| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.10.2015, 20:57
| #16 |
 |  Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, anbei die Logs von MBAM und FRST Herlicher Gruss Ralf MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 17.10.2015 Suchlaufzeit: 21:42 Protokolldatei: mbam_20151017_2150.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.10.17.04 Rootkit-Datenbank: v2015.10.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: schmiro64 Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 476040 Abgelaufene Zeit: 6 Min., 30 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Deaktiviert Rootkits: Aktiviert Heuristik: Deaktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015 durchgeführt von schmiro64 (Administrator) auf WIN764 (17-10-2015 21:53:43) Gestartet von D:\_____xxx20151015 Geladene Profile: schmiro64 & (Verfügbare Profile: schmiro64 & petra64 & internet1 & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] () HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5380368 2015-07-20] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [693336 2015-07-20] (Acronis International GmbH) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [Amazon Music] => C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] () HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] () HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Amazon Music] => C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] () HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk [2014-06-08] ShortcutTarget: SnagIt 8.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation) Startup: C:\Users\schmiro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.exe - Verknüpfung.lnk [2013-03-23] ShortcutTarget: Bginfo.exe - Verknüpfung.lnk -> C:\_systools\noinstall\BGInfo\Bginfo.exe (Sysinternals) GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{AA160C9A-E0F5-4D8C-9654-DBEF5B5C7961}: [NameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll [2007-05-16] (TechSmith Corporation) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28] (CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-22] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-22] (Oracle Corporation) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-16] (TechSmith Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28] (CANON INC.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28] (CANON INC.) Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16] (TechSmith Corporation) Handler-x32: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - C:\_systools\install\LOGINventory5\LoginProtocolHandler.dll [2013-11-29] (Schmidt's LOGIN GmbH) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-04] () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.581\npSurveillancePlugin_x86_64.dll [2015-07-22] (Synology) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-04] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.581\npSurveillancePlugin.dll [2015-07-22] (Synology) FF Extension: O2CPlayer Plugin - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\o2cplayer@eleco.com [2015-03-10] FF Extension: Garmin Communicator - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-14] FF Extension: Firebug - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\firebug@software.joehewitt.com.xpi [2013-02-13] FF Extension: FirePath - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\FireXPath@pierre.tholence.com.xpi [2013-02-13] FF Extension: NoScript - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-03] Chrome: ======= CHR Profile: C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-15] CHR Extension: (Google Docs) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15] CHR Extension: (Google Drive) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15] CHR Extension: (YouTube) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15] CHR Extension: (Google-Suche) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15] CHR Extension: (Google Tabellen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-15] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-20] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15] CHR Extension: (Google Mail) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-22] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2014-11-23] (Macrovision Europe Ltd.) [Datei ist nicht signiert] R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2014-11-23] (Macrovision Europe Ltd.) [Datei ist nicht signiert] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries) R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-12-15] (NETGEAR) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12] (TeamViewer GmbH) S3 Tomcat7; C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [80896 2013-10-18] (Apache Software Foundation) [Datei ist nicht signiert] R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] () R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479312 2013-10-07] (VMware, Inc.) R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.) R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-22] (Avira Operations GmbH & Co. KG) S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.) S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [40960 2010-03-01] (Motorola, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-03-15] (Acronis International GmbH) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [30592 2013-01-07] (REALiX(tm)) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 NUServer64; C:\Windows\System32\DRIVERS\NUServer64.sys [240128 2010-09-17] ( ) [Datei ist nicht signiert] R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-08-21] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-08-21] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90928 2012-03-01] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [632752 2012-03-01] (Paragon) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.) S3 WIMMount; G:\ctnot\Projects\Tools\Win8PESE\X64\wimmount.sys [40392 2012-07-25] (Microsoft Corporation) S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X] S3 NUS_Bus; system32\DRIVERS\NUS_Bus.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-17 21:29 - 2015-10-17 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-17 21:28 - 2015-10-17 21:28 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-10-17 21:28 - 2015-10-17 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-10-17 21:28 - 2015-10-17 21:28 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-17 21:28 - 2015-10-17 21:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-10-17 21:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-17 21:28 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-17 21:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-17 20:15 - 2015-10-17 21:00 - 00033877 _____ C:\ComboFix.txt 2015-10-17 19:47 - 2015-10-17 21:00 - 00000000 ____D C:\Qoobox 2015-10-17 19:47 - 2015-10-17 20:57 - 00000000 ____D C:\Windows\erdnt 2015-10-17 19:47 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-10-17 19:47 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-10-17 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-10-17 19:45 - 2015-10-17 19:45 - 05636101 ____R (Swearware) C:\Users\schmiro64\Desktop\ComboFix.exe 2015-10-17 15:52 - 2015-10-17 15:52 - 00000000 _____ C:\Users\schmiro64\Desktop\Neues Textdokument (2).txt 2015-10-17 15:31 - 2015-10-17 15:31 - 00000000 ____D C:\TDSSKiller_Quarantine 2015-10-17 15:26 - 2015-10-17 15:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\schmiro64\Desktop\tdsskiller.exe 2015-10-17 09:32 - 2015-10-17 21:53 - 00000000 ____D C:\FRST 2015-10-17 09:19 - 2015-10-17 09:19 - 00000000 _____ C:\Users\schmiro64\defogger_reenable 2015-10-17 08:59 - 2015-10-17 08:59 - 00075068 _____ C:\Users\schmiro64\Downloads\AVSCAN-20151016-233643-1B0F2AFC.LOG 2015-10-16 20:10 - 2015-10-16 20:10 - 00063188 _____ C:\Users\schmiro64\Downloads\AVSCAN-20151016-192519-C32CBE66.LOG 2015-10-15 22:35 - 2015-10-16 19:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-15 21:32 - 2015-10-15 22:49 - 00000000 ____D C:\Users\schmiro64\Downloads\20151015 2015-10-15 21:31 - 2015-10-15 21:31 - 00331526 _____ C:\Users\schmiro64\Downloads\20151015.zip 2015-10-14 20:04 - 2015-09-18 21:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-14 20:04 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-14 20:04 - 2015-09-16 06:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-14 20:04 - 2015-09-16 06:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-10-14 20:04 - 2015-09-16 06:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-10-14 20:04 - 2015-09-16 06:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-10-14 20:04 - 2015-09-16 06:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-10-14 20:04 - 2015-09-16 06:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-10-14 20:04 - 2015-09-16 06:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-10-14 20:04 - 2015-09-16 06:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-14 20:04 - 2015-09-16 06:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-14 20:04 - 2015-09-16 06:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-14 20:04 - 2015-09-16 06:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-10-14 20:04 - 2015-09-16 06:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-10-14 20:04 - 2015-09-16 06:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-10-14 20:04 - 2015-09-16 06:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-10-14 20:04 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-14 20:04 - 2015-09-16 05:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-14 20:04 - 2015-09-16 05:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-10-14 20:04 - 2015-09-16 05:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-10-14 20:04 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-10-14 20:04 - 2015-09-16 05:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-14 20:04 - 2015-09-16 05:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-14 20:04 - 2015-09-16 05:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-10-14 20:04 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-14 20:04 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-10-14 20:04 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-10-14 20:04 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-10-14 20:04 - 2015-09-16 05:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-10-14 20:04 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-10-14 20:04 - 2015-09-16 05:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-14 20:04 - 2015-09-16 05:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-14 20:04 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-14 20:04 - 2015-09-16 05:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-10-14 20:04 - 2015-09-16 05:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-14 20:04 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-10-14 20:04 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-10-14 20:04 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-14 20:04 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-10-14 20:04 - 2015-09-16 05:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-14 20:04 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-14 20:04 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-10-14 20:04 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-14 20:04 - 2015-09-16 05:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-14 20:04 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-10-14 20:04 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-10-14 20:04 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-14 20:04 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-14 20:04 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-14 20:04 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-10-14 20:04 - 2015-09-16 04:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-14 20:04 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-14 20:04 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-10-14 20:04 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-14 20:04 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-14 20:04 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-10-14 20:04 - 2015-09-16 04:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-10-14 20:04 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-14 20:04 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-14 20:04 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-10-14 20:03 - 