [2016-12-20] (Avira Operations GmbH & Co. KG)
Task: {5579EFB0-AF64-41DC-9CD2-2F996E5BD3BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {58D8B644-6E26-4F1F-9230-E9B75F8E6CEB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5E97DC8F-37A7-458F-B904-651ABB5F351E} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {66F7007C-23BB-41D5-88FE-CF9A316CB5EC} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6766C32A-9A74-439E-9304-B0C1C15BED4F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {67CB22B4-F086-4383-B13D-E94C730B2103} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {7266853E-A3EF-459A-A0A6-1C6D22458251} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {72B5E694-FF35-4EAC-A046-0255788C68A4} - System32\Tasks\hpUrlLauncher.exe_{7E5FE76F-C2EE-43C4-8219-B358A2EE7A7D} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe
Task: {7BB6079C-046C-4BC4-81A1-08C7348655ED} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {7C98B7CC-D447-4142-9898-0299BECC47E5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-11-17] (NVIDIA Corporation)
Task: {7FD2BD48-7BA5-403E-97DF-74B6F95114F0} - kein Dateipfad
Task: {7FF5F145-A3F7-45FF-962E-CE306A7B6AE2} - System32\Tasks\{7BCECF0B-5759-4206-8FD1-B99820F1F36B} => pcalua.exe -a "C:\Users\Thomas Keune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEMJGEKP\avira_antivirus_premium_de.exe" -d "C:\Users\Thomas Keune\Desktop"
Task: {8153B878-09A6-462E-8799-1982C9CA672C} - System32\Tasks\{3DADCE68-CE29-4E5D-832B-82476A712850} => pcalua.exe -a "C:\Users\Thomas Keune\Downloads\Install_CopyTrans_Suite.exe" -d "C:\Users\Thomas Keune\Downloads"
Task: {8189A633-72E4-4EDB-8686-463768939CF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-11-17] (NVIDIA Corporation)
Task: {83958D56-FCA1-4A3C-B097-8D2C9AE2D185} - System32\Tasks\{54B05DA1-AEBC-4B06-9313-2976C9FFDBF2} => C:\Users\Thomas Keune\Downloads\AdobeDownloadAssistant.exe
Task: {85DE3961-A449-47F3-A07D-CC0C7581A457} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8673C3EC-74BC-4BB0-8D80-A9CCB81579A0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9084FBAE-B621-470F-94BB-C41175A8BE60} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {92AB282E-A132-43CA-92AE-F8AEB90CC84C} - System32\Tasks\AviraSpeedup => C:\Program Files (x86)\Avira\System Speedup\avira_system_speedup.exe
Task: {A0A7E08F-1B02-40AA-A725-93FA18344624} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A33913F9-8774-4BD8-8AB2-4DEDF30616B7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {A3600956-51E6-4A6C-AA75-791CEB3003C6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {ADB74AA7-7A4F-4807-B8ED-ABF3153BB0D4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {AEC12B02-FE0F-4D2B-B3DB-2FADBE21D255} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {AEF9CE6F-450B-4B31-BA3C-49A01002501E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B34F94EC-19DD-45E9-A521-C0CFA01CA7D1} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {B591A7EF-4CF8-4531-8FDB-2C18CB39ECDF} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {B5B16780-1FFC-4563-855D-FD8E4E4D78FF} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: {B9DE770B-4E29-4D63-AFD1-7459E91B5FF4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {BC3F5B30-E1CD-4F47-B936-E977AFD41F11} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {BDB65469-DA1B-46BD-971C-13392055ADD5} - System32\Tasks\{2E82D357-A251-4790-899F-47464FEFD543} => pcalua.exe -a "C:\Program Files (x86)\REINER SCT\cyberJack\SetupZkaSig.exe" -c /d
Task: {C1EDA888-3C08-496D-AFE7-CDE674AA1EC4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-11-17] (NVIDIA Corporation)
Task: {C949DF34-2941-455A-8410-27D2AECDF81B} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-11-17] (NVIDIA Corporation)
Task: {D1289271-4823-4891-853D-858DDE75E444} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {D955AFC3-9C15-4CAD-9EDB-3E510FCED431} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-28] (Adobe Systems Incorporated)
Task: {DC2A1FE1-85B4-4163-B1E6-740AF21B4BA3} - System32\Tasks\{0DCEE5B7-A88F-4328-8395-2C19EAF6E9E7} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {DF9251A9-DED0-459C-B5B5-FE1C13B56D91} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {EB5FF3C0-223F-4C93-8021-536FC6CCB006} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {EBCA6BE0-93D7-4BB1-A692-3A5C12C807D2} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {ECD598FA-804D-4DC8-9EC7-245939254043} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EE96219E-0F3D-46B3-98E0-04C79F77CC7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {EF6381FD-6139-4481-AE36-A7A6DB4D3029} - System32\Tasks\{4D10A259-15B0-45A4-BF14-755D0970BDA6} => pcalua.exe -a "C:\Program Files (x86)\JAR2EXE Converter\JAR2EXE Converter.exe"
Task: {FBB20570-BF1E-407B-8E8F-681182187B47} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {FBDAD67B-1BEE-4212-BE2A-1E877C1FA30E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {FF816E96-1B9D-42E4-A663-934AADE5F6C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 22:08 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-02-14 08:53 - 2017-01-20 16:13 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-12-24 10:33 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2011-12-24 10:33 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2011-12-29 14:22 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2017-02-14 08:55 - 2016-11-17 14:44 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-14 08:55 - 2016-11-17 14:44 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-14 08:55 - 2016-11-17 14:44 - 00418752 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-01-13 11:40 - 2015-02-09 12:36 - 00401256 _____ () C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe
2016-12-14 22:08 - 2016-12-09 11:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-14 15:37 - 2016-10-14 15:37 - 00959168 _____ () C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-10-14 04:18 - 2016-10-14 04:18 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-17 16:14 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-17 16:13 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-17 16:13 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-17 16:14 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-01 03:39 - 2016-07-01 03:39 - 04535192 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
2016-10-14 04:19 - 2016-10-14 04:19 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-10-14 04:19 - 2016-10-14 04:19 - 02263904 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-04-02 08:47 - 2016-11-17 14:44 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-14 08:55 - 2016-11-17 14:44 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-14 08:55 - 2016-11-17 14:44 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-14 08:55 - 2016-11-17 11:20 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-14 08:55 - 2016-11-17 11:20 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-14 08:55 - 2016-11-17 11:20 - 02809912 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-14 08:55 - 2016-11-17 11:20 - 00245184 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-14 08:55 - 2016-11-17 11:20 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-14 08:55 - 2016-11-17 11:20 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-14 08:55 - 2016-11-17 11:20 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2012-12-17 22:48 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00049424 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_thread-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00048400 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_date_time-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00068504 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\CrashRpt.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00618256 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_regex-vc90-mt-1_39.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00544152 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\StreamingClient.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00016144 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\boost_system-vc90-mt-1_39.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00340992 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Utils\68fc17d6e5e7d2bad7b18b8d60806540\Utils.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00549888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ManagedInterfaces\9806b0667678a0d6f857efbcafc11565\ManagedInterfaces.ni.dll
2016-12-03 07:57 - 2016-12-03 07:57 - 04722176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\AudialsComponents\79ddd0a4f5f325c9e61636c71a93758a\AudialsComponents.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00774144 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\RSControls\2e161c2bf58a80553d92547040617e0d\RSControls.ni.dll
2016-12-16 07:10 - 2016-12-16 07:10 - 00177664 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\fastJSON\8d604d7d5af9a724226a7eda8729d695\fastJSON.ni.dll
2016-11-23 06:58 - 2016-11-23 06:58 - 00062464 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\CrashHandlerNET\a68af5e6e5d69b9e255d6b41d82c7688\CrashHandlerNET.ni.dll
2016-07-01 03:40 - 2016-07-01 03:40 - 00040856 _____ () C:\Program Files (x86)\Music Recorder\Music Recorder 2016\CrashHandlerNET.dll
2016-01-06 21:02 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-06 21:02 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-06 21:02 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-10-14 15:37 - 2016-10-14 15:37 - 00679624 _____ () C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Temp:31D9EFCC [286]
AlternateDataStreams: C:\ProgramData\Temp:58DD92AC [133]
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 17.20.45.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 17.21.00.jpg:com.dropbox.attributes [1230]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.08.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.15.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.39.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-16 18.00.45.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.06.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.21.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.29.23.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.41.48.jpg:com.dropbox.attributes [621]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.41.55.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 20.45.38.jpg:com.dropbox.attributes [1244]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.03.10.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.03.12.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.15.47.jpg:com.dropbox.attributes [619]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.16.02.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.16.17.jpg:com.dropbox.attributes [1236]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.22.jpg:com.dropbox.attributes [1232]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.29.jpg:com.dropbox.attributes [1240]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.32.jpg:com.dropbox.attributes [1230]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.27.35.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.28.07.jpg:com.dropbox.attributes [1234]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.26.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.37.jpg:com.dropbox.attributes [1234]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.47.jpg:com.dropbox.attributes [1244]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.31.54.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.36.15.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.36.21.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 22.40.31.mov:com.dropbox.attributes [1190]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-17 23.05.08.jpg:com.dropbox.attributes [1242]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.07.42.jpg:com.dropbox.attributes [1238]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.19.45.jpg:com.dropbox.attributes [1194]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-20 21.19.47.jpg:com.dropbox.attributes [1196]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-21 14.42.37.jpg:com.dropbox.attributes [1246]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-21 14.48.20.jpg:com.dropbox.attributes [1246]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-22 14.29.15.png:com.dropbox.attributes [1198]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-22 14.30.28.png:com.dropbox.attributes [1192]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-24 21.32.51.jpg:com.dropbox.attributes [1248]
AlternateDataStreams: C:\Users\Thomas Keune\Documents\2013-08-26 21.16.14.jpg:com.dropbox.attributes [1244]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7916 mehr Seiten.

IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7917 mehr Seiten.

IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\123simsen.com -> www.123simsen.com

Da befinden sich 7916 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2016-11-06 20:33 - 00452679 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1        localhost127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15559 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4016997756-889063991-563976297-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: NAUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Erinnerung.lnk => C:\Windows\pss\Erinnerung.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^t@x aktuell.lnk => C:\Windows\pss\t@x aktuell.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk => C:\Windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVMFBoxMonitor => "C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: daCAPI => "C:\Program Files (x86)\daCAPI\daCAPI.exe" /auto
MSCONFIG\startupreg: DriverScanner => "C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe" delay 20000
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Duden Korrektor SysTray => C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe
MSCONFIG\startupreg: FreePDF Assistant => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: InstallManager => E:\st.exe /CONT
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SmartCallMonitor => C:\Program Files (x86)\JAM Software\SmartCallMonitor\SmartCallMonitor.exe
MSCONFIG\startupreg: SugarSync => "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
HKLM\...\StartupApproved\StartupFolder: => "FriFax32 - Verknüpfung.lnk"
HKLM\...\StartupApproved\StartupFolder: => "JFritz.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Das Telefonbuch Browserlösung.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "%RunKey%"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-4016997756-889063991-563976297-1000\...\StartupApproved\Run: => "OneDrive"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{0552A074-95A6-47FD-93DB-AB44431A4D33}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe] => C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe
FirewallRules: [TCP Query User{4B20D3EA-56D2-408F-B2ED-46F4F0669EF2}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe] => C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe
FirewallRules: [UDP Query User{12414602-D1BA-4CF8-9AFC-89DB3FB9E2EC}C:\program files (x86)\fritz!\friver32.exe] => C:\program files (x86)\fritz!\friver32.exe
FirewallRules: [TCP Query User{BE79240E-911B-4C91-8E3F-515CD7C5E024}C:\program files (x86)\fritz!\friver32.exe] => C:\program files (x86)\fritz!\friver32.exe
FirewallRules: [{210729ED-99B3-4C90-8567-2B75CF337CA8}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E407A13E-D977-413C-81D4-3F3E776DDEC4}] => LPort=2869
FirewallRules: [{8204DEB6-CCBD-43D4-8BD2-29407734ABCB}] => LPort=1900
FirewallRules: [{BEEF6954-2D8E-4FEA-8399-8DDA2BF376D9}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D96192B3-5EC4-4A94-92EB-7284B635724C}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{0CAC57E3-D2EC-4A1B-A10B-6126858B047C}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{802328A3-C5C6-4C5A-A624-CAA584D9B00A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C05C195A-3B3D-4498-B7DD-1705A1EBCFFE}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6B27F1D1-1CE4-42B6-A11F-6FD9193821C3}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{272E7C97-E477-4AD7-85BC-9B13839FBEFB}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B80BD926-62EB-457A-9A61-9EB6A3F906A4}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2212748C-092D-49EB-9691-94AFEF7E4B1A}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{69A0757C-178D-43D6-940D-1C8AE9F9C84F}] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FE016203-2EE2-43BA-A1EF-C35DD9E845D5}] => C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{42DDCF1E-0861-45AB-939C-224C2A3B7FDB}] => C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{2A934D67-CC63-4E99-8918-0CEC71005391}C:\program files (x86)\fritz!\frifax32.exe] => C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{1056B8D7-9419-4FBB-BF2B-96553CD7F05F}C:\program files (x86)\fritz!\frifax32.exe] => C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [TCP Query User{2DD32AF0-1802-4DE4-9672-266FCDB58D43}C:\program files (x86)\fritz!\frifax32.exe] => C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [UDP Query User{F4C119E6-5B66-45CD-9B89-B9B40880DBA7}C:\program files (x86)\fritz!\frifax32.exe] => C:\program files (x86)\fritz!\frifax32.exe
FirewallRules: [{F9AC49DD-3E25-47C9-86D7-98A9B2ECA668}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FB97470-5AF2-452A-A990-562D9946DF2D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{90A396C5-3F74-4CC2-94CE-3FD577352531}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BB337C31-DB05-483A-BBBE-C49B0C666E4E}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BACBBFF4-ECD1-4D02-B415-7147E04A9FD7}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7B307F34-DD67-4989-B5E1-F171AD5E54DC}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{313BE467-03ED-4665-8B41-116CEAB27115}C:\program files (x86)\fritz!vox\fritz!vox.exe] => C:\program files (x86)\fritz!vox\fritz!vox.exe
FirewallRules: [UDP Query User{B996EFF6-8C05-4BE8-80A4-A4B4BB993E58}C:\program files (x86)\fritz!vox\fritz!vox.exe] => C:\program files (x86)\fritz!vox\fritz!vox.exe
FirewallRules: [{C55D4605-46B6-4E5A-84F2-5FAD8DA8C9F2}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DBFB90B6-6F04-43D6-B010-BE6F07359244}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{206A49EA-1F46-4F75-92E7-DD0D9885C82D}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [UDP Query User{823F5755-4AF7-45EF-A78F-371B89423EE6}C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe] => C:\programdata\videodownloaderultimatewinapp\videodownloaderultimate.exe
FirewallRules: [{C05B2B38-910B-41D7-9067-AACE8430C136}] => C:\Program Files (x86)\Music Recorder\Music Recorder 2016\Audials.exe
FirewallRules: [{ACC0478C-3F99-427E-AD0B-789EE107DB05}] => LPort=12972
FirewallRules: [{88AA4E00-FF66-4222-B385-23822E05C8DB}] => LPort=14714
FirewallRules: [{1E2FCD38-FB2E-4461-BA00-DA3A6E103D1E}] => LPort=31931
FirewallRules: [TCP Query User{DF5E1045-28C1-4543-B43F-E6606DB3858A}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe] => C:\program files (x86)\medion\medion nas tool\medion nas tool.exe
FirewallRules: [UDP Query User{17556B1D-13FA-4B65-A8F2-37F1E220C6E3}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe] => C:\program files (x86)\medion\medion nas tool\medion nas tool.exe
FirewallRules: [{9B9999FB-DFD9-4C9B-8480-B59E8408A79A}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{849E1D66-C46C-46BF-82E3-B48F836B2BA7}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{56EB73CB-1588-4EFC-9D8B-D7539ADE2A9E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A549D9F8-4F94-466F-8D05-F52742BB01BA}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B9950044-453E-4F9C-A765-E0C789BCBF9F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AA8A2C99-D58A-41E0-8EB5-692B0B285D62}] => C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{7F1BB054-BBC3-4E25-BFED-195E98617235}] => C:\Program Files\7-Zip\7zFM.exe
FirewallRules: [{26FC4B21-F14C-4F10-BDB0-C8D9CB47796B}] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
FirewallRules: [{CB4E026F-0DD9-4378-8B70-817400CCE5CD}] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
FirewallRules: [{BBBC9ED8-D2A7-47D0-8179-32455C2B662C}] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
FirewallRules: [{E348EE3D-B5A8-4C7C-91AB-9FB814AEF9FE}] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
FirewallRules: [{A773D5DA-ED9E-4C05-BF9B-BA758E2CF175}] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2HiJackFree.exe
FirewallRules: [{7A3425AC-5283-498A-BA41-66C8860FC35B}] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2HiJackFree.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

12-02-2017 19:03:15 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

Name:
Description:
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/14/2017 09:04:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 09:02:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 09:00:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 08:58:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 08:57:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 08:55:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 08:54:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 08:52:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 08:51:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/14/2017 08:51:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ThomasKeune-PC)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147024894. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (02/14/2017 09:04:12 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 09:02:00 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 09:00:56 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 08:58:53 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 08:57:50 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 08:55:23 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 08:54:20 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 08:52:08 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 08:51:22 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

Error: (02/14/2017 08:51:05 PM) (Source: DCOM) (EventID: 10001) (User: ThomasKeune-PC)
Description: Ein DCOM-Server konnte nicht gestartet werden: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca als Nicht verfügbar/Nicht verfügbar. Fehler:
"2"
Aufgetreten beim Start dieses Befehls:
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server


CodeIntegrity:
===================================
  Date: 2017-01-18 07:00:49.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 07:00:49.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 07:00:49.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 07:00:49.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 07:00:49.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 07:00:49.333
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 07:00:47.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 07:00:47.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 06:57:40.963
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-01-18 06:57:40.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 4077.64 MB
Verfügbarer physikalischer RAM: 1204.48 MB
Summe virtueller Speicher: 8173.64 MB
Verfügbarer virtueller Speicher: 3778.25 MB

==================== Laufwerke ================================

Drive c: (Boot) (Fixed) (Total:1831.92 GB) (Free:1564.83 GB) NTFS
Drive d: (Recover) (Fixed) (Total:30 GB) (Free:11.62 GB) NTFS
Drive k: (Backup) (Fixed) (Total:292.97 GB) (Free:225.31 GB) NTFS
Drive l: (Data) (Fixed) (Total:292.97 GB) (Free:91.9 GB) NTFS
Drive m: (Copy) (Fixed) (Total:292.97 GB) (Free:291.52 GB) NTFS
Drive n: (Siemens) (Fixed) (Total:292.97 GB) (Free:30.03 GB) NTFS
Drive o: () (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive p: (Schneider) (Fixed) (Total:225.39 GB) (Free:82.33 GB) NTFS
Drive z: () (Network) (Total:930.9 GB) (Free:707.48 GB)

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 59ECDFB3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1831.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: 27E9BFE8)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================

cosinus 15.02.2017 11:38
Zitat:
AS: Emsisoft Anti-Malware (Enabled - Up to date) {CB7D53ED-CD86-A552-2B56-E5019C280620}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
Zwei AVs gehen garnicht und Avira ist genrell grütze.

Bitte Avira deinstallieren. Das Teil empfehlen wir schon seit Jahren aus mehreren Gründen nicht mehr. Ein Grund ist ne rel. hohe Fehlalarmquote, der zweite Hauptgrund ist, dass die immer noch mit ASK zusammenarbeiten (Avira Suchfunktion geht über ASK). Auch andere Freewareanbieter wie AVG, Avast oder Panda sprangen auf diesen Zug auf; so was ist bei Sicherheitssoftware einfach inakzeptabel. Vgl. Antivirensoftware: Schutz Für Ihre Dateien, Aber Auf Kosten Ihrer Privatsphäre? | Emsisoft Blog

Gib Bescheid wenn Avira weg ist; wenn wir hier durch sind, kannst du auf einen anderen Virenscanner umsteigen, Infos folgen dann im Abschlussposting. Bitte JETZT nix mehr ohne Absprache installieren!