2015-08-06 20:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-14 20:03 - 2015-08-06 20:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-10-14 20:03 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-14 20:03 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-10-14 20:02 - 2015-09-29 05:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-10-14 20:02 - 2015-09-29 05:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-10-14 20:02 - 2015-09-29 05:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-10-14 20:02 - 2015-09-29 05:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-10-14 20:02 - 2015-09-29 05:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-10-14 20:02 - 2015-09-29 05:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-10-14 20:02 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-10-14 20:02 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-10-14 20:02 - 2015-09-29 05:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-10-14 20:02 - 2015-09-29 05:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-10-14 20:02 - 2015-09-29 05:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-10-14 20:02 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-10-14 20:02 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-10-14 20:02 - 2015-09-29 04:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-10-14 20:02 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-10-14 20:02 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-10-14 20:02 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-10-14 20:02 - 2015-09-29 03:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-10-14 20:02 - 2015-09-29 03:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-10-14 20:02 - 2015-09-29 03:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-10-14 20:02 - 2015-09-29 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-10-14 20:02 - 2015-09-29 03:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-10-14 20:02 - 2015-09-25 20:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-14 20:02 - 2015-09-25 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-10-14 20:02 - 2015-09-25 20:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-14 20:02 - 2015-09-25 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-10-14 20:02 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-14 20:02 - 2015-09-18 21:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-14 20:02 - 2015-09-18 21:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-14 20:02 - 2015-09-18 21:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-14 20:02 - 2015-09-15 20:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-10-14 20:02 - 2015-09-15 20:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-10-14 20:02 - 2015-09-15 20:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-10-14 20:02 - 2015-09-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-10-14 20:02 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-10-14 20:02 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-10-14 20:02 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-10-14 20:02 - 2015-09-15 19:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-10-14 20:01 - 2015-10-01 20:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-14 20:01 - 2015-10-01 20:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-14 20:01 - 2015-10-01 20:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-10-14 20:01 - 2015-10-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-10-14 20:01 - 2015-10-01 20:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-10-14 20:01 - 2015-10-01 20:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-10-14 20:01 - 2015-10-01 20:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-10-14 20:01 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-10-14 20:01 - 2015-10-01 19:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-10-14 20:01 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-10-06 15:17 - 2015-10-06 15:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-09-27 23:29 - 2015-09-27 23:30 - 06521184 _____ (Tim Kosse) C:\Users\schmiro64\Downloads\FileZilla_3.14.0_win64-setup.exe 2015-09-22 22:49 - 2015-09-22 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-17 21:39 - 2015-03-15 17:07 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-17 21:30 - 2012-12-31 18:13 - 01197956 _____ C:\Windows\WindowsUpdate.log 2015-10-17 21:11 - 2009-07-14 06:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-17 21:11 - 2009-07-14 06:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-17 21:01 - 2010-11-21 08:50 - 00702154 _____ C:\Windows\system32\perfh007.dat 2015-10-17 21:01 - 2010-11-21 08:50 - 00150820 _____ C:\Windows\system32\perfc007.dat 2015-10-17 21:01 - 2009-07-14 07:13 - 01628962 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-17 21:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-10-17 20:57 - 2015-03-15 17:07 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-17 20:57 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-10-17 20:56 - 2015-09-16 22:05 - 00010460 _____ C:\Windows\PFRO.log 2015-10-17 20:56 - 2015-09-12 14:35 - 00002520 _____ C:\Windows\setupact.log 2015-10-17 20:56 - 2013-04-01 19:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-10-17 20:56 - 2013-01-05 16:33 - 00000000 ____D C:\ProgramData\VMware 2015-10-17 20:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-17 20:56 - 2009-07-14 04:34 - 45088768 _____ C:\Windows\system32\config\COMPONENTS.bak 2015-10-17 20:56 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak 2015-10-17 20:56 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2015-10-17 20:56 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2015-10-17 19:41 - 2013-02-16 21:56 - 00000000 ____D C:\Users\schmiro64\AppData\Local\FreePDF_XP 2015-10-17 15:58 - 2014-03-03 19:52 - 00000000 ____D C:\Users\schmiro64\Documents\SnagIt Katalog 2015-10-17 09:19 - 2012-12-31 18:12 - 00000000 ____D C:\Users\schmiro64 2015-10-17 03:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-10-16 23:40 - 2015-03-15 17:08 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-16 23:28 - 2013-01-05 18:55 - 00000072 _____ C:\Users\Public\LMDebug.log 2015-10-16 23:27 - 2013-02-17 13:59 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{357339D0-7A51-47A5-AEF2-2E61E0144585} 2015-10-16 19:20 - 2015-09-08 23:30 - 00000000 __SHD C:\Users\schmiro64\AppData\Roaming\gjtdghee 2015-10-16 19:09 - 2013-01-03 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-15 21:56 - 2015-05-01 16:26 - 00000000 ____D C:\Users\schmiro64\AppData\Local\CrashDumps 2015-10-15 21:46 - 2015-05-26 21:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-15 21:45 - 2015-05-26 21:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-10-15 21:27 - 2015-04-19 19:29 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-15 21:27 - 2014-05-06 22:36 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-14 20:21 - 2013-08-10 16:47 - 00000000 ____D C:\Windows\system32\MRT 2015-10-14 20:18 - 2013-01-03 12:24 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-10-13 00:07 - 2013-03-24 15:11 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\BOM 2015-10-09 18:06 - 2013-01-05 16:34 - 00000000 ____D C:\Users\schmiro64\AppData\Local\VMware 2015-10-09 17:56 - 2013-01-05 16:34 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\VMware 2015-10-09 09:36 - 2015-04-05 12:33 - 00000000 ___SD C:\Windows\system32\GWX 2015-10-08 23:45 - 2015-04-05 12:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-10-04 21:57 - 2014-08-10 16:26 - 00082944 _____ C:\Users\schmiro64\Desktop\guzzi_parts.xls 2015-10-04 18:48 - 2014-06-27 21:51 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\ZoomBrowser EX 2015-10-04 18:48 - 2014-06-27 21:45 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\CameraWindowDC 2015-10-04 13:09 - 2014-08-21 21:05 - 00000000 ____D C:\Users\schmiro64\AppData\Local\Adobe 2015-10-04 13:08 - 2013-01-03 12:04 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-04 13:08 - 2013-01-03 12:04 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-27 23:33 - 2013-03-24 15:06 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\FileZilla 2015-09-26 22:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-09-24 08:23 - 2013-10-24 19:34 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-09-22 22:49 - 2015-05-07 20:20 - 00002014 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk 2015-09-22 22:48 - 2013-05-07 18:49 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-09-22 22:48 - 2013-03-27 21:09 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-09-19 11:33 - 2015-03-15 17:07 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-19 11:33 - 2015-03-15 17:07 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-17 09:50 - 2015-02-22 17:35 - 0000093 _____ () C:\Users\schmiro64\AppData\Roaming\ARCompanion.log 2013-12-19 20:58 - 2015-04-03 00:09 - 0000545 ____H () C:\Users\schmiro64\AppData\Roaming\eSReg.ini 2013-11-16 21:12 - 2015-04-08 20:09 - 0000600 _____ () C:\Users\schmiro64\AppData\Roaming\winscp.rnd 2013-05-19 17:47 - 2013-05-19 17:47 - 0004608 _____ () C:\Users\schmiro64\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-23 19:16 - 2014-11-24 00:33 - 0006506 _____ () C:\Users\schmiro64\AppData\Local\mbt-actwiz.log 2013-11-16 21:06 - 2015-04-08 21:42 - 0000600 _____ () C:\Users\schmiro64\AppData\Local\PUTTY.RND 2012-12-31 18:52 - 2015-09-04 20:47 - 0007656 _____ () C:\Users\schmiro64\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-11 19:24 ==================== Ende von FRST.txt ============================ |
|
17.10.2015, 20:58
| #17 |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 ... und hier von FRST Addition.txt
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-10-2015
durchgeführt von schmiro64 (2015-10-17 21:54:00)
Gestartet von D:\_____xxx20151015
Windows 7 Professional Service Pack 1 (X64) (2012-12-31 16:12:22)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1582384673-2009952006-1762237435-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-1582384673-2009952006-1762237435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1582384673-2009952006-1762237435-1007 - Limited - Enabled)
internet1 (S-1-5-21-1582384673-2009952006-1762237435-1004 - Limited - Enabled) => C:\Users\internet1
petra64 (S-1-5-21-1582384673-2009952006-1762237435-1003 - Limited - Enabled) => C:\Users\petra64
schmiro64 (S-1-5-21-1582384673-2009952006-1762237435-1000 - Administrator - Enabled) => C:\Users\schmiro64
___VMware_Conv_SA___ (S-1-5-21-1582384673-2009952006-1762237435-1008 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Amazon Music (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version: - )
Arcon 11 (HKLM-x32\...\{1923A3BE-1437-4C5A-A7FE-77D298B6DFCB}) (Version: 1.00.0000 - Eleco)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.4.0.8 - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.0.3 - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon MX920 series Benutzerregistrierung (HKLM-x32\...\Canon MX920 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.0.0.15 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DesignCAD 3D Max 21 (HKLM-x32\...\{90408D47-8AD3-4BE8-B176-E2CE2C794FFE}) (Version: 21.0.0 - IMSIDesign)
DesignSpark Mechanical 1.0 (HKLM\...\{724120B5-FF8C-4337-A7EF-3C1E0FB6B92F}) (Version: 8.1.2 - RS Components)
Easy Smart Configuration Utility (HKLM-x32\...\InstallShield_{2E6F915E-1948-49D0-B660-0F17C768E511}) (Version: 1.0.0.6 - TP-LINK)
Easy Smart Configuration Utility (x32 Version: 1.0.0.6 - TP-LINK) Hidden
EasyLog USB (HKLM-x32\...\{C6EAC902-F135-4DE1-A792-18459C9B1FB3}) (Version: 5.5.3 - Lascar Electronics Ltd.)
EasyLog USB Device (Driver Removal) (HKLM-x32\...\EL-USB&10C4&0002) (Version: - Lascar Electronics Ltd.)
easyROUTES 3 GPS-Tourenplaner (HKLM-x32\...\easyROUTES 3 GPS-Tourenplaner_is1) (Version: 3 - REINER H. NITSCHKE Verlags-GmbH)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Frontplatten Designer (HKLM-x32\...\Frontplatten Designer) (Version: 4.4.2 - Schaeffer AG)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2016.10 (HKLM-x32\...\{53F166AF-9991-45CD-B917-384DDAA243A4}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HWiNFO64 Version 4.06 (HKLM\...\HWiNFO64_is1) (Version: 4.06 - Martin Malík - REALiX)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
IPCam Admin v3.0.28 (HKLM-x32\...\IPCam Admin Utility_is1) (Version: - Edimax Technology Co., Ltd.)
IPCam Surveillance Software 3.0.3.5 (HKLM-x32\...\IPCam Surveillance Software_is1) (Version: - Edimax Technology Co., Ltd.)
IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Liberta (HKLM-x32\...\{1EE5DCB1-E25C-44CB-8B32-EB063ED8EF73}) (Version: 1 - Weto)
LOGINventory5 (HKLM-x32\...\LOGINventory5) (Version: 5.11.0.5756 - Schmidt's LOGIN GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
mb Software ArCon (HKLM-x32\...\ArCon) (Version: - )
mb Software ArCon online (HKLM-x32\...\ArCon online) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Bluetooth (HKLM\...\Motorola Bluetooth_is1) (Version: 3.0.1.227 - Motorola, Inc.)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
Nero BurningROM 12 (HKLM-x32\...\{3D9F1904-15A3-4022-B619-FDF43021BE2F}) (Version: 12.5.01400 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.57 - NETGEAR Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version: - )
Paragon Festplatten Manager™ 12 Professional (HKLM-x32\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuoVadis 7 (HKLM-x32\...\QuoVadis 7_is1) (Version: 7 - Flemming Software Development CC)
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.01.16.00 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung ML-2950 Series (HKLM-x32\...\Samsung ML-2950 Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Sudoku (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\e3626db9ef6c8cdc) (Version: 4.8.2.0 - Clemens Pichl)
Sudoku (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\e3626db9ef6c8cdc) (Version: 4.8.2.0 - Clemens Pichl)
Sudoku (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\e3626db9ef6c8cdc) (Version: 4.8.2.0 - Clemens Pichl)
SurveillancePlugin (HKLM-x32\...\{FB90D390-FBD6-465D-A39D-CED6A7C3580D}) (Version: 1.0.0.581 - Synology)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.35436 Beta - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TFD128 (HKLM-x32\...\TFD128) (Version: 1.01 - ELV Elektronik AG)
TFD128 (x32 Version: 1.01 - ELV Elektronik AG) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.7 - VMware, Inc)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
VMware vCenter Converter Standalone (HKLM-x32\...\{2BCC4907-4205-4338-BDA5-94F183144C35}) (Version: 5.5.0.1362012 - VMware, Inc.)
VNC Viewer 5.0.5 (HKLM\...\RealVNCViewer_is1) (Version: 5.0.5 - RealVNC Ltd)
weblica - 3.6.3 (HKLM-x32\...\weblica) (Version: 3.6.3 - empros gmbh)
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinImage (HKLM\...\WinImage) (Version: - )
WinImage (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\WinImage) (Version: - )
WinImage (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinImage) (Version: - )
WinImage (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinImage) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
WOL2 (HKLM-x32\...\{1F951BBA-C582-4D59-9E07-8630E6245854}) (Version: 2.0 - Marko Oette (www.oette.info))
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1582384673-2009952006-1762237435-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Wiederherstellungspunkte =========================
17-10-2015 19:47:37 ComboFix created restore point
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-10-17 19:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01A1C850-3C90-4FB6-B992-78F1024D95D4} - System32\Tasks\LOGINquiry5 Task => C:\_systools\install\LOGINventory5\LOGINquiry.exe [2013-11-29] (Schmidt's LOGIN GmbH)
Task: {04AC5F64-5100-4E3E-A542-2129F4E3EDC9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {1E5A82D7-1A9F-4B5A-B8C9-94C0E500E17E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3AA534D4-5DCE-4F04-841B-098423D78243} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {3B6EA404-86A1-4308-998E-6C7DD34E255A} - System32\Tasks\Paragon Archive name diff_241014190039002 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {4E6799E9-7C7F-4219-88BB-FE3B54CD48F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {6EB98E7C-2649-4D4C-8710-8ABA1DC1C425} - System32\Tasks\Paragon Archive name diff_150315172000766 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {7F0AD858-8FE3-43E7-A690-A02CC2B72E4A} - System32\Tasks\LOGINsert5 Task => C:\_systools\install\LOGINventory5\LOGINsert.exe [2013-11-29] (Schmidt's LOGIN GmbH)
Task: {8B77CBDE-6F4F-4BD5-9583-16C4B7D50A06} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {8E731F31-C3E2-46A9-A37D-3A38A3111FB7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {903B12F1-44AB-4346-A993-A4E159CF4A16} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {95DFCFDA-E7BC-436F-B74F-7FA321D4D406} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {A1357EB8-7472-48C6-A023-4B3F25A26D95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {BA458291-3E36-44F9-8D71-24503D450618} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {C60D38D9-4383-477A-88E5-77FE64F8431D} - System32\Tasks\Paragon Archive name diff_150315152607576 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {C8008792-A5C4-4F1C-94DC-B90181179B2D} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {D5246ACB-B4EF-4F73-AE38-F3D1EA3DEEB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {DEBCABFE-DB1F-48AC-AE75-C460E80EFF86} - System32\Tasks\Paragon Archive name diff_250115191339836 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {E577C9EE-7DD6-43A7-BADE-E1124AF51CB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {F809BAD6-9659-4082-A065-30EB19C09A25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {FCF6CB30-A9EA-4694-A3EE-AB5681A98C5A} - System32\Tasks\CrystalDiskInfo => C:\_systools\noinstall\diskinfo\DiskInfo.exe [2012-09-25] (Crystal Dew World)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LOGINquiry5 Task.job => C:\_systools\install\LOGINventory5\LOGINquiry.exe
Task: C:\Windows\Tasks\LOGINsert5 Task.job => C:\_systools\install\LOGINventory5\LOGINsert.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_150315152607576.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_150315153003888.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_150315172000766.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_150315172131567.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_241014190039002.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_241014190315882.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_250115191339836.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_250115191555603.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-02-16 21:56 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-01-05 18:54 - 2011-04-01 05:30 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2012-06-01 11:42 - 2012-06-01 11:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-03-19 19:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-25 03:28 - 2014-02-25 03:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2013-04-14 18:02 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2007-05-16 11:39 - 2007-05-16 11:39 - 00385096 _____ () C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItShellExt64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\_systools\install\Notepad++\NppShell_05.dll
2013-01-03 12:36 - 2015-10-17 20:56 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-01-03 12:36 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-10-07 19:44 - 2013-10-07 19:44 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-10-07 19:43 - 2013-10-07 19:43 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-10-07 19:42 - 2013-10-07 19:42 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2015-06-24 14:28 - 2015-06-24 14:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-01-03 12:39 - 2012-05-17 12:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2013-01-03 12:39 - 2012-07-05 13:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-01-03 12:37 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-01-03 12:37 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-01-03 12:37 - 2012-03-21 13:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-01-03 12:38 - 2012-06-19 13:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-01-03 12:39 - 2012-07-25 10:56 - 01124864 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2013-01-03 12:39 - 2012-07-20 10:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-01-03 12:37 - 2012-05-25 11:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-01-03 12:37 - 2012-05-28 22:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-01-03 12:37 - 2011-09-19 21:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-01-03 12:37 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-01-03 12:37 - 2011-10-14 21:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-01-03 12:36 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-01-03 12:37 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-01-03 12:37 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-10-21 22:39 - 2014-10-21 22:39 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-12-31 18:27 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 11:44 - 2014-11-27 11:44 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2012-12-31 18:49 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-09 11:00 - 2014-09-09 11:00 - 00023576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:4878DF65
AlternateDataStreams: C:\Users\schmiro64\Downloads\Terminfindung Alm-Sommerfest (via Doodle).eml:OECustomProperty
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SCHMIR~1\AppData\Local\Temp\BGInfo.bmp
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\SCHMIR~1\AppData\Local\Temp\BGInfo.bmp
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\SCHMIR~1\AppData\Local\Temp\BGInfo.bmp
HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\petra64\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\petra64\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\internet1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\internet1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FF48EF72-8538-4291-8711-97225BED3E59}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{0D21665D-894F-48DF-9463-4F1BD3496C41}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{BC238D54-0C43-4E66-A4D3-9001A7B9D1A1}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{FF2CF3E2-52B4-428A-915C-878CF642D691}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7DDCC9B7-6238-4C70-A3EF-BE8D5645E0E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1ECD3D32-4D8A-404D-9995-01A26645121A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{18E0CA2C-2E5A-43DD-B8E3-9E7DB48CA9F8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{BE711326-3994-4F90-A58A-1C73479A9CDC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{22237E1C-31E1-486E-999C-D49BF849A1C2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F9E3902F-7AB8-4D16-82AA-2C3953486A92}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E9D5FC16-F721-43CE-AE7E-3EE4487CCFB6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{C8AC91C5-9350-40CE-8C5F-4B407BCABC69}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [TCP Query User{BD673F55-36B1-4895-A052-F1442A07F296}C:\_systools\install\iometer 2006.07.27\iometer.exe] => (Block) C:\_systools\install\iometer 2006.07.27\iometer.exe
FirewallRules: [UDP Query User{D259A41B-DAF1-4612-B89D-DCA17D5EB5BA}C:\_systools\install\iometer 2006.07.27\iometer.exe] => (Block) C:\_systools\install\iometer 2006.07.27\iometer.exe
FirewallRules: [TCP Query User{E2417FD7-DFDC-4EA3-804D-58FE5DEABE7E}C:\_systools\install\iometer 2006.07.27\dynamo.exe] => (Block) C:\_systools\install\iometer 2006.07.27\dynamo.exe
FirewallRules: [UDP Query User{D9A0C0F4-086E-4E51-9D35-4E55653A00D4}C:\_systools\install\iometer 2006.07.27\dynamo.exe] => (Block) C:\_systools\install\iometer 2006.07.27\dynamo.exe
FirewallRules: [{B1396C91-18E4-48F1-9B83-3A5E7BC9EE79}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{25887B28-4FB8-4B5F-A41D-B0F41C88E15B}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{70038333-4DE1-43B4-A78D-5CE490E844A9}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{9627FB85-C35A-4D09-B13E-34F24C236380}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [TCP Query User{1C1E2064-CA16-4865-BE47-3F8F8347545F}C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe] => (Allow) C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe
FirewallRules: [UDP Query User{17F13603-646A-49ED-B052-33EB0F668EA9}C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe] => (Allow) C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe
FirewallRules: [TCP Query User{5BFA71A5-BB33-4E41-BFFD-AE78688B36AF}C:\program files (x86)\internet camera\admin\admin.exe] => (Allow) C:\program files (x86)\internet camera\admin\admin.exe
FirewallRules: [UDP Query User{F96A49AF-E9D7-4E96-9701-0A0AF44C4EB9}C:\program files (x86)\internet camera\admin\admin.exe] => (Allow) C:\program files (x86)\internet camera\admin\admin.exe
FirewallRules: [{C0368BE4-EF0F-48F3-A794-DEDDE25D3346}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{172353F1-A67C-4532-998A-9B7BE29BFF5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B379267E-6D10-4BEE-B90A-B90763BAA985}C:\program files (x86)\internet camera\viewer\ipcamviewer.exe] => (Allow) C:\program files (x86)\internet camera\viewer\ipcamviewer.exe
FirewallRules: [UDP Query User{19F3762D-BBA5-47B3-A92C-67ADB1CC0F8A}C:\program files (x86)\internet camera\viewer\ipcamviewer.exe] => (Allow) C:\program files (x86)\internet camera\viewer\ipcamviewer.exe
FirewallRules: [{25B04C38-73FD-44B9-B0E2-A125A679F409}] => (Allow) LPort=9089
FirewallRules: [{4CC39688-752D-4423-816B-260786680748}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{A14CEDE7-FACB-49C3-80EC-E30414795161}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [UDP Query User{676F8AE7-3D78-47B8-A289-BB51282CBA2C}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{D42F5EDD-EF7D-45EB-A0F7-0198CA0256CE}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{791E2BF4-4611-48C5-BD7A-946EF1AC9C2B}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [TCP Query User{C5E76871-90B1-49D0-BAC5-B54266C8D9FB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{F9BEFA55-B9C0-4933-BF09-1D150CC1253D}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{074095A2-C368-4653-AECE-8886BAC9384A}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{9EFB92AE-6D9B-447E-A9EA-86A0E57FD2B1}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{84613AAF-CE75-4CD0-9FAA-AF6AD4BBE489}C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe] => (Allow) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [UDP Query User{E77964A6-5B67-424D-A7E4-BA59B6A41ABE}C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe] => (Allow) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{A612FC5A-B547-4956-8B76-CF4D62573420}] => (Block) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{E9CD8A27-EB8D-47FC-9C27-B1F50DCB649F}] => (Block) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{A50AD72F-3D86-47E1-8A55-96196C4FD3F2}] => (Allow) C:\Program Files (x86)\weblica\weblica.exe
FirewallRules: [TCP Query User{31BF2F95-48C2-4279-81EF-458ECB47845D}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{181D3B85-9C42-4B20-AA19-5E909D6834CF}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{FF432F6D-8482-4F27-9846-3FBF88D9378C}C:\program files (x86)\ipcamsetup\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamsetup\ipcamera.exe
FirewallRules: [UDP Query User{574AA6B4-EF4D-4AA7-90A3-BBAFD0966DF5}C:\program files (x86)\ipcamsetup\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamsetup\ipcamera.exe
FirewallRules: [TCP Query User{23670CED-F98A-44B9-8100-790C6CF21FEF}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [UDP Query User{5BA67960-1A98-4FC3-8754-6E998A2C6927}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [TCP Query User{8EBF9044-5F63-4C10-B1CB-2421874EFF01}C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D5FA4231-7192-4317-B40B-F4AAAE292F69}C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe
FirewallRules: [{0D58F267-3810-4B8E-A672-F98212B48B8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{61DE1F8F-C09E-4A44-8B8A-7F23F94EEDB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1822B277-90CA-4B76-873F-D0F66268F6FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A742E651-BDB1-42CB-8E88-24ED7A35077A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{807C8314-A2F6-4025-82D7-396898C37E63}D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe] => (Allow) D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe
FirewallRules: [UDP Query User{8D3F7915-AF1E-42EA-9146-EC1B54B35B7F}D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe] => (Allow) D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe
FirewallRules: [{805EF35B-673B-41F5-A20F-B19E080E5DAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D5B84E2-8EA8-490E-B438-D98CE9AEE71B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{72E94DBA-BF25-4F3E-A897-94F4D643915D}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{E11378B6-A84C-462C-8EEF-73F01E532E08}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{AF81C75D-0278-4D38-97DF-6604F4ED86D8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B48C2087-2C1C-4399-9E96-A0E065CFA879}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6D3DAC28-F25B-4933-B055-EA5F9F4F2F5F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A851D3BF-AA28-42EC-AED8-6B0E49D66F08}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6FE2874D-8C62-428B-994B-B71FA187EB6C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F8BF7E63-924C-49A7-BBAE-48273F381AC1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{AA9F3695-4683-4076-91B0-B61A0B440E0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1BBF8DDB-2E15-46B5-A643-9F506E61B2DE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9FEB803E-9B4C-49D1-B36D-2B16B20F8F51}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{ADA56AF9-627D-453C-8C42-BA4B38E8E86B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{A2B3CEA9-2A7D-400A-A96C-857F0ADCCB0C}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [UDP Query User{9F04CBC0-4C60-4CC6-A274-3EA2F5ED5976}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [{12F47A83-C4B7-4712-8397-A84CED9226ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/17/2015 09:28:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:26:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:23:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:23:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:20:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:10:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:10:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:06:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:05:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:05:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Systemfehler:
=============
Error: (10/17/2015 09:36:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/17/2015 07:51:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/17/2015 07:51:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/17/2015 07:51:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/17/2015 07:50:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/16/2015 11:23:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/16/2015 11:21:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/16/2015 11:21:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/16/2015 08:19:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
CodeIntegrity:
===================================
Date: 2015-10-17 19:51:19.649
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-10-17 19:51:19.618
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-05 23:30:23.891
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:30:23.888
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:30:23.885
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:30:23.882
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.459
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.348
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.235
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 7879.35 MB
Verfügbarer physikalischer RAM: 5498.86 MB
Summe virtueller Speicher: 15756.9 MB
Verfügbarer virtueller Speicher: 13005.18 MB
==================== Laufwerke ================================
Drive c: (win764_c) (Fixed) (Total:111.69 GB) (Free:17.46 GB) NTFS
Drive d: (win764_d) (Fixed) (Total:250 GB) (Free:103.46 GB) NTFS
Drive e: (win764_e) (Fixed) (Total:500 GB) (Free:78.17 GB) NTFS
Drive f: (win764_f) (Fixed) (Total:500 GB) (Free:150.69 GB) NTFS
Drive g: (win764_g) (Fixed) (Total:500 GB) (Free:115.36 GB) NTFS
Drive j: (win764_j) (Fixed) (Total:113.01 GB) (Free:73.12 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3EF9CA37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D6F332BB)
Partition 1: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=613 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
|
|
17.10.2015, 21:03