OhSchreck! 15.02.2017 13:59
Danke!

ok avira ist entfernt

Viele Grüße

cosinus 15.02.2017 14:18
1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

OhSchreck! 15.02.2017 16:41
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Thomas Keune :: THOMASKEUNE-PC [administrator]

14.01.2014 06:59:50
mbar-log-2014-01-14 (06-59-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 280290
Time elapsed: 17 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Code:
16:36:49.0361 0x2de4  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
16:36:52.0939 0x2de4  ============================================================
16:36:52.0939 0x2de4  Current date / time: 2017/02/15 16:36:52.0939
16:36:52.0939 0x2de4  SystemInfo:
16:36:52.0940 0x2de4 
16:36:52.0940 0x2de4  OS Version: 10.0.14393 ServicePack: 0.0
16:36:52.0940 0x2de4  Product type: Workstation
16:36:52.0940 0x2de4  ComputerName: THOMASKEUNE-PC
16:36:52.0940 0x2de4  UserName: Thomas Keune
16:36:52.0940 0x2de4  Windows directory: C:\Windows
16:36:52.0940 0x2de4  System windows directory: C:\Windows
16:36:52.0940 0x2de4  Running under WOW64
16:36:52.0940 0x2de4  Processor architecture: Intel x64
16:36:52.0940 0x2de4  Number of processors: 4
16:36:52.0940 0x2de4  Page size: 0x1000
16:36:52.0940 0x2de4  Boot type: Normal boot
16:36:52.0940 0x2de4  CodeIntegrityOptions = 0x00000001
16:36:52.0940 0x2de4  ============================================================
16:36:52.0941 0x2de4  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
16:36:53.0753 0x2de4  System UUID: {BD170EF7-5A84-14D8-289F-811BC3028570}
16:36:54.0497 0x2de4  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:54.0521 0x2de4  Drive \Device\Harddisk4\DR4 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x15D50F, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'W'
16:36:54.0526 0x2de4  ============================================================
16:36:54.0526 0x2de4  \Device\Harddisk0\DR0:
16:36:54.0535 0x2de4  MBR partitions:
16:36:54.0535 0x2de4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:36:54.0535 0x2de4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE4FD5800
16:36:54.0535 0x2de4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE5008000, BlocksNum 0x3C00000
16:36:54.0535 0x2de4  \Device\Harddisk4\DR4:
16:36:54.0535 0x2de4  MBR partitions:
16:36:54.0536 0x2de4  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x81F, BlocksNum 0x249EF8A1
16:36:54.0536 0x2de4  \Device\Harddisk4\DR4\Partition2: MBR, Type 0x7, StartLBA 0x249F00FF, BlocksNum 0x249EFC91
16:36:54.0537 0x2de4  \Device\Harddisk4\DR4\Partition3: MBR, Type 0x7, StartLBA 0x493DFDCF, BlocksNum 0x249EFC91
16:36:54.0537 0x2de4  \Device\Harddisk4\DR4\Partition4: MBR, Type 0x7, StartLBA 0x6DDCFA9F, BlocksNum 0x249EFC91
16:36:54.0537 0x2de4  \Device\Harddisk4\DR4\Partition5: MBR, Type 0x7, StartLBA 0x927BF76F, BlocksNum 0x1C2C83C1
16:36:54.0537 0x2de4  ============================================================
16:36:54.0561 0x2de4  C: <-> \Device\Harddisk0\DR0\Partition2
16:36:54.0601 0x2de4  D: <-> \Device\Harddisk0\DR0\Partition3
16:36:54.0606 0x2de4  K: <-> \Device\Harddisk4\DR4\Partition1
16:36:54.0613 0x2de4  L: <-> \Device\Harddisk4\DR4\Partition2
16:36:54.0617 0x2de4  M: <-> \Device\Harddisk4\DR4\Partition3
16:36:54.0619 0x2de4  N: <-> \Device\Harddisk4\DR4\Partition4
16:36:54.0658 0x2de4  O: <-> \Device\Harddisk0\DR0\Partition1
16:36:54.0660 0x2de4  P: <-> \Device\Harddisk4\DR4\Partition5
16:36:54.0661 0x2de4  ============================================================
16:36:54.0662 0x2de4  Initialize success
16:36:54.0662 0x2de4  ============================================================
16:37:31.0948 0x2298  ============================================================
16:37:31.0948 0x2298  Scan started
16:37:31.0948 0x2298  Mode: Manual; SigCheck; TDLFS;
16:37:31.0948 0x2298  ============================================================
16:37:31.0948 0x2298  KSN ping started
16:37:31.0965 0x2298  KSN ping finished: true
16:37:36.0335 0x2298  ================ Scan system memory ========================

OhSchreck! 20.02.2017 22:15
Hab alles gemacht, wie geht es weiter?