| #18 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 OK, dann bitte noch einen Kontrollscan mit ESET:
__________________Schritt ESET Online Scanner
__________________ |
|
17.10.2015, 22:01
| #19 |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, ESET hat bei 15% und nach ca, 35 Minuten schon wieder 4 Bedrohungen gefunden. Alles Win32/Trustezeb.K.  Soll ich ESET trotzdem weiter laufen lassen ? Kann so 3-4 Stunden dauern, da mehrere grosse Laufwerke in meinem PC drin sind. Gruss Ralf |
|
17.10.2015, 22:07
| #20 |
| /// TB-Ausbilder /// Anleitungs-Guru | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Ich warte ja nicht auf das ESET Log.  Führe den Scan vollständig durch.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
17.10.2015, 23:59
| #21 |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, hier ist das ESET Log FIle. Am Ende waren es dann 10 Bedrohungen. Herzlicher Gruss Ralf Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2265811ac34160429d02a9995baf6d1c
# end=init
# utc_time=2015-10-17 08:15:13
# local_time=2015-10-17 10:15:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26285
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2265811ac34160429d02a9995baf6d1c
# end=updated
# utc_time=2015-10-17 08:19:52
# local_time=2015-10-17 10:19:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2265811ac34160429d02a9995baf6d1c
# engine=26285
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-17 10:49:01
# local_time=2015-10-18 12:49:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 71558713 196751991 0 0
# scanned=1269024
# found=10
# cleaned=0
# scan_time=8948
sh=5DD6B962AB3920F2D39088C8B8C3F39D6504DAB2 ft=1 fh=053a9fa1dfec318f vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0000\file0000\tsk0000.dta"
sh=16969AA2221E8C24C08A984CD4C5311A5E975942 ft=1 fh=39e96940a1f2df1e vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0001\file0000\tsk0000.dta"
sh=5DD6B962AB3920F2D39088C8B8C3F39D6504DAB2 ft=1 fh=053a9fa1dfec318f vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0002\file0000\tsk0000.dta"
sh=16969AA2221E8C24C08A984CD4C5311A5E975942 ft=1 fh=39e96940a1f2df1e vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0003\file0000\tsk0000.dta"
sh=44E4D7AEDCA905466F69913241BCDC7A753213E1 ft=1 fh=930c7438f78acb51 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\from_winxp2\___download\zaZA_Setup_de_xp.exe"
sh=44E4D7AEDCA905466F69913241BCDC7A753213E1 ft=1 fh=930c7438f78acb51 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\von_winxp3_d\from_winxp2\___download\zaZA_Setup_de_xp.exe"
sh=4A5DEE4A5B1AEB00E5807AF3EE16DA7CCBE5521F ft=1 fh=0d8b6b0d107f5c19 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="D:\von_winxp3_d\___installation\audiograbber\agsetup183se.exe"
sh=44E4D7AEDCA905466F69913241BCDC7A753213E1 ft=1 fh=930c7438f78acb51 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\winxp2_download\___download\zaZA_Setup_de_xp.exe"
sh=994F86E28C39280086B61C2A549252549BABD46A ft=1 fh=40b5aa8f3d6d4063 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="D:\_download - Kopie\cpu-z_1.62-setup-en.exe"
sh=DE4B6F04F6B0C9338D3F191B3E08A70A689E5D5B ft=1 fh=f13d621671c8cd1c vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="D:\_download - Kopie\_von_winxp3_e\eac-0.99pb5.exe"
|
|
18.10.2015, 10:30
| #22 |
| /// TB-Ausbilder /// Anleitungs-Guru | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Morgen Ralf, aktive Malware wurde da keine mehr gefunden. Wann genau hast Du denn den Anhang geöffnet? Kannst Du bitte mal versuchen mir diesen Ordner hochzuladen: C:\TDSSKiller_Quarantine Schritt 1  Upload:
Bitte um Rückmeldung ob es geklappt hat!  Danke für Deine Hilfe!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.10.2015, 11:18
| #23 | |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, Zitat:
Den gezippte TDSSKiller Quarantäne Ordner habe ich hochgeladen Herzlicher Gruss Ralf |
|
18.10.2015, 11:57
| #24 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Danke Dir. Mach mal bitte noch folgendes: Schritt 1 Echtzeitschutz des Virenscanners abschalten.  Schritt 2 Download von  ZOEK (by Smeenk)
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.10.2015, 15:22
| #25 |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, anbei die Ergebnisse von zoek Herzlicher Gruss Ralf PS: Meine Antwort hat diesmal ein wenig länger gedauert, da ich über Mittag familiäre Verpflichtungen hatte. Code:
ATTFilter
Zoek.exe v5.0.0.1 Updated 17-October-2015
Tool run by schmiro64 on 18.10.2015 at 15:58:43,93.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\schmiro64\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
18.10.2015 16:00:06 Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\4-Port Gigabit Net USB Server Hub deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Synology deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\Users\schmiro64\AppData\Roaming\CameraWindowDC deleted successfully
C:\Users\schmiro64\AppData\Roaming\FreePDF deleted successfully
C:\Users\schmiro64\AppData\Roaming\gjtdghee deleted successfully
C:\Users\schmiro64\AppData\Roaming\WinRAR deleted successfully
C:\Users\internet1\AppData\Local\VirtualStore deleted successfully
C:\Users\petra64\AppData\Local\VirtualStore deleted successfully
C:\Users\schmiro64\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\schmiro64\AppData\Local\EmieSiteList deleted successfully
C:\Users\schmiro64\AppData\Local\EmieUserList deleted successfully
C:\Users\schmiro64\AppData\Local\FreePDF_XP deleted successfully
C:\Users\schmiro64\AppData\Local\PackageAware deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\petra64\AppData\Roaming\Mozilla\Firefox\Profiles\0gp2f6ge.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1610_.backup
ProfilePath: C:\Users\SCHMIR~1\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1610_.backup
ProfilePath: C:\Users\SCHMIR~1\AppData\Roaming\Thunderbird\Profiles\90oyl6bg.default_new2
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1610_.backup
ProfilePath: C:\Users\SCHMIR~1\AppData\Roaming\Thunderbird\Profiles\90oyl6bg.default_new2 - Kopie
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1610_.backup
ProfilePath: C:\Users\SCHMIR~1\AppData\Roaming\Thunderbird\Profiles\u899i5uy.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs__1610_.backup
==== Deleting Files \ Folders ======================
C:\PROGRA~2\4-Port Gigabit Net USB Server Hub not found
C:\Users\schmiro64\.android deleted
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\Users\schmiro64\AppData\Roaming\ZoomBrowser EX deleted
C:\Users\schmiro64\AppData\Roaming\eSReg.ini deleted
C:\Users\schmiro64\AppData\Roaming\ARCompanion.log deleted
C:\PROGRA~3\{39CC6573-EA39-4F26-BB6D-930E0B0E969B} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\schmiro64\AppData\Local\mbt-actwiz.log deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\Windows\Installer\b8c37a.msi" deleted
==== System Specs ======================
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 7880 MB
CPU Info: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
CPU Speed: 3473,9 MHz
Sound Card: Lautsprecher (Realtek High Defi |
Realtek Digital Output(RCA) (Re |
Display Adapters: Intel(R) HD Graphics | Intel(R) HD Graphics | Intel(R) HD Graphics | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; PnP-Monitor (Standard) |
Screen Resolution: 1920 X 1200 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 2x (H: | I: | ) H: TSSTcorpDVD-ROM SH-118AB | I: Optiarc DVD RW AD-7280S
Ports: COM1 LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C: 111,7GB | D: 250,0GB | E: 500,0GB | F: 500,0GB | G: 500,0GB | J: 113,0GB
Hard Disks - Free: C: 16,8GB | D: 103,5GB | E: 78,2GB | F: 150,7GB | G: 115,4GB | J: 73,1GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/05/12 | ALASKA - 1072009
Time Zone: Mitteleuropäische Zeit
Motherboard *: ASUSTeK COMPUTER INC. P8Z77-M
Country: Deutschland
Language: DEU
==== System Specs (Software) ======================
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Default Browser: Firefox 41.0.2
Internet Explorer Version: 11.0.9600.18059
Mozilla Firefox version: 41.0.2 (x86 de)
Google Chrome version: 46.0.2490.71
Adobe Reader version: 15.9.20069.159242
Sun Java version: 1.7.0_60 (64-bit)
Flash Player version: 19.0.0.185
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2015-10-17 17:47:36 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-10-17 17:47:36 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-10-17 17:47:36 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-10-17 17:47:36 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-10-17 17:47:36 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\SCHMIR~1\AppData\Local\Temp ====
2015-10-17 20:16:25 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\schmiro64\AppData\Local\Temp\ehdrv.sys
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-10-14 18:04:39 D586CB95B4EADC0525E8929A241898F5 20357632 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2015-10-14 18:04:39 C89372B642726F1CF3EB479397976DA3 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 18:04:39 C848E013BB85C48C787001E1EA36905F 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 18:04:39 A7028D5D5E3DCF820B3C0AFE0137A87E 130048 ----a-w- C:\Windows\SysWOW64\occache.dll
2015-10-14 18:04:39 9F36964CDB9A920779314395E3911503 504832 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2015-10-14 18:04:39 908BBA41A5B57DDB126B85EC14DD58EF 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 18:04:39 0E036A353DB9D8F4F642AC0F9412F09E 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 18:04:39 098F6097F919EE77EA490E16D11E427A 1311232 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2015-10-14 18:04:39 060409834CC8FAC3F1231DA3F0648CC5 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 18:04:39 04BB7AF8E0DAE83982155F0752308666 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 18:04:39 00FBEDF0E74AD8815469A95271C0E562 345688 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 18:04:38 F274AF14C7DB6C52C023BCBDA4197D17 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 18:04:38 B87A11C95703AB19ACB43993DDA0F1A3 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2015-10-14 18:04:38 AFC4F34507B555D1C9C4F049CCA1475F 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 18:04:38 9F4234838400CC3A964AF53DE4410A50 2279936 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2015-10-14 18:04:38 8C9BCE16E894D4FBCE151F4A5FE05F55 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2015-10-14 18:04:38 816B489E2BBFE2479C844AAD486ABB42 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 18:04:38 7E8EABA6A2B10FE11E2381378A57322B 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 18:04:38 73189A2739491ABB556872737C501F8E 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll
2015-10-14 18:04:38 584E6632F1F4027AB64DEB0F4139E7D7 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 18:04:38 4A3CA2C73C4D66A90C63E9E532746020 480256 ----a-w- C:\Windows\SysWOW64\ieui.dll
2015-10-14 18:04:38 12DCE9300FF5B74DC2F7DBAC96B0614E 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 18:04:37 CEDBC9DBD9800E0EE81B0840EBC2BAC5 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 18:04:37 BE1263EE0CB8CF942FC35CC86E0C3941 12853760 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2015-10-14 18:04:36 E401E66CCB2AE219CF41F7F901C410C1 2011136 ----a-w- C:\Windows\SysWOW64\wininet.dll
2015-10-14 18:04:36 DE53F76D63CA64E172B336BC7CFF6EDA 4527616 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2015-10-14 18:04:36 A7012A7032207D1C16B7236EDF91F4BB 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll
2015-10-14 18:04:36 A25C9DD040CA9799C2A7E41732D0752A 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll
2015-10-14 18:04:36 5EE17D52CAF79663211C01C614594620 341504 ----a-w- C:\Windows\SysWOW64\html.iec
2015-10-14 18:04:36 17B66052348D3A3681A9411EDD839E18 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 18:03:04 F811B932E3DBA308014F8C870F752F16 12875776 ----a-w- C:\Windows\SysWOW64\shell32.dll
2015-10-14 18:03:03 5CB2886338C82E388F68557E2745200F 1498624 ----a-w- C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 18:02:23 DDCABBADA6116E8E3472D93FDF56FE66 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2015-10-14 18:02:23 C4240CA64E6B3523110DE3CAF4066F07 566784 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2015-10-14 18:02:23 7902FB8C129A6DCAA9E0002BD3600F00 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-10-14 18:02:23 6CE7ACA0022C27A3FAECB600E097F81B 30208 ----a-w- C:\Windows\SysWOW64\wups.dll
2015-10-14 18:02:23 693F6EC2312B8B3F57B7277B069B91A3 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 18:02:19 C19537A50B723E0F7B53D413163B35EE 3936192 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 18:02:19 9E83A4F6E776F7A3E5F7FB90180FBC0B 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2015-10-14 18:02:19 63FD03CED9739062E9B94F0D1E54A406 3990976 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 18:02:18 FE7B23203C757148CBCCA0A39EAD3C59 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll
2015-10-14 18:02:18 D9F5F78F8EA5749CA651B71335A96421 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2015-10-14 18:02:18 D8269205300BB593C3698BB77178E8D3 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2015-10-14 18:02:18 D414A645F6853BB2C8A24B85C1C86581 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2015-10-14 18:02:18 CA504606753BD62FA3128D3056320264 552960 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2015-10-14 18:02:18 C7293C9340BDC8291F6718913F3F7B14 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 18:02:18 C142CBB756205146B88DDB66D00BFE66 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 18:02:18 C00E4CD3AC3A0D8E339635E06546B77D 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-10-14 18:02:18 B421B311420FD650BE3B25EAC217E685 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2015-10-14 18:02:18 8A4ED460B6557EDCA637236073794DFF 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll
2015-10-14 18:02:18 6D16D1B9DB2526B985BBB9B27A56B70B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2015-10-14 18:02:18 6848FA8B421A0CEC8990AFE7A615574F 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2015-10-14 18:02:18 64B92847AA0945992BB49B62D9B0440E 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2015-10-14 18:02:18 5FC0F48FD38D0AC7FC54EBEFBC3F69C5 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2015-10-14 18:02:18 4EB6A0445891D56D56BB4580B3906BEA 1311768 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2015-10-14 18:02:18 3FA49981A847AE62259E6AEB585C84B8 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 18:02:18 2464CEAC16185B73774662AC625F695D 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2015-10-14 18:02:18 2421C989BF8485B6A9EBBAC35ACADF1D 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 18:02:18 22BF275468F714A4F7E6F36449D1DCE2 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 18:02:18 1BE5DF925C30D9D1FAD1212FB215E469 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 18:02:18 1ADCC4F94981430FE968EE992353C535 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 18:02:18 15192FC6BFCB37AE43A645A9C84AEF2F 36864 ----a-w- C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 18:02:18 09BA6677E9CCBB1884CD0FB24F6EF584 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2015-10-14 18:02:18 0834E70A068360D85CDC47697A4B7898 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2015-10-14 18:01:58 0D0FF2A38473552DDFF4F21756700F9B 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll
2015-10-14 18:01:51 CBF3CFC9EE1FD29707D95C63A5E7A78B 19808 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 18:01:51 C1096DA4634AD3356A10C00B24F53393 22368 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 18:01:51 B23936CF83DAC4B64660A88711B5234A 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 18:01:51 9F9FE5F52E9B2AD655C896B849883B1A 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 18:01:51 9D66FCC681389EC619D4E801F1DDBB2F 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 18:01:51 94FEB4417CF3E39C8C58A1B73620687E 66400 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 18:01:51 8E534F49C77D787DB69BABFF931A497A 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 18:01:51 85CEBA9A21CE5D51B35EF2DE9EBFBAC4 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 18:01:51 80BEB858D2EEE9CA657647B599E5D844 11616 ----a-w- C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 18:01:51 73CED8B30963E54D262DAE2559116E46 13664 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 18:01:51 6C7F782FDBF9AEFFE7663FA1579A610E 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 18:01:51 5B55E9A1360A6C52CC988DA6804D6CA2 901264 ----a-w- C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 18:01:51 4669249FB01EA369C7FD40A530966FA1 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 18:01:51 408019E57D3D2DA62A9F28389EED0AC1 16224 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 18:01:51 39F9D0F1B698D53D78C79576C7C60526 14176 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 18:01:51 33E8CCBE05123C8146CD16293B688417 15712 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 18:01:51 00A0A24BB2E9AADE11494B627EB164C4 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-10-14 18:04:39 BF8A5B4E696F4E8F3B2B5E9902467418 720896 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2015-10-14 18:04:39 9E0D0522908C1106E0D77708CB9926FE 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll
2015-10-14 18:04:39 9AEE2A881FD10E6A463588303D8027AD 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2015-10-14 18:04:39 80E9DF296F127B3BC965EBC5A2C8F044 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2015-10-14 18:04:39 521E1A87D4F750FD9694DBF3AB37B38F 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2015-10-14 18:04:39 3A0773E21355B41176ACAD8BB099D9B3 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2015-10-14 18:04:38 D661A17B4634171C58373699CBD6455B 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll
2015-10-14 18:04:38 8A2A46DD0C51E5D2D0A2EF2AA289DA4D 1546752 ----a-w- C:\Windows\Sysnative\urlmon.dll
2015-10-14 18:04:38 6E1EEB1CE2F9F3AB14A9E8A6B1E82455 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2015-10-14 18:04:38 4AEB3F2FB0CC23A18ED997F6C0476819 391784 ----a-w- C:\Windows\Sysnative\iedkcs32.dll
2015-10-14 18:04:38 3295B811A0260C0A5B346ECB73C5FCF0 152064 ----a-w- C:\Windows\Sysnative\occache.dll
2015-10-14 18:04:38 2A898891EB7FBCF0774F0B96AAD05561 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2015-10-14 18:04:38 12C1DECE9502828C0A5ADB50AB1673A0 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2015-10-14 18:04:37 F6F91F217D760981017E4AA4F1C7E633 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll
2015-10-14 18:04:37 E91FD3ACC10C971CBA991FCD058ABB58 2886656 ----a-w- C:\Windows\Sysnative\iertutil.dll
2015-10-14 18:04:37 7C3050383491011FEDD40961A37A2D99 2126336 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2015-10-14 18:04:37 0FA614470B3A78FC5B8F3F3F742B9837 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2015-10-14 18:04:36 BC92D9D88959542FBAF1F8CF21F86B38 14458368 ----a-w- C:\Windows\Sysnative\ieframe.dll
2015-10-14 18:04:36 A865136AC6436533E0A4A3C67F259401 585728 ----a-w- C:\Windows\Sysnative\vbscript.dll
2015-10-14 18:04:36 88D3F690043A1AA43F33DEC6DDA82178 616960 ----a-w- C:\Windows\Sysnative\ieui.dll
2015-10-14 18:04:36 84C63F3D2D488A918A947E06BD1105EF 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2015-10-14 18:04:36 45A56A2CC2D6A4B649B7DC3B5DF259FF 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll
2015-10-14 18:04:35 E36C7069B9C56DF9A53DD4FA5DCDDE72 5990912 ----a-w- C:\Windows\Sysnative\jscript9.dll
2015-10-14 18:04:35 BD06D875FB79E92DAF724C91DE743AFA 2487808 ----a-w- C:\Windows\Sysnative\wininet.dll
2015-10-14 18:04:35 B0917E6238C1675E48CFE64947DD9FD9 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2015-10-14 18:04:35 58DD42AC31D1F86D303BAAF5955A59BA 417792 ----a-w- C:\Windows\Sysnative\html.iec
2015-10-14 18:04:35 5175A9C2C71D49394424C07CA856B803 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll
2015-10-14 18:04:35 4A9FFAC9325EFFDEFD7E8C0830B0ABEC 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2015-10-14 18:04:35 454669BB12162610D93954BCC942A41C 817664 ----a-w- C:\Windows\Sysnative\jscript.dll
2015-10-14 18:04:35 373B3EFBBF1A2706F8660C4DE4202694 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll
2015-10-14 18:04:35 1DE918244ED8AB9D3F2C4B9A1F91A24D 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2015-10-14 18:04:34 BEA081F4F2D507D6461B142AB11995B3 199680 ----a-w- C:\Windows\Sysnative\msrating.dll
2015-10-14 18:04:34 99BA96F5AC545D857E662A9FC576D919 25851904 ----a-w- C:\Windows\Sysnative\mshtml.dll
2015-10-14 18:04:34 0783994A921469A6E97F3117AA0934DD 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll
2015-10-14 18:03:04 885B08E5EC912D2680F533094B87770D 14176768 ----a-w- C:\Windows\Sysnative\shell32.dll
2015-10-14 18:03:04 0F08BB62CD162883E9A3004BBE7914BD 1866752 ----a-w- C:\Windows\Sysnative\ExplorerFrame.dll
2015-10-14 18:02:23 ECB1C858D9989C4F19FDCE3B7F8BA1F7 696320 ----a-w- C:\Windows\Sysnative\wuapi.dll
2015-10-14 18:02:23 DA4450EE180CBDFB800FB230978BBC58 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll
2015-10-14 18:02:23 C64C6AA9F061E89AE6CA1B484AC3F94E 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2015-10-14 18:02:23 B322CE702FA01DA60876BC5D417B15FE 36864 ----a-w- C:\Windows\Sysnative\wups.dll
2015-10-14 18:02:23 96983751026F0940CAEEB15901B49FF2 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe
2015-10-14 18:02:23 7A2E35CA7131819A8CCE1FA1368D7813 37888 ----a-w- C:\Windows\Sysnative\wups2.dll
2015-10-14 18:02:23 74F288D562E78E1062D4AA2A6C3AB74C 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll
2015-10-14 18:02:23 64B432FB351118B222A5342A7A461696 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2015-10-14 18:02:23 5F1A7C984117F478F7411BDD98411B58 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll
2015-10-14 18:02:23 2FFBB9A44A8BA9CBC9589C31E0A36605 3168768 ----a-w- C:\Windows\Sysnative\wucltux.dll
2015-10-14 18:02:23 291778E1A36716182AFBC1731B2DFEAB 2607104 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2015-10-14 18:02:19 91DDAFAFCEC3E360881FE35AF06B9EE4 1730496 ----a-w- C:\Windows\Sysnative\ntdll.dll
2015-10-14 18:02:19 6C190505923A971F0474F8BA8DA50789 1461760 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2015-10-14 18:02:19 3FE5671328B8A655F766D872D12DC373 5569472 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2015-10-14 18:02:19 11C18D613F66CB5CE829B821599ED339 1164800 ----a-w- C:\Windows\Sysnative\kernel32.dll
2015-10-14 18:02:18 FCFE939A325054DFC69E1D8C58751A62 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2015-10-14 18:02:18 F337ACC4CF6B9DFBE46D9A7E54E10756 503808 ----a-w- C:\Windows\Sysnative\srcore.dll
2015-10-14 18:02:18 EE035334B7A58C7F748C3D0394574A35 342016 ----a-w- C:\Windows\Sysnative\schannel.dll
2015-10-14 18:02:18 E9CCB68290F27837A3D7058FEB51F7A8 136192 ----a-w- C:\Windows\Sysnative\sspicli.dll
2015-10-14 18:02:18 E91002F7EC3A9BF7F62BF1E215A32451 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2015-10-14 18:02:18 E43F36D0B4C674FEA2C992564A3E0F28 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2015-10-14 18:02:18 DD01EBF9D35E614CAEA1BF4876B07134 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll
2015-10-14 18:02:18 D2E2A613EBD0C959E72556C3A63A6B4A 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2015-10-14 18:02:18 D2BF3CD0F66139B5F1BA1D35C6613E78 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2015-10-14 18:02:18 CD349AD99C801523B55030AC234CC1EF 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2015-10-14 18:02:18 C0EC18A77CBE5505019AF1BEB6CE824D 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2015-10-14 18:02:18 B5D2DF46AB955A070F67FF192C52E7BD 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll
2015-10-14 18:02:18 A06A96A26FE0BE22B08B641362296B68 424960 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2015-10-14 18:02:18 96DE914D834FD7809A1720AF5D913C96 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2015-10-14 18:02:18 95E4E6C645175731B1DC8084329121AA 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe
2015-10-14 18:02:18 8F15F0D6F42A2B8A58EDD1AA55D7FB98 50176 ----a-w- C:\Windows\Sysnative\srclient.dll
2015-10-14 18:02:18 8260FD420E49C1E3DD6539BCEA2B376E 28160 ----a-w- C:\Windows\Sysnative\secur32.dll
2015-10-14 18:02:18 7CDA2FE5F02370B5879DF8D35133B0E1 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2015-10-14 18:02:18 78461527B753B9A6043038AEF25745D3 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2015-10-14 18:02:18 5B9427E47B86AFDA813A8D252713FC35 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe
2015-10-14 18:02:18 5424EC756808C1002457033D969115C7 31232 ----a-w- C:\Windows\Sysnative\lsass.exe
2015-10-14 18:02:18 5401C9D2F4B0A98B60259C621DDF1EB6 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2015-10-14 18:02:18 4E10C0CD94FD2E9F04B0AA11C4DB1592 29184 ----a-w- C:\Windows\Sysnative\sspisrv.dll
2015-10-14 18:02:18 4AD1C61152A0199E3D7F9A82C07AC629 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2015-10-14 18:02:18 3CF93F8BA5016A86073F7ACE4A225D69 44032 ----a-w- C:\Windows\Sysnative\cryptbase.dll
2015-10-14 18:02:18 365480590A46ECB0E4BF1DBD7BC69713 729088 ----a-w- C:\Windows\Sysnative\kerberos.dll
2015-10-14 18:02:18 338FD40323ADD43B5C94B4A6CB91874B 1216512 ----a-w- C:\Windows\Sysnative\rpcrt4.dll
2015-10-14 18:02:18 23682AD752DE308760672C84A7E74554 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2015-10-14 18:02:18 06AA22DBBD294BB40F01E23BF826AA9C 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2015-10-14 18:02:18 023394934150F7EC547EBCC2107EEA5F 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2015-10-14 18:02:02 F03EA93F045D009830C890010750B34A 25432 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe
2015-10-14 18:02:02 AFE7905DD772DEA54B9C443C6634740A 700416 ----a-w- C:\Windows\Sysnative\invagent.dll
2015-10-14 18:02:02 9F780E22C79AACBF3A93F6ACDE2A4E0A 766464 ----a-w- C:\Windows\Sysnative\generaltel.dll
2015-10-14 18:02:02 952D66DCA6CB744381B7298F8AAE994F 73216 ----a-w- C:\Windows\Sysnative\acmigration.dll
2015-10-14 18:02:02 21C89857E5671990BBF2B430BD75B9C9 1291264 ----a-w- C:\Windows\Sysnative\appraiser.dll
2015-10-14 18:02:02 1AC3E0E57844764B0CA6D2BF0F76C773 503808 ----a-w- C:\Windows\Sysnative\devinv.dll
2015-10-14 18:02:02 14A5CC0EE60278D483A88124B88F3524 1163776 ----a-w- C:\Windows\Sysnative\aeinv.dll
2015-10-14 18:01:59 87FEDB1FF42C3A10FFE2CE95AB2AF306 616360 ----a-w- C:\Windows\Sysnative\winresume.efi
2015-10-14 18:01:59 541B7C53EDA8F84790A593B13FB32E56 692672 ----a-w- C:\Windows\Sysnative\winload.efi
2015-10-14 18:01:58 B6C85437FDC8EC6464BE359D41BBC3F7 59392 ----a-w- C:\Windows\Sysnative\appidapi.dll
2015-10-14 18:01:58 B17B1E5FB5CE63DA4DB4D49E3683487F 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe
2015-10-14 18:01:58 ABC373B9C6275D45F17DB559408FFD1B 32768 ----a-w- C:\Windows\Sysnative\appidsvc.dll
2015-10-14 18:01:58 7503BAD9B2A08B8A95319F7C0CA9F869 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll
2015-10-14 18:01:58 7030F95F994B2F2CCC1C521E342369DB 147456 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe
2015-10-14 18:01:51 F97E7878A2B372291B1269D80327BBF6 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 18:01:51 ED14B64C94F543974B7FDC592FA0594B 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 18:01:51 ECCF5973B80D771A79643732017CEA9A 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 18:01:51 E9F6D776545843A9817D8ACF38D06D09 19808 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 18:01:51 CC337898E64D9078CB697AC19F995C7F 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 18:01:51 BBAE7B5436D6D1B0FC967FF67E35415F 16224 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 18:01:51 AF851DFD0D9FECB76FF2B403F3C30F5B 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 18:01:51 761DDD8669A661D57D9CF9C335949C06 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 18:01:51 6631C212F79350458589A5281374B38B 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 18:01:51 653CB5DF3CEC6A4A0E402B33D8AA5C08 63840 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 18:01:51 56556659C691DD043DBE24B0A195D64C 20832 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 18:01:51 53E9526AF1FDCE39F799BFE9217397A8 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 18:01:51 32B2264317EA6200DA5DEEEC7DCB0EEB 11616 ----a-w- C:\Windows\Sysnative\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 18:01:51 2381E189321EAD521FF71E72D08A6B17 984448 ----a-w- C:\Windows\Sysnative\ucrtbase.dll
2015-10-14 18:01:51 1908861649E67CDC20C563C234A89914 15712 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 18:01:51 0F143310FADE4DE116070A3917A79C18 13664 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 18:01:51 090DD0BB2BDDEE3EAAE5B6FF15FAE209 14176 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-time-l1-1-0.dll
====== C:\Windows\Sysnative\drivers =====
2015-10-17 19:29:03 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-10-17 19:28:45 D61070CFAD43038DC56AEAD9BFE9CE2A 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-10-17 19:28:45 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-10-17 19:28:45 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-10-14 18:02:19 C6330F7C2E92A00E6773E82F79078AFC 157016 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-10-14 18:02:19 ACB6782973BD93760D597FC7BB37E692 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys
2015-10-14 18:02:19 3A8C03156C3E31E70EF84E48CA179B46 97112 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-10-14 18:02:18 8C0376974AA28398FF501E78C04ACB30 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-10-14 18:02:18 262BF7BB7D0E44CFAA9B12A1E0A6EDF1 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys
2015-10-14 18:01:58 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-10-17 20:13:42 -------- d-----w- C:\PROGRA~2\ESET
2015-10-06 13:17:39 -------- d-----w- C:\PROGRA~2\Mozilla Thunderbird
======= C: =====
====== C:\Users\schmiro64\AppData\Roaming ======
2015-10-17 19:00:56 -------- d-----w- C:\Users\Public\AppData\Local\temp
2015-10-17 19:00:56 -------- d-----w- C:\Users\petra64\AppData\Local\temp
2015-10-17 19:00:56 -------- d-----w- C:\Users\internet1\AppData\Local\temp
2015-10-17 19:00:56 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-10-17 19:00:56 -------- d-----w- C:\Users\Default User\AppData\Local\temp
2015-10-17 19:00:56 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
====== C:\Users\schmiro64 ======
2015-10-17 20:11:54 87A629D7463BCEB2A02CA143EB2DEFF8 2870984 ----a-w- C:\Users\schmiro64\Desktop\esetsmartinstaller_deu.exe
2015-10-17 19:00:56 -------- d-----w- C:\Users\Public\AppData
2015-10-17 13:26:03 0170A4503F85F2D7ABCBEF0419B1C35A 4404952 ----a-w- C:\Users\schmiro64\Desktop\tdsskiller.exe
2015-10-17 07:19:31 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\schmiro64\defogger_reenable
2015-09-22 20:49:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
====== C: exe-files ==