cosinus 20.02.2017 23:01
Log vom tdsskiller ist (immer noch) unvollständig

OhSchreck! 21.02.2017 06:26
Code:
06:01:19.0207 0x261c  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
06:01:28.0645 0x261c  ============================================================
06:01:28.0645 0x261c  Current date / time: 2017/02/21 06:01:28.0645
06:01:28.0645 0x261c  SystemInfo:
06:01:28.0645 0x261c 
06:01:28.0645 0x261c  OS Version: 10.0.14393 ServicePack: 0.0
06:01:28.0645 0x261c  Product type: Workstation
06:01:28.0645 0x261c  ComputerName: THOMASKEUNE-PC
06:01:28.0645 0x261c  UserName: Thomas Keune
06:01:28.0645 0x261c  Windows directory: C:\Windows
06:01:28.0645 0x261c  System windows directory: C:\Windows
06:01:28.0645 0x261c  Running under WOW64
06:01:28.0645 0x261c  Processor architecture: Intel x64
06:01:28.0645 0x261c  Number of processors: 4
06:01:28.0645 0x261c  Page size: 0x1000
06:01:28.0645 0x261c  Boot type: Normal boot
06:01:28.0645 0x261c  CodeIntegrityOptions = 0x00000001
06:01:28.0645 0x261c  ============================================================
06:01:30.0286 0x261c  KLMD registered as C:\Windows\system32\drivers\83354219.sys
06:01:30.0286 0x261c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
06:01:31.0552 0x261c  System UUID: {BD170EF7-5A84-14D8-289F-811BC3028570}
06:01:33.0317 0x261c  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:01:33.0380 0x261c  Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x15D50F, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'W'
06:01:33.0411 0x261c  ============================================================
06:01:33.0411 0x261c  \Device\Harddisk0\DR0:
06:01:33.0427 0x261c  MBR partitions:
06:01:33.0427 0x261c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:01:33.0427 0x261c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE4FD5800
06:01:33.0427 0x261c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE5008000, BlocksNum 0x3C00000
06:01:33.0427 0x261c  \Device\Harddisk1\DR1:
06:01:33.0427 0x261c  MBR partitions:
06:01:33.0427 0x261c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x81F, BlocksNum 0x249EF8A1
06:01:33.0427 0x261c  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x249F00FF, BlocksNum 0x249EFC91
06:01:33.0427 0x261c  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x493DFDCF, BlocksNum 0x249EFC91
06:01:33.0427 0x261c  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x6DDCFA9F, BlocksNum 0x249EFC91
06:01:33.0442 0x261c  \Device\Harddisk1\DR1\Partition5: MBR, Type 0x7, StartLBA 0x927BF76F, BlocksNum 0x1C2C83C1
06:01:33.0442 0x261c  ============================================================
06:01:33.0536 0x261c  C: <-> \Device\Harddisk0\DR0\Partition2
06:01:34.0052 0x261c  D: <-> \Device\Harddisk0\DR0\Partition3
06:01:34.0067 0x261c  K: <-> \Device\Harddisk1\DR1\Partition1
06:01:34.0067 0x261c  L: <-> \Device\Harddisk1\DR1\Partition2
06:01:34.0114 0x261c  M: <-> \Device\Harddisk1\DR1\Partition3
06:01:34.0114 0x261c  N: <-> \Device\Harddisk1\DR1\Partition4
06:01:34.0161 0x261c  O: <-> \Device\Harddisk0\DR0\Partition1
06:01:34.0192 0x261c  P: <-> \Device\Harddisk1\DR1\Partition5
06:01:34.0192 0x261c  ============================================================
06:01:34.0192 0x261c  Initialize success
06:01:34.0192 0x261c  ============================================================
06:02:19.0038 0x252c  ============================================================
06:02:19.0038 0x252c  Scan started
06:02:19.0038 0x252c  Mode: Manual; SigCheck; TDLFS;
06:02:19.0038 0x252c  ============================================================
06:02:19.0038 0x252c  KSN ping started
06:02:20.0179 0x252c  KSN ping finished: false
06:02:27.0820 0x252c  ================ Scan system memory ========================
06:02:27.0820 0x252c  System memory - ok
06:02:27.0820 0x252c  ================ Scan services =============================
06:02:28.0242 0x252c  1394ohci - ok
06:02:28.0257 0x252c  3ware - ok
06:02:29.0367 0x252c  [ 78F0179B6C4C93119432C3A2C511EB44, 746A48F8D9C4004E7FB8BD72DA40DBBD207A882ED33B4A844F2F017521403D85 ] a2AntiMalware  C:\Program Files\Emsisoft Anti-Malware\a2service.exe
06:02:30.0242 0x252c  a2AntiMalware - ok
06:02:30.0367 0x252c  ACPI - ok
06:02:30.0383 0x252c  AcpiDev - ok
06:02:30.0445 0x252c  acpiex - ok
06:02:30.0445 0x252c  acpipagr - ok
06:02:30.0508 0x252c  AcpiPmi - ok
06:02:30.0523 0x252c  acpitime - ok
06:02:30.0992 0x252c  [ B932E0EE190778D840F1442DFC0F9612, 8780963F14D57279FDD585BE945ED40F24590D32676C7A9EF94002D38B8BA643 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:02:31.0070 0x252c  AdobeARMservice - ok
06:02:32.0430 0x252c  [ 32B31B696CB8E8F380831DFEB80A67E4, 8C8F6E16F2FB3E8F10569261B7712BBC931A2924B6C27D561E7F828041C4F3E6 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:02:32.0508 0x252c  AdobeFlashPlayerUpdateSvc - ok
06:02:32.0570 0x252c  ADP80XX - ok
06:02:32.0601 0x252c  AFD - ok
06:02:32.0664 0x252c  ahcache - ok
06:02:32.0680 0x252c  AJRouter - ok
06:02:32.0726 0x252c  ALG - ok
06:02:32.0742 0x252c  AmdK8 - ok
06:02:32.0758 0x252c  AmdPPM - ok
06:02:32.0773 0x252c  amdsata - ok
06:02:32.0773 0x252c  amdsbs - ok
06:02:32.0773 0x252c  amdxata - ok
06:02:32.0805 0x252c  AppID - ok
06:02:32.0836 0x252c  AppIDSvc - ok
06:02:32.0867 0x252c  Appinfo - ok
06:02:32.0883 0x252c  applockerfltr - ok
06:02:32.0992 0x252c  AppReadiness - ok
06:02:33.0055 0x252c  AppXSvc - ok
06:02:33.0070 0x252c  arcsas - ok
06:02:33.0086 0x252c  AsyncMac - ok
06:02:33.0086 0x252c  atapi - ok
06:02:33.0148 0x252c  AudioEndpointBuilder - ok
06:02:33.0226 0x252c  Audiosrv - ok
06:02:33.0258 0x252c  AxInstSV - ok
06:02:33.0305 0x252c  b06bdrv - ok
06:02:33.0367 0x252c  BasicDisplay - ok
06:02:33.0367 0x252c  BasicRender - ok
06:02:33.0383 0x252c  bcmfn - ok
06:02:33.0398 0x252c  bcmfn2 - ok
06:02:33.0414 0x252c  BDESVC - ok
06:02:33.0461 0x252c  Beep - ok
06:02:33.0523 0x252c  BFE - ok
06:02:33.0539 0x252c  BITS - ok
06:02:33.0617 0x252c  bowser - ok
06:02:33.0664 0x252c  BrokerInfrastructure - ok
06:02:33.0742 0x252c  Browser - ok
06:02:33.0758 0x252c  BthAvrcpTg - ok
06:02:33.0836 0x252c  BthHFEnum - ok
06:02:33.0836 0x252c  bthhfhid - ok
06:02:33.0883 0x252c  BthHFSrv - ok
06:02:33.0930 0x252c  BTHMODEM - ok
06:02:33.0945 0x252c  bthserv - ok
06:02:34.0008 0x252c  buttonconverter - ok
06:02:34.0055 0x252c  CapImg - ok
06:02:34.0070 0x252c  cdfs - ok
06:02:34.0102 0x252c  CDPSvc - ok
06:02:34.0180 0x252c  CDPUserSvc - ok
06:02:34.0258 0x252c  cdrom - ok
06:02:34.0289 0x252c  CertPropSvc - ok
06:02:34.0430 0x252c  [ 59B4AB79011957DD3B83F0C2E63741BD, 5DE68785D701DBA0F98452B7D5CC407BEECD51685F39516157733CED2EF2FA19 ] chip1click      C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
06:02:34.0477 0x252c  chip1click - detected UnsignedFile.Multi.Generic ( 1 )
06:02:37.0633 0x252c  chip1click ( UnsignedFile.Multi.Generic ) - warning
06:02:37.0680 0x252c  cht4iscsi - ok
06:02:37.0680 0x252c  cht4vbd - ok
06:02:37.0711 0x252c  circlass - ok
06:02:38.0070 0x252c  [ ED81E81752CA817AFA740C14AD05BC6C, 9E4B04D4604B96866B3ED18433914BF7ECF3F746CDB34ED856FFC418AAB3C04F ] cjpcsc          C:\Windows\SysWOW64\cjpcsc.exe
06:02:38.0586 0x252c  cjpcsc - ok
06:02:38.0602 0x252c  [ 06E1F5228399FC49A8D026DA38DB6784, 5554071E5C55FC7EF3C7C95F0BC565509C3F0C03E0814C98376932A9D1C32AA6 ] cjusb          C:\Windows\system32\DRIVERS\cjusb.sys
06:02:38.0695 0x252c  cjusb - ok
06:02:38.0727 0x252c  CLFS - ok
06:02:38.0742 0x252c  ClipSVC - ok
06:02:38.0742 0x252c  clreg - ok
06:02:38.0758 0x252c  CmBatt - ok
06:02:38.0789 0x252c  CNG - ok
06:02:38.0789 0x252c  cnghwassist - ok
06:02:39.0477 0x252c  CompositeBus - ok
06:02:39.0477 0x252c  COMSysApp - ok
06:02:39.0508 0x252c  condrv - ok
06:02:39.0539 0x252c  CoreMessagingRegistrar - ok
06:02:40.0008 0x252c  cpuz139 - ok
06:02:40.0071 0x252c  CryptSvc - ok
06:02:40.0133 0x252c  dam - ok
06:02:40.0133 0x252c  dbx - ok
06:02:40.0242 0x252c  [ 566BD6ED419F7FBC88EDD579044AD5C9, EC66C10DAC23ED149545305EA25F60888C5D3675BD850C7C12275B8666D18FEF ] DbxSvc          C:\Windows\system32\DbxSvc.exe
06:02:41.0102 0x252c  DbxSvc - ok
06:02:41.0117 0x252c  DcomLaunch - ok
06:02:41.0133 0x252c  DcpSvc - ok
06:02:41.0180 0x252c  defragsvc - ok
06:02:41.0196 0x252c  DeviceAssociationService - ok
06:02:41.0227 0x252c  DeviceInstall - ok
06:02:41.0242 0x252c  DevQueryBroker - ok
06:02:41.0289 0x252c  Dfsc - ok
06:02:41.0352 0x252c  Dhcp - ok
06:02:41.0414 0x252c  diagnosticshub.standardcollector.service - ok
06:02:41.0461 0x252c  DiagTrack - ok
06:02:41.0664 0x252c  DigitalWave.Update.Service - ok
06:02:41.0680 0x252c  disk - ok
06:02:41.0774 0x252c  DmEnrollmentSvc - ok
06:02:41.0789 0x252c  dmvsc - ok
06:02:41.0789 0x252c  dmwappushservice - ok
06:02:41.0805 0x252c  Dnscache - ok
06:02:41.0836 0x252c  dot3svc - ok
06:02:41.0867 0x252c  DPS - ok
06:02:41.0914 0x252c  drmkaud - ok
06:02:41.0946 0x252c  DsmSvc - ok
06:02:41.0961 0x252c  DsSvc - ok
06:02:42.0024 0x252c  DXGKrnl - ok
06:02:42.0086 0x252c  e1iexpress - ok
06:02:42.0133 0x252c  EapHost - ok
06:02:42.0164 0x252c  ebdrv - ok
06:02:42.0258 0x252c  EFS - ok
06:02:42.0274 0x252c  EhStorClass - ok
06:02:42.0336 0x252c  EhStorTcgDrv - ok
06:02:42.0383 0x252c  embeddedmode - ok
06:02:42.0414 0x252c  EntAppSvc - ok
06:02:42.0571 0x252c  [ 0E840AA66CAB02CBA9730C772BBE305B, 8862583E653D13D1D10A1A4A33704E4F70576E80370943AAFD1EAED6657A0104 ] epp            C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys
06:02:42.0586 0x252c  epp - ok
06:02:42.0633 0x252c  ErrDev - ok
06:02:42.0649 0x252c  EventSystem - ok
06:02:42.0664 0x252c  exfat - ok
06:02:42.0664 0x252c  fastfat - ok
06:02:42.0696 0x252c  Fax - ok
06:02:42.0696 0x252c  fdc - ok
06:02:42.0727 0x252c  fdPHost - ok
06:02:42.0727 0x252c  FDResPub - ok
06:02:42.0789 0x252c  fhsvc - ok
06:02:42.0852 0x252c  FileCrypt - ok
06:02:42.0868 0x252c  FileInfo - ok
06:02:42.0914 0x252c  Filetrace - ok
06:02:42.0946 0x252c  flpydisk - ok
06:02:42.0977 0x252c  FltMgr - ok
06:02:43.0039 0x252c  FontCache - ok
06:02:43.0102 0x252c  FrameServer - ok
06:02:43.0274 0x252c  [ 93B5CD0AC126BE95F65B28AF3D9542DC, BFDAFE9B7A150056C1E6C683197CA7F9E86FF6EBD27178A70BE1FC9BF381D8AA ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
06:02:43.0414 0x252c  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic ( 1 )
06:02:43.0414 0x252c  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
06:02:43.0414 0x252c  FsDepends - ok
06:02:43.0414 0x252c  Fs_Rec - ok
06:02:43.0446 0x252c  fvevol - ok
06:02:43.0508 0x252c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:02:43.0571 0x252c  GEARAspiWDM - ok
06:02:43.0602 0x252c  gencounter - ok
06:02:43.0618 0x252c  genericusbfn - ok
06:02:43.0680 0x252c  GPIOClx0101 - ok
06:02:43.0711 0x252c  gpsvc - ok
06:02:43.0727 0x252c  GpuEnergyDrv - ok
06:02:43.0930 0x252c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:02:43.0946 0x252c  gupdate - ok
06:02:44.0039 0x252c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:02:44.0055 0x252c  gupdatem - ok
06:02:44.0118 0x252c  HDAudBus - ok
06:02:44.0133 0x252c  HidBatt - ok
06:02:44.0133 0x252c  HidBth - ok
06:02:44.0149 0x252c  hidi2c - ok
06:02:44.0164 0x252c  hidinterrupt - ok
06:02:44.0180 0x252c  HidIr - ok
06:02:44.0227 0x252c  hidserv - ok
06:02:44.0289 0x252c  HidUsb - ok
06:02:44.0321 0x252c  HomeGroupListener - ok
06:02:44.0368 0x252c  HomeGroupProvider - ok
06:02:44.0446 0x252c  [ 987CE6F69764B66D8026518AEFEDB508, 37AD86BD716588678EC9B825D87BA2AF157BE0A619F7A012EFE26F378A523E5B ] hotcore3        C:\Windows\system32\DRIVERS\hotcore3.sys
06:02:44.0555 0x252c  hotcore3 - ok
06:02:44.0711 0x252c  [ 97AAC45A375168C6A2297BEEB9692E31, 9C7285988D0C5DE8E3608F4E9F50A5C9398FFD0DA0F4C965C953859001FC76C8 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
06:02:44.0743 0x252c  hpqcxs08 - ok
06:02:44.0774 0x252c  [ 19A4FB67B1C97EA18EDFF44340973CD9, F1B6A7C1E450FF9A1D10F315F17D42DFE8390E88FF1AED4DE35237C4B81FC81D ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
06:02:44.0805 0x252c  hpqddsvc - ok
06:02:44.0805 0x252c  HpSAMD - ok
06:02:44.0993 0x252c  [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
06:02:45.0102 0x252c  HPSLPSVC - detected UnsignedFile.Multi.Generic ( 1 )
06:02:45.0102 0x252c  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
06:02:45.0211 0x252c  [ 1878A79551F2EDAE7EBD110AAE6D33AD, 1F409360B44AEB3A6023E953EAB350FFB3EB8322F589E2422AB312288B33A2DA ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
06:02:45.0227 0x252c  HPSupportSolutionsFrameworkService - ok
06:02:45.0305 0x252c  [ CA53DA4C3EAD4C86918E7F80CD281ABB, E894D6807103194CC3C8F232C0310016EE2CD396C37565BEFDDB52E1A1B1CA26 ] HssDRV6        C:\Windows\system32\DRIVERS\hssdrv6.sys
06:02:45.0336 0x252c  HssDRV6 - ok
06:02:45.0368 0x252c  HTTP - ok
06:02:45.0430 0x252c  HvHost - ok
06:02:45.0477 0x252c  hvservice - ok
06:02:45.0477 0x252c  hwpolicy - ok
06:02:45.0493 0x252c  hyperkbd - ok
06:02:45.0524 0x252c  i8042prt - ok
06:02:45.0540 0x252c  iagpio - ok
06:02:45.0540 0x252c  iai2c - ok
06:02:45.0540 0x252c  iaLPSS2i_GPIO2 - ok
06:02:45.0555 0x252c  iaLPSS2i_I2C - ok
06:02:45.0555 0x252c  iaLPSSi_GPIO - ok
06:02:45.0555 0x252c  iaLPSSi_I2C - ok
06:02:45.0618 0x252c  [ 87A72502C8AC5E89B5A46FF6E874F5C5, A72C8C96BA29B5894A3085CA2ADB6343FEFA79534B334416F8D4751CF8A30008 ] IAMTVE          C:\Windows\system32\drivers\IAMTVE.sys
06:02:45.0743 0x252c  IAMTVE - ok
06:02:45.0868 0x252c  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
06:02:45.0930 0x252c  iaStor - ok
06:02:46.0071 0x252c  [ 25555186E4FBDF0E30A5DBFC9B9A73F9, 4A9DAC2B56389C5955C343E202C6E81CD3A608E78A4BB7E6ED560719DF02C955 ] iaStorA        C:\Windows\system32\drivers\iaStorA.sys
06:02:46.0118 0x252c  iaStorA - ok
06:02:46.0149 0x252c  iaStorAV - ok
06:02:46.0149 0x252c  iaStorV - ok
06:02:46.0149 0x252c  ibbus - ok
06:02:46.0165 0x252c  icssvc - ok
06:02:46.0180 0x252c  IKEEXT - ok
06:02:46.0211 0x252c  IndirectKmd - ok
06:02:46.0711 0x252c  [ ECA5E9DA350D2D21376260CD3602449A, B027FE77062488B8FC0EEE2113341DD922CE1BD741DF4F5D92DCCDC2E2C18BB2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:02:46.0930 0x252c  IntcAzAudAddService - ok
06:02:46.0977 0x252c  [ 8C90FA99363E2BC4938CCA3A487100E9, E16285D52B070466C2E1556D74A1F577F92E20AD66B9F8708957F25EB8DDB56F ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
06:02:47.0930 0x252c  Intel(R) PROSet Monitoring Service - ok
06:02:47.0993 0x252c  intelide - ok
06:02:48.0055 0x252c  intelpep - ok
06:02:48.0071 0x252c  intelppm - ok
06:02:48.0149 0x252c  [ E45575812630B049CE0F679D87561A4D, 2645B87960DAA51295530ECF5518E5872B17520293068E7DEA064FEAE3884E87 ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
06:02:48.0227 0x252c  ioatdma1 - ok
06:02:48.0337 0x252c  [ 2C23820DD9E81199E60F553EB50BC449, AF3847AD90A79E9D22DC67F4ED52B1D3FAF7C6420D60F2044C1FB49FD338BB70 ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
06:02:48.0368 0x252c  ioatdma2 - ok
06:02:48.0383 0x252c  iorate - ok
06:02:48.0383 0x252c  IpFilterDriver - ok
06:02:48.0399 0x252c  iphlpsvc - ok
06:02:48.0399 0x252c  IPMIDRV - ok
06:02:48.0415 0x252c  IPNAT - ok
06:02:48.0415 0x252c  irda - ok
06:02:48.0430 0x252c  IRENUM - ok
06:02:48.0446 0x252c  irmon - ok
06:02:48.0462 0x252c  isapnp - ok
06:02:48.0508 0x252c  iScsiPrt - ok
06:02:48.0618 0x252c  kbdclass - ok
06:02:48.0665 0x252c  kbdhid - ok
06:02:48.0696 0x252c  kdnic - ok
06:02:48.0712 0x252c  KeyIso - ok
06:02:48.0712 0x252c  KSecDD - ok
06:02:48.0727 0x252c  KSecPkg - ok
06:02:48.0743 0x252c  ksthunk - ok
06:02:48.0774 0x252c  KtmRm - ok
06:02:48.0837 0x252c  LanmanServer - ok
06:02:48.0883 0x252c  LanmanWorkstation - ok
06:02:48.0930 0x252c  lfsvc - ok
06:02:48.0962 0x252c  LicenseManager - ok
06:02:48.0993 0x252c  lltdio - ok
06:02:49.0040 0x252c  lltdsvc - ok
06:02:49.0118 0x252c  lmhosts - ok
06:02:49.0133 0x252c  LSI_SAS - ok
06:02:49.0133 0x252c  LSI_SAS2i - ok
06:02:49.0149 0x252c  LSI_SAS3i - ok
06:02:49.0196 0x252c  LSI_SSS - ok
06:02:49.0258 0x252c  LSM - ok
06:02:49.0258 0x252c  luafv - ok