2015-10-17 20:15:13 F0B5FAE0268D84B1CE6EA3B98D4D69EB 331464 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-10-17 20:15:13 E78517BD20C282FBCA150D2B3ACCC760 2870984 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-10-17 20:15:13 B23901621E5BD2EF1AAC3E6E6CB9E7FF 422600 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-10-17 20:15:13 4B0F506ACF0A8AE6D6B3E4CF6778B722 122568 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-10-17 20:15:13 21B9AB1916917F9476B767F605345E62 532168 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-10-17 20:11:54 87A629D7463BCEB2A02CA143EB2DEFF8 2870984 ----a-w- C:\Users\schmiro64\Desktop\esetsmartinstaller_deu.exe
2015-10-17 17:47:36 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2015-10-17 17:47:36 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2015-10-17 17:47:36 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2015-10-17 17:47:36 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2015-10-17 17:47:36 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2015-10-17 13:26:03 0170A4503F85F2D7ABCBEF0419B1C35A 4404952 ----a-w- C:\Users\schmiro64\Desktop\tdsskiller.exe
2015-10-16 21:39:41 2378C5CC4237C2B561460C69580E8035 9064016 ----a-w- C:\Program Files (x86)\Google\Update\Install\{8EE76265-43A8-4CB0-A910-5F6BA66595D2}\46.0.2490.71_45.0.2454.101_chrome_updater.exe
2015-10-16 21:39:41 2378C5CC4237C2B561460C69580E8035 9064016 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\46.0.2490.71\46.0.2490.71_45.0.2454.101_chrome_updater.exe
2015-10-14 18:04:39 BF8A5B4E696F4E8F3B2B5E9902467418 720896 ----a-w- C:\Windows\System32\ie4uinit.exe
2015-10-14 18:04:39 9AEE2A881FD10E6A463588303D8027AD 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-10-14 18:04:39 1A480EC5EFC71B92735BB420E2B92348 221184 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2015-10-14 18:04:38 7FD2748E2B08B5E9FD6FF73669B2ECBF 818264 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2015-10-14 18:04:38 2D59CD5D6C1DCB3507431281BDBF935F 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe
2015-10-14 18:04:38 2A898891EB7FBCF0774F0B96AAD05561 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-10-14 18:04:38 03AE49CC0AD731C579E4041921450266 473600 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2015-10-14 18:04:37 E4509963A72F1941B17DA730BB94AD20 491008 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2015-10-14 18:04:37 5F95E34F57E2E85295510EEEF724012D 815720 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2015-10-14 18:04:36 17B66052348D3A3681A9411EDD839E18 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 18:04:35 B0917E6238C1675E48CFE64947DD9FD9 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-10-14 18:03:02 D8AF0D6A806ADA9660C55DD891E80AF2 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 18:03:02 4FCAED5CA1A9C704DBF172283A283B53 10240 ----a-w- C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2015-10-14 18:02:29 2EB4261DC605C5FD860E856BDD0E3A40 1146720 ----a-w- C:\ProgramData\Avira\Antivirus\TEMP\SELFUPDATE\update.exe
2015-10-14 18:02:23 96983751026F0940CAEEB15901B49FF2 37888 ----a-w- C:\Windows\System32\wuapp.exe
2015-10-14 18:02:23 7902FB8C129A6DCAA9E0002BD3600F00 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-10-14 18:02:23 64B432FB351118B222A5342A7A461696 140288 ----a-w- C:\Windows\System32\wuauclt.exe
2015-10-14 18:02:19 C19537A50B723E0F7B53D413163B35EE 3936192 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 18:02:19 63FD03CED9739062E9B94F0D1E54A406 3990976 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 18:02:19 3FE5671328B8A655F766D872D12DC373 5569472 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-10-14 18:02:18 D2E2A613EBD0C959E72556C3A63A6B4A 112640 ----a-w- C:\Windows\System32\smss.exe
2015-10-14 18:02:18 C00E4CD3AC3A0D8E339635E06546B77D 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe
2015-10-14 18:02:18 B421B311420FD650BE3B25EAC217E685 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2015-10-14 18:02:18 95E4E6C645175731B1DC8084329121AA 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-10-14 18:02:18 5FC0F48FD38D0AC7FC54EBEFBC3F69C5 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2015-10-14 18:02:18 5B9427E47B86AFDA813A8D252713FC35 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-10-14 18:02:18 5424EC756808C1002457033D969115C7 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-10-14 18:02:18 5401C9D2F4B0A98B60259C621DDF1EB6 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-10-14 18:02:18 09BA6677E9CCBB1884CD0FB24F6EF584 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2015-10-14 18:02:02 F03EA93F045D009830C890010750B34A 25432 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-10-14 18:01:58 B17B1E5FB5CE63DA4DB4D49E3683487F 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-10-14 18:01:58 7030F95F994B2F2CCC1C521E342369DB 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
=== C: other files ==
2015-10-18 10:12:59 542D4FC8C14C373B1BB4C59FF0404721 506707 ----a-w- C:\Users\schmiro64\Desktop\TDSSKiller_Quarantine.zip
2015-10-17 20:16:25 560EDC0912BDB68290930E2542823A24 135760 ----a-w- C:\Users\schmiro64\AppData\Local\Temp\ehdrv.sys
2015-10-17 19:29:03 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-10-17 19:28:45 D61070CFAD43038DC56AEAD9BFE9CE2A 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-10-17 19:28:45 CFBC6C6D8A492697CABD1D353EE64933 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-10-17 19:28:45 42B3F5C9FBC9B3F0E0BA6B5D7FC8E849 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-10-15 19:31:59 8B2295B02DA9C2EA4F2ED272DD047C0B 331526 ----a-w- C:\Users\schmiro64\Downloads\20151015.zip
2015-10-14 18:02:19 C6330F7C2E92A00E6773E82F79078AFC 157016 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-10-14 18:02:19 ACB6782973BD93760D597FC7BB37E692 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2015-10-14 18:02:19 3A8C03156C3E31E70EF84E48CA179B46 97112 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-10-14 18:02:18 8C0376974AA28398FF501E78C04ACB30 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2015-10-14 18:02:18 262BF7BB7D0E44CFAA9B12A1E0A6EDF1 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2015-10-14 18:01:58 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\petra64\AppData\Roaming\Mozilla\Firefox\Profiles\0gp2f6ge.default
user_pref("browser.startup.homepage", "hxxp://www.google.de/");
ProfilePath: C:\Users\SCHMIR~1\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default
user_pref("browser.startup.homepage", "hxxp://www.google.de/");
==== Firefox Extensions ======================
ProfilePath: C:\Users\SCHMIR~1\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default
- O2CPlayer Plugin - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\extensions\o2cplayer@eleco.com
- Garmin Communicator - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- O2CPlayer Plugin - %ProfilePath%\extensions\o2cplayer@eleco.com
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi
- FirePath - %ProfilePath%\extensions\FireXPath@pierre.tholence.com.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
ProfilePath: C:\Users\SCHMIR~1\AppData\Roaming\Thunderbird\Profiles\90oyl6bg.default_new2
- Lightning - C:\Users\schmiro64\AppData\Roaming\Thunderbird\Profiles\90oyl6bg.default_new2\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll - Microsoft Office 2013
1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash
28E9713EBF33EE7C1988119F4072F3F1 - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\extensions\o2cplayer@eleco.com\plugins\npO2CPlayer.dll - O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / o2c?????? ??????? / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In
77227F4095B2635A8B129AFE589BA52F - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\extensions\o2cplayer@eleco.com\plugins\npO2CPlayer64.dll - O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / o2c?????? ??????? / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In / O2C-Player Plug-In
==== Chromium Look ======================
Chrome Hotword Shared Module - schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.de/"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EE23957-0BA5-48F3-AFAF-912C35815723} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\75932EE05AB03F84FAFA19C253187532 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\schmiro64\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\schmiro64\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\petra64\AppData\Local\Mozilla\Firefox\Profiles\0gp2f6ge.default\Cache emptied successfully
C:\Users\schmiro64\AppData\Local\Mozilla\Firefox\Profiles\kfgrd4bd.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=103 folders=41 124621875 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\internet1\AppData\Local\temp emptied successfully
C:\Users\petra64\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\schmiro64\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\SCHMIR~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 18.10.2015 at 16:18:21,92 ======================
|
|
18.10.2015, 18:43
| #26 |
| /// TB-Ausbilder /// Anleitungs-Guru | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 OK. Diese Datei hat aber nichts mit Deiner Sache zu tun oder? "C:\Users\schmiro64\Downloads\20151015.zip" ansonsten hochladen zum TB. Code:
ATTFilter Java version: 7 Update 60
 Wir haben es geschafft!  Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.  Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung:  ESET Smart Security Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional:  NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.10.2015, 19:04
| #27 | |||
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, Zitat:
Zitat:
Wenn ich Java benötige, soll ich dann trotzdem obige Version deinstallieren und mit der aktuellen ersetzen ? Sprich diese Java 7, Update 60 hat Probleme ? Zitat:
Ich habe super Hilfe von dir die letzten 3 Tage bekommen. Echt Klasse !!! Bin jetzt richtig erleichtert. Herzlicher Gruss Ralf |
|
18.10.2015, 19:26
| #28 | ||
| /// TB-Ausbilder /// Anleitungs-Guru | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761Zitat:
Benchmark ist 1 Antwort in 24 Stunden. Zitat:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 |
| antivir, avira, canon, computer, converter, desktop, dnsapi.dll, email, firefox, homepage, internet, mozilla, netgear, problem, prozesse, realtek, registry, rundll, scan, services.exe, software, svchost.exe, synology, system, tr/vundo.gen, usb, virus, windows |
und lade die Datei hoch. 
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