06:02:49.0305 0x252c  MapsBroker - ok
06:02:49.0383 0x252c  [ 024DA28053D57E9E32BEE52600576BBB, 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E ] MarvinBus      C:\Windows\System32\drivers\MarvinBus64.sys
06:02:49.0602 0x252c  MarvinBus - ok
06:02:49.0649 0x252c  [ 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849, 80E571FEE4373E4AF487176C9265FB89912739E961C47880A60115BD50638AEA ] mbamchameleon  C:\Windows\system32\drivers\mbamchameleon.sys
06:02:49.0665 0x252c  mbamchameleon - ok
06:02:49.0712 0x252c  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector  C:\WINDOWS\system32\drivers\mbam.sys
06:02:49.0743 0x252c  MBAMProtector - ok
06:02:50.0071 0x252c  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
06:02:50.0149 0x252c  MBAMScheduler - ok
06:02:50.0305 0x252c  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
06:02:50.0399 0x252c  MBAMService - ok
06:02:50.0540 0x252c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy  C:\Windows\system32\drivers\MBAMSwissArmy.sys
06:02:50.0571 0x252c  MBAMSwissArmy - ok
06:02:50.0634 0x252c  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
06:02:50.0665 0x252c  MBAMWebAccessControl - ok
06:02:50.0727 0x252c  megasas - ok
06:02:50.0790 0x252c  megasas2i - ok
06:02:50.0805 0x252c  megasr - ok
06:02:50.0884 0x252c  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
06:02:50.0915 0x252c  MEIx64 - ok
06:02:50.0946 0x252c  MessagingService - ok
06:02:50.0962 0x252c  mlx4_bus - ok
06:02:51.0024 0x252c  MMCSS - ok
06:02:51.0055 0x252c  Modem - ok
06:02:51.0102 0x252c  monitor - ok
06:02:51.0134 0x252c  mouclass - ok
06:02:51.0134 0x252c  mouhid - ok
06:02:51.0134 0x252c  mountmgr - ok
06:02:51.0290 0x252c  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:02:51.0321 0x252c  MozillaMaintenance - ok
06:02:51.0337 0x252c  mpsdrv - ok
06:02:51.0399 0x252c  MpsSvc - ok
06:02:51.0430 0x252c  MRxDAV - ok
06:02:51.0462 0x252c  mrxsmb - ok
06:02:51.0477 0x252c  mrxsmb10 - ok
06:02:51.0509 0x252c  mrxsmb20 - ok
06:02:51.0524 0x252c  MsBridge - ok
06:02:51.0555 0x252c  MSDTC - ok
06:02:51.0555 0x252c  Msfs - ok
06:02:51.0587 0x252c  msgpiowin32 - ok
06:02:51.0587 0x252c  mshidkmdf - ok
06:02:51.0634 0x252c  mshidumdf - ok
06:02:51.0634 0x252c  msisadrv - ok
06:02:51.0696 0x252c  MSiSCSI - ok
06:02:51.0696 0x252c  msiserver - ok
06:02:51.0712 0x252c  MSKSSRV - ok
06:02:51.0727 0x252c  MsLldp - ok
06:02:51.0727 0x252c  MSPCLOCK - ok
06:02:51.0743 0x252c  MSPQM - ok
06:02:51.0774 0x252c  MsRPC - ok
06:02:51.0805 0x252c  mssmbios - ok
06:02:51.0821 0x252c  MSTEE - ok
06:02:51.0837 0x252c  MTConfig - ok
06:02:51.0837 0x252c  Mup - ok
06:02:51.0852 0x252c  mvumis - ok
06:02:51.0899 0x252c  NativeWifiP - ok
06:02:52.0087 0x252c  [ 003DDE9E91D324DDD86F11BF580FD627, 733674D5A6246BA2B4DE420AD89FE171ACCEA9EB5FC20F13F688A3910C1AA74C ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
06:02:52.0134 0x252c  NAUpdate - ok
06:02:52.0196 0x252c  NcaSvc - ok
06:02:52.0212 0x252c  NcbService - ok
06:02:52.0212 0x252c  NcdAutoSetup - ok
06:02:52.0243 0x252c  ndfltr - ok
06:02:52.0290 0x252c  NDIS - ok
06:02:52.0290 0x252c  NdisCap - ok
06:02:52.0305 0x252c  NdisImPlatform - ok
06:02:52.0321 0x252c  NdisTapi - ok
06:02:52.0321 0x252c  Ndisuio - ok
06:02:52.0337 0x252c  NdisVirtualBus - ok
06:02:52.0337 0x252c  NdisWan - ok
06:02:52.0352 0x252c  ndiswanlegacy - ok
06:02:52.0352 0x252c  ndproxy - ok
06:02:52.0368 0x252c  Ndu - ok
06:02:52.0431 0x252c  [ 76C4D5C98A808D8C8E0C46280036FAF8, A808DFA8B6949D44698122CDA43CD01B3B1CD14029B368F1686D023426239B87 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
06:02:52.0477 0x252c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
06:02:52.0477 0x252c  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:02:52.0477 0x252c  Force sending object to P2P due to detect: Net Driver HPZ12
06:02:52.0493 0x252c  Object send P2P result: false
06:02:52.0509 0x252c  NetAdapterCx - ok
06:02:52.0509 0x252c  NetBIOS - ok
06:02:52.0509 0x252c  NetBT - ok
06:02:52.0524 0x252c  Netlogon - ok
06:02:52.0540 0x252c  Netman - ok
06:02:52.0602 0x252c  netprofm - ok
06:02:52.0680 0x252c  NetSetupSvc - ok
06:02:52.0993 0x252c  NetTcpPortSharing - ok
06:02:53.0024 0x252c  NgcCtnrSvc - ok
06:02:53.0071 0x252c  NgcSvc - ok
06:02:53.0071 0x252c  NlaSvc - ok
06:02:53.0087 0x252c  Npfs - ok
06:02:53.0087 0x252c  npsvctrig - ok
06:02:53.0118 0x252c  nsi - ok
06:02:53.0118 0x252c  nsiproxy - ok
06:02:53.0134 0x252c  NTFS - ok
06:02:53.0149 0x252c  Null - ok
06:02:53.0399 0x252c  [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
06:02:53.0431 0x252c  NvContainerLocalSystem - ok
06:02:53.0477 0x252c  [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
06:02:53.0493 0x252c  NvContainerNetworkService - ok
06:02:53.0540 0x252c  [ 207A78939B7BBA0EFE8BFA947A35E71C, BB7DDFED575F81CAB958DDC7CFF2D798EB14DAE633F49FA2229D98BDC489C0EE ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
06:02:53.0556 0x252c  NVHDA - ok
06:02:54.0977 0x252c  [ B360CFC497FF8070E37AEEA92CEF14BC, 3172A296192640474E9B78A83C66079D916523F04D950AA56B65D570BED633FA ] nvlddmkm        C:\Windows\System32\DriverStore\FileRepository\nvmoi.inf_amd64_bab0214c8bd45ad2\nvlddmkm.sys
06:02:55.0446 0x252c  nvlddmkm - ok
06:02:55.0681 0x252c  [ 1E3277F1C9F62F90488D02869A9522B7, 464870ACE9BDF7A6A9C46701209BEED5C33454CFF44CDABEAF871E06F23FEF17 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
06:02:55.0790 0x252c  NvNetworkService - ok
06:02:55.0821 0x252c  nvraid - ok
06:02:55.0821 0x252c  nvstor - ok
06:02:55.0962 0x252c  [ 6C672A80B4FBF160E2814EAE0AB3020B, FD5BDE067D29AA9FC20D7C571607D3AC351BFD65EF6E0C75374A2D9C0B17FED3 ] NvStreamKms    C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
06:02:55.0993 0x252c  NvStreamKms - ok
06:02:56.0056 0x252c  [ 282423AA3B0648082647103A5C42B66C, 5C8DBE5A95C1232E7D0F84E6A8749550C0026F2139D136E94347C2FB2E772950 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
06:02:56.0071 0x252c  NvTelemetryContainer - ok
06:02:56.0087 0x252c  [ 47E9348591CAACC64E41C9FD88D17A5B, 5B7AECFD5D35F55BDA8E6137D80B72166EA7AA0DF075BF4615D8EE50656CDDAF ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
06:02:56.0103 0x252c  nvvad_WaveExtensible - ok
06:02:56.0134 0x252c  [ 61BD2E2560FD1C5E0A8B8738816A0B93, 1057A6C4F7D04E81BFFD5B806295B3A5D12DE4D13F66E8542426D83D97E68C97 ] nvvhci          C:\Windows\System32\drivers\nvvhci.sys
06:02:56.0149 0x252c  nvvhci - ok
06:02:56.0181 0x252c  OneSyncSvc - ok
06:02:56.0290 0x252c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:02:56.0353 0x252c  ose - ok
06:02:56.0696 0x252c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:02:56.0915 0x252c  osppsvc - ok
06:02:56.0931 0x252c  p2pimsvc - ok
06:02:56.0931 0x252c  p2psvc - ok
06:02:56.0946 0x252c  Parport - ok
06:02:56.0962 0x252c  partmgr - ok
06:02:56.0993 0x252c  PcaSvc - ok
06:02:56.0993 0x252c  pci - ok
06:02:57.0009 0x252c  pciide - ok
06:02:57.0009 0x252c  pcmcia - ok
06:02:57.0009 0x252c  pcw - ok
06:02:57.0024 0x252c  pdc - ok
06:02:57.0212 0x252c  [ 8764DACFEF5E0973A16E93892957CDA8, 10C78A63AA21A2AD2596A3A416AA254EB0C596559ED83C7C30C6259D6FCA2867 ] PDF Architect 2 C:\Program Files (x86)\PDF Architect 2\ws.exe
06:02:57.0306 0x252c  PDF Architect 2 - ok
06:02:57.0384 0x252c  [ 6B808A3C06470B50D42817D9D7C2F28B, 0AAFACB08D035862E9E213B35081E7174E064F61D03B047AB5F87B92E6923C68 ] pdfforge CrashHandler C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe
06:02:57.0712 0x252c  pdfforge CrashHandler - ok
06:02:57.0728 0x252c  PEAUTH - ok
06:02:57.0743 0x252c  percsas2i - ok
06:02:57.0743 0x252c  percsas3i - ok
06:02:57.0821 0x252c  PerfHost - ok
06:02:57.0853 0x252c  PhoneSvc - ok
06:02:57.0868 0x252c  PimIndexMaintenanceSvc - ok
06:02:57.0962 0x252c  pla - ok
06:02:57.0978 0x252c  PlugPlay - ok
06:02:58.0009 0x252c  [ D1A4DBB8A29F7FFC78378F47F9EA6B91, 782C7C6AA7A4A772C5E7392EA6D849BBCD159C30DF30918941C0BE058226D765 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:02:58.0087 0x252c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
06:02:58.0087 0x252c  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
06:02:58.0103 0x252c  PNRPAutoReg - ok
06:02:58.0103 0x252c  PNRPsvc - ok
06:02:58.0118 0x252c  PolicyAgent - ok
06:02:58.0134 0x252c  Power - ok
06:02:58.0134 0x252c  PptpMiniport - ok
06:02:58.0353 0x252c  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify    C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
06:02:58.0978 0x252c  PrintNotify - ok
06:02:59.0025 0x252c  Processor - ok
06:02:59.0056 0x252c  ProfSvc - ok
06:02:59.0103 0x252c  Psched - ok
06:02:59.0165 0x252c  QWAVE - ok
06:02:59.0165 0x252c  QWAVEdrv - ok
06:02:59.0181 0x252c  RasAcd - ok
06:02:59.0275 0x252c  RasAgileVpn - ok
06:02:59.0321 0x252c  RasAuto - ok
06:02:59.0337 0x252c  Rasl2tp - ok
06:02:59.0384 0x252c  RasMan - ok
06:02:59.0384 0x252c  RasPppoe - ok
06:02:59.0400 0x252c  RasSstp - ok
06:02:59.0400 0x252c  rdbss - ok
06:02:59.0431 0x252c  rdpbus - ok
06:02:59.0431 0x252c  RDPDR - ok
06:02:59.0571 0x252c  RdpVideoMiniport - ok
06:02:59.0587 0x252c  rdyboost - ok
06:02:59.0681 0x252c  [ EA569D48B2E755AF6D96F03F3335D98A, EED2DCDF187A69F36A38129C8A1E0D6FE0EBF9232DEAF68A116E9A26E40AB636 ] Realtek11nSU    C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
06:02:59.0728 0x252c  Realtek11nSU - detected UnsignedFile.Multi.Generic ( 1 )
06:02:59.0728 0x252c  Realtek11nSU ( UnsignedFile.Multi.Generic ) - warning
06:02:59.0743 0x252c  ReFSv1 - ok
06:02:59.0775 0x252c  RemoteAccess - ok
06:02:59.0775 0x252c  RemoteRegistry - ok
06:02:59.0790 0x252c  RetailDemo - ok
06:02:59.0821 0x252c  RmSvc - ok
06:02:59.0821 0x252c  RpcEptMapper - ok
06:02:59.0821 0x252c  RpcLocator - ok
06:02:59.0837 0x252c  RpcSs - ok
06:02:59.0837 0x252c  rspndr - ok
06:02:59.0884 0x252c  RTL8192su - ok
06:02:59.0884 0x252c  s3cap - ok
06:02:59.0931 0x252c  SamSs - ok
06:02:59.0946 0x252c  sbp2port - ok
06:02:59.0962 0x252c  SCardSvr - ok
06:03:00.0009 0x252c  ScDeviceEnum - ok
06:03:00.0009 0x252c  scfilter - ok
06:03:00.0025 0x252c  Schedule - ok
06:03:00.0025 0x252c  scmbus - ok
06:03:00.0025 0x252c  scmdisk0101 - ok
06:03:00.0071 0x252c  SCPolicySvc - ok
06:03:00.0087 0x252c  sdbus - ok
06:03:00.0103 0x252c  SDRSVC - ok
06:03:00.0103 0x252c  sdstor - ok
06:03:00.0118 0x252c  seclogon - ok
06:03:00.0134 0x252c  SENS - ok
06:03:00.0150 0x252c  SensorDataService - ok
06:03:00.0165 0x252c  SensorService - ok
06:03:00.0181 0x252c  SensrSvc - ok
06:03:00.0181 0x252c  SerCx - ok
06:03:00.0196 0x252c  SerCx2 - ok
06:03:00.0196 0x252c  Serenum - ok
06:03:00.0212 0x252c  Serial - ok
06:03:00.0212 0x252c  sermouse - ok
06:03:00.0228 0x252c  SessionEnv - ok
06:03:00.0228 0x252c  sfloppy - ok
06:03:00.0259 0x252c  SharedAccess - ok
06:03:00.0290 0x252c  ShellHWDetection - ok
06:03:00.0353 0x252c  shpamsvc - ok
06:03:00.0353 0x252c  SiSRaid2 - ok
06:03:00.0368 0x252c  SiSRaid4 - ok
06:03:00.0431 0x252c  smphost - ok
06:03:00.0540 0x252c  SmsRouter - ok
06:03:00.0556 0x252c  SNMPTRAP - ok
06:03:00.0650 0x252c  spaceport - ok
06:03:00.0681 0x252c  SpbCx - ok
06:03:00.0712 0x252c  Spooler - ok
06:03:00.0759 0x252c  sppsvc - ok
06:03:00.0806 0x252c  srv - ok
06:03:00.0837 0x252c  srv2 - ok
06:03:00.0853 0x252c  srvnet - ok
06:03:00.0884 0x252c  SSDPSRV - ok
06:03:00.0900 0x252c  SstpSvc - ok
06:03:00.0962 0x252c  StateRepository - ok
06:03:00.0993 0x252c  stexstor - ok
06:03:01.0009 0x252c  stisvc - ok
06:03:01.0040 0x252c  storahci - ok
06:03:01.0087 0x252c  storflt - ok
06:03:01.0103 0x252c  stornvme - ok
06:03:01.0212 0x252c  storqosflt - ok
06:03:01.0228 0x252c  StorSvc - ok
06:03:01.0243 0x252c  storufs - ok
06:03:01.0243 0x252c  storvsc - ok
06:03:01.0259 0x252c  svsvc - ok
06:03:01.0275 0x252c  swenum - ok
06:03:01.0275 0x252c  swprv - ok
06:03:01.0337 0x252c  Synth3dVsc - ok
06:03:01.0353 0x252c  SysMain - ok
06:03:01.0368 0x252c  SystemEventsBroker - ok
06:03:01.0400 0x252c  TabletInputService - ok
06:03:01.0447 0x252c  [ BB3F041ACE6FF23FD8F51B4CDDAB111B, A74544001291AB5E03E4B728CE7A336B17AA351C5E57C48536F62EAA756DFF7B ] tap0901        C:\Windows\System32\drivers\tap0901.sys
06:03:01.0493 0x252c  tap0901 - ok
06:03:01.0525 0x252c  [ F33FDC72298DF4BF9813A55D21F4EB31, 34AADF5115CA1B275FEF4238B420FE424F0E1D0FFD1606B24A0D594D7305CF1F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
06:03:01.0556 0x252c  taphss - ok
06:03:01.0618 0x252c  [ FCEC2C65B9AF8B43C23F4765D17F4574, 71B501CFB0597D15897B7223AEA3C663F15EB1984A02511A6578520B67C6B18A ] taphss6        C:\Windows\System32\drivers\taphss6.sys
06:03:01.0634 0x252c  taphss6 - ok
06:03:01.0665 0x252c  TapiSrv - ok
06:03:01.0665 0x252c  Tcpip - ok
06:03:01.0681 0x252c  Tcpip6 - ok
06:03:01.0681 0x252c  tcpipreg - ok
06:03:01.0697 0x252c  tdx - ok
06:03:01.0728 0x252c  terminpt - ok
06:03:01.0775 0x252c  TermService - ok
06:03:01.0790 0x252c  Themes - ok
06:03:01.0900 0x252c  TieringEngineService - ok
06:03:01.0900 0x252c  tiledatamodelsvc - ok
06:03:01.0915 0x252c  TimeBrokerSvc - ok
06:03:01.0931 0x252c  TPM - ok
06:03:01.0962 0x252c  TrkWks - ok
06:03:02.0072 0x252c  TrustedInstaller - ok
06:03:02.0072 0x252c  tsusbflt - ok
06:03:02.0134 0x252c  TsUsbGD - ok
06:03:02.0134 0x252c  tunnel - ok
06:03:02.0259 0x252c  [ AFDF84A53D56468AAE01090E62572810, 97098C7A054AA6AAA7BF2B101B8B2F4FD219D1518230F776A2821CE3A5C5A3A4 ] TVGOnlineUpdateSvc C:\Program Files (x86)\TVG\OnlineUpdate\OnlineUpdateSvc.exe
06:03:02.0322 0x252c  TVGOnlineUpdateSvc - ok
06:03:02.0384 0x252c  tzautoupdate - ok
06:03:02.0400 0x252c  UASPStor - ok
06:03:02.0415 0x252c  UcmCx0101 - ok
06:03:02.0415 0x252c  UcmTcpciCx0101 - ok
06:03:02.0431 0x252c  UcmUcsi - ok
06:03:02.0447 0x252c  Ucx01000 - ok
06:03:02.0462 0x252c  UdeCx - ok
06:03:02.0462 0x252c  udfs - ok
06:03:02.0493 0x252c  UEFI - ok
06:03:02.0509 0x252c  Ufx01000 - ok
06:03:02.0525 0x252c  UfxChipidea - ok
06:03:02.0540 0x252c  ufxsynopsys - ok
06:03:02.0556 0x252c  UI0Detect - ok
06:03:02.0634 0x252c  [ 5357F9507B59C831C5CD79F1F6374A5E, 37013E7B442D532CC702F994FDA25860996E02B741E2D844DAD82FC49AED29C6 ] UimBus          C:\Windows\System32\drivers\uimx64.sys
06:03:02.0697 0x252c  UimBus - ok
06:03:02.0806 0x252c  [ 001402EA0FB543F77F91090130FD029D, 4CCFC07F06AD9DC85BE732A00A7C9759DEA849054FB10A2598E1958A927B28DD ] Uim_IM          C:\Windows\System32\Drivers\Uim_IMx64.sys
06:03:02.0915 0x252c  Uim_IM - ok
06:03:02.0962 0x252c  [ E75B35EEBC923B6DB2DBEA52E71A7892, 9ED7EB2EFA3F09FC4E123E23876C923045F94C169387E74EDAAFDA0980AAD00C ] Uim_VIM        C:\Windows\System32\Drivers\uim_vimx64.sys
06:03:03.0087 0x252c  Uim_VIM - ok
06:03:03.0103 0x252c  umbus - ok
06:03:03.0118 0x252c  UmPass - ok
06:03:03.0165 0x252c  UmRdpService - ok
06:03:03.0181 0x252c  UnistoreSvc - ok
06:03:03.0197 0x252c  upnphost - ok
06:03:03.0212 0x252c  UrsChipidea - ok
06:03:03.0212 0x252c  UrsCx01000 - ok
06:03:03.0212 0x252c  UrsSynopsys - ok
06:03:03.0275 0x252c  usbccgp - ok
06:03:03.0275 0x252c  usbcir - ok
06:03:03.0290 0x252c  usbehci - ok
06:03:03.0290 0x252c  usbhub - ok
06:03:03.0306 0x252c  USBHUB3 - ok
06:03:03.0322 0x252c  usbohci - ok
06:03:03.0337 0x252c  usbprint - ok
06:03:03.0384 0x252c  [ 2EC7B2C8123236B1233A77281D378DF7, D97DB59C9CAE2B8B33C707E8CEA7A65BF88712842CC715D270F7432A99D21BB6 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
06:03:03.0431 0x252c  usbscan - ok
06:03:03.0431 0x252c  usbser - ok
06:03:03.0447 0x252c  USBSTOR - ok
06:03:03.0478 0x252c  usbuhci - ok
06:03:03.0478 0x252c  USBXHCI - ok
06:03:03.0509 0x252c  UserDataSvc - ok
06:03:03.0603 0x252c  UserManager - ok
06:03:03.0650 0x252c  UsoSvc - ok
06:03:03.0650 0x252c  VaultSvc - ok
06:03:03.0681 0x252c  vdrvroot - ok
06:03:03.0712 0x252c  vds - ok
06:03:03.0728 0x252c  VerifierExt - ok
06:03:03.0790 0x252c  vhdmp - ok
06:03:03.0806 0x252c  vhf - ok
06:03:03.0822 0x252c  vmbus - ok
06:03:03.0853 0x252c  VMBusHID - ok
06:03:03.0853 0x252c  vmgid - ok
06:03:03.0900 0x252c  vmicguestinterface - ok
06:03:03.0915 0x252c  vmicheartbeat - ok
06:03:03.0915 0x252c  vmickvpexchange - ok
06:03:03.0915 0x252c  vmicrdv - ok
06:03:03.0931 0x252c  vmicshutdown - ok
06:03:03.0931 0x252c  vmictimesync - ok
06:03:03.0947 0x252c  vmicvmsession - ok
06:03:03.0947 0x252c  vmicvss - ok
06:03:03.0978 0x252c  volmgr - ok
06:03:04.0009 0x252c  volmgrx - ok
06:03:04.0009 0x252c  volsnap - ok
06:03:04.0009 0x252c  volume - ok
06:03:04.0025 0x252c  vpci - ok
06:03:04.0040 0x252c  vsmraid - ok
06:03:04.0040 0x252c  VSS - ok
06:03:04.0056 0x252c  VSTXRAID - ok
06:03:04.0072 0x252c  vwifibus - ok
06:03:04.0072 0x252c  vwififlt - ok
06:03:04.0087 0x252c  vwifimp - ok
06:03:04.0103 0x252c  W32Time - ok
06:03:04.0119 0x252c  WacomPen - ok
06:03:04.0181 0x252c  WalletService - ok
06:03:04.0181 0x252c  wanarp - ok
06:03:04.0197 0x252c  wanarpv6 - ok
06:03:04.0228 0x252c  wbengine - ok
06:03:04.0290 0x252c  WbioSrvc - ok
06:03:04.0322 0x252c  wcifs - ok
06:03:04.0337 0x252c  Wcmsvc - ok
06:03:04.0353 0x252c  wcncsvc - ok
06:03:04.0369 0x252c  wcnfs - ok
06:03:04.0369 0x252c  WdBoot - ok
06:03:04.0384 0x252c  Wdf01000 - ok
06:03:04.0400 0x252c  WdFilter - ok
06:03:04.0415 0x252c  WdiServiceHost - ok
06:03:04.0415 0x252c  WdiSystemHost - ok
06:03:04.0447 0x252c  wdiwifi - ok
06:03:04.0447 0x252c  WdNisDrv - ok
06:03:04.0540 0x252c  WdNisSvc - ok
06:03:04.0603 0x252c  WebClient - ok
06:03:04.0603 0x252c  Wecsvc - ok
06:03:04.0619 0x252c  WEPHOSTSVC - ok
06:03:04.0619 0x252c  wercplsupport - ok
06:03:04.0650 0x252c  WerSvc - ok
06:03:04.0665 0x252c  WFPLWFS - ok
06:03:04.0681 0x252c  WiaRpc - ok
06:03:04.0697 0x252c  WIMMount - ok
06:03:04.0697 0x252c  WinDefend - ok
06:03:04.0728 0x252c  WindowsTrustedRT - ok
06:03:04.0744 0x252c  WindowsTrustedRTProxy - ok
06:03:04.0790 0x252c  WinHttpAutoProxySvc - ok
06:03:04.0822 0x252c  WinMad - ok
06:03:05.0056 0x252c  Winmgmt - ok
06:03:05.0119 0x252c  WinRM - ok
06:03:05.0150 0x252c  WINUSB - ok
06:03:05.0165 0x252c  WinVerbs - ok
06:03:05.0244 0x252c  wisvc - ok
06:03:05.0259 0x252c  WlanSvc - ok
06:03:05.0290 0x252c  wlidsvc - ok
06:03:05.0322 0x252c  WmiAcpi - ok
06:03:05.0369 0x252c  wmiApSrv - ok
06:03:05.0431 0x252c  WMPNetworkSvc - ok
06:03:05.0447 0x252c  Wof - ok
06:03:05.0478 0x252c  workfolderssvc - ok
06:03:05.0525 0x252c  WPDBusEnum - ok
06:03:05.0540 0x252c  WpdUpFltr - ok
06:03:05.0556 0x252c  WpnService - ok
06:03:05.0572 0x252c  WpnUserService - ok
06:03:05.0572 0x252c  ws2ifsl - ok
06:03:05.0603 0x252c  wscsvc - ok
06:03:05.0650 0x252c  WSDPrintDevice - ok
06:03:05.0650 0x252c  WSearch - ok
06:03:05.0712 0x252c  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA, 7EEB1B8F1430AFB06A18DC6107DBDD57EBBF473FF96F3578481EB89724823393 ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
06:03:05.0759 0x252c  wsvd - ok
06:03:05.0775 0x252c  wuauserv - ok
06:03:05.0790 0x252c  WudfPf - ok
06:03:05.0790 0x252c  WUDFRd - ok
06:03:05.0790 0x252c  wudfsvc - ok
06:03:05.0806 0x252c  WUDFWpdFs - ok
06:03:05.0822 0x252c  WwanSvc - ok
06:03:05.0869 0x252c  XblAuthManager - ok
06:03:05.0900 0x252c  XblGameSave - ok
06:03:05.0947 0x252c  xboxgip - ok
06:03:05.0994 0x252c  XboxNetApiSvc - ok
06:03:06.0056 0x252c  xinputhid - ok
06:03:06.0072 0x252c  ================ Scan global ===============================
06:03:06.0275 0x252c  [ Global ] - ok
06:03:06.0275 0x252c  ================ Scan MBR ==================================
06:03:06.0337 0x252c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:03:11.0322 0x252c  \Device\Harddisk0\DR0 - ok
06:03:11.0322 0x252c  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
06:03:11.0431 0x252c  \Device\Harddisk1\DR1 - ok
06:03:11.0447 0x252c  ================ Scan VBR ==================================
06:03:11.0478 0x252c  [ 9A68B682D125BECBD31BF8C5BCE94578 ] \Device\Harddisk0\DR0\Partition1
06:03:11.0525 0x252c  \Device\Harddisk0\DR0\Partition1 - ok
06:03:11.0556 0x252c  [ 00B20D56693D368EA34A381CF4C8A2D7 ] \Device\Harddisk0\DR0\Partition2
06:03:11.0572 0x252c  \Device\Harddisk0\DR0\Partition2 - ok
06:03:11.0619 0x252c  [ 5AE8FF71A6831C08C2BB67D4E13F8B95 ] \Device\Harddisk0\DR0\Partition3
06:03:11.0666 0x252c  \Device\Harddisk0\DR0\Partition3 - ok
06:03:11.0666 0x252c  [ E3953DB350D378058EEB17757A3D9C7E ] \Device\Harddisk1\DR1\Partition1
06:03:11.0681 0x252c  \Device\Harddisk1\DR1\Partition1 - ok
06:03:11.0681 0x252c  [ 93EB66A986852B96F5D8770AF0931A1A ] \Device\Harddisk1\DR1\Partition2
06:03:11.0681 0x252c  \Device\Harddisk1\DR1\Partition2 - ok
06:03:11.0681 0x252c  [ F8D0336518C74735702E4FAF88981EF1 ] \Device\Harddisk1\DR1\Partition3
06:03:11.0697 0x252c  \Device\Harddisk1\DR1\Partition3 - ok
06:03:11.0697 0x252c  [ 256D099ED0C5E92D902C83B7E60EC8E7 ] \Device\Harddisk1\DR1\Partition4
06:03:11.0697 0x252c  \Device\Harddisk1\DR1\Partition4 - ok
06:03:11.0697 0x252c  [ 7C565020E6D5D889D902D6EEDFB01878 ] \Device\Harddisk1\DR1\Partition5
06:03:11.0713 0x252c  \Device\Harddisk1\DR1\Partition5 - ok
06:03:11.0713 0x252c  ================ Scan generic autorun ======================
06:03:11.0775 0x252c  Logitech Download Assistant - ok
06:03:11.0775 0x252c  ShadowPlay - ok
06:03:12.0900 0x252c  [ 88F4C0223A76F670C68440CCFE9CECB3, 3A9C6EA49D9A72EFE4D794A1463F1626C1E608E43256627E21D51A9C3B78D618 ] c:\program files\emsisoft anti-malware\a2guard.exe
06:03:13.0088 0x252c  emsisoft anti-malware - ok
06:03:13.0088 0x252c  WindowsDefender - ok
06:03:13.0775 0x252c  OneDriveSetup - ok
06:03:13.0791 0x252c  OneDriveSetup - ok
06:03:14.0306 0x252c  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\OneDrive.exe
06:03:14.0353 0x252c  OneDrive - ok
06:03:14.0853 0x252c  [ 55770AF6D09328F6580054B998A293F5, 8F557E7906257C43125AB02B3D41D9733D92106ABFDD4961E8A793D6D314F61A ] C:\Program Files (x86)\Music Recorder\Music Recorder 2016\AudialsNotifier.exe
06:03:14.0994 0x252c  AudialsNotifier - ok
06:03:15.0885 0x252c  [ A95474B14C558CF85A79C18C9356CBCA, 16CCDEE1A2A0930A1EACF1D5E81955CB66DDB872DD2F5602058D6392B80EB56C ] C:\Program Files\CCleaner\CCleaner64.exe
06:03:16.0182 0x252c  CCleaner Monitoring - ok
06:03:16.0275 0x252c  Uninstall C:\Users\Thomas Keune\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64 - ok
06:03:16.0275 0x252c  OneDriveSetup - ok
06:03:16.0353 0x252c  WAB Migrate - ok
06:03:16.0432 0x252c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
06:03:16.0432 0x252c  AV detected via SS2: Emsisoft Anti-Malware, C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe ( 2017.1.1.7166 ), 0x41000 ( enabled : updated )
06:03:16.0650 0x252c  Win FW state via NFP2: enabled ( trusted )
06:03:16.0650 0x252c  ============================================================
06:03:16.0650 0x252c  Scan finished
06:03:16.0650 0x252c  ============================================================
06:03:16.0650 0x1f24  Detected object count: 6
06:03:16.0650 0x1f24  Actual detected object count: 6
06:03:32.0495 0x1f24  chip1click ( UnsignedFile.Multi.Generic ) - skipped by user
06:03:32.0495 0x1f24  chip1click ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:03:32.0495 0x1f24  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
06:03:32.0495 0x1f24  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:03:32.0495 0x1f24  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
06:03:32.0495 0x1f24  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:03:32.0495 0x1f24  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:03:32.0495 0x1f24  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:03:32.0495 0x1f24  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
06:03:32.0495 0x1f24  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
06:03:32.0495 0x1f24  Realtek11nSU ( UnsignedFile.Multi.Generic ) - skipped by user
06:03:32.0495 0x1f24  Realtek11nSU ( UnsignedFile.Multi.Generic ) - User select action: Skip
Und das sagt mein Defender der sich gemeldet hat:
TrojanDownloader: Win32/Dofoil.T
Trojan: Win32/Matsnu.Q
TrojanDownloader: Win32/Dofoil.T


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:05 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131