Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Plagegeister aller Art und deren Bekämpfung: Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 17.10.2015, 09:27   #1
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Hallo Trojaner-Board,


vor 2 Tagen habe ich mir wohl einen Virus oder Trojaner eingefangen und würde gerne eure Hilfe in Anspruch nehmen.

Ich habe blöderweise den Anhang einer email wegen letzer Mahnung und so angeklickt. Ich weiss das ist die grösste Dummheit ever, aber es war hektisch an dem Morgen beim Frühstück und die email war sehr gut gemacht.

AVIRA meldet folgende Funde: TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761.

Ansonsten läuft der PC bis jetzt noch normal, aber ich benutze ihn aktuell nur wenn unbedingt notwendig.

Ich habe mit AVIRA Mitteln versucht die Viren/Trojaner zu entfernen. Das hat aber nur teilweise geklappt. Zumindest sieht es für mich als Viren/Trojaner-Laie so aus.

Gemäss der Anleitung hier im Forum habe ich jetzt die relevanten Informationen mit FRST, Gmer, etc. eingesammelt und poste hier im Fred die log-Files.

Da sie aber riessig sind muss ich sie auf mehrere Postings verteilen. Aber irgendwo habe ich hier im Forum gelesen, dass man ein neu eröffneten Beitrag nicht antworten sollte, solange er noch nicht bearbeitet ist, da dann jeder annimmt der Beitrag hat schon einen Bearbeiter. Ich bekomme aber die restlichen Logs nur per Antworten hier rein. Deshalb warte ich mal eine Weile und poste dann die anderen Logs. Ich hoffe das ist so ok.


Könntet ihr mir bitte helfen das Problem zu lösen ?

Herzlichen Dank schon einmal im Voraus !
schmiro


Defogger Logs:
defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:19 on 17/10/2015 (schmiro64)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST Logs:
FRST.txt

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015
durchgeführt von schmiro64 (Administrator) auf WIN764 (17-10-2015 09:32:46)
Gestartet von D:\_____xxx20151015
Geladene Profile: schmiro64 (Verfügbare Profile: schmiro64 & xxx64 & internet1 & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 8\TscHelp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\SnagIt 8\SnagPriv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
(Crystal Dew World) C:\_systools\noinstall\diskinfo\DiskInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5380368 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [693336 2015-07-20] (Acronis International GmbH)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation)
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [Amazon Music] => C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [rule-know] => C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe [231936 2015-10-16] () <===== ACHTUNG
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [economy-earn] => C:\Users\schmiro64\AppData\Local\Temp\Economyadapt\economy-encouraging.exe [148992 2015-10-17] () <===== ACHTUNG
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\RunOnce: [rule-know] => C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe [231936 2015-10-16] () <===== ACHTUNG
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\RunOnce: [economy-earn] => C:\Users\schmiro64\AppData\Local\Temp\Economyadapt\economy-encouraging.exe [148992 2015-10-17] () <===== ACHTUNG
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk [2014-06-08]
ShortcutTarget: SnagIt 8.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
Startup: C:\Users\schmiro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.exe - Verknüpfung.lnk [2013-03-23]
ShortcutTarget: Bginfo.exe - Verknüpfung.lnk -> C:\_systools\noinstall\BGInfo\Bginfo.exe (Sysinternals)
GroupPolicyScripts: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\..\Interfaces\{AA160C9A-E0F5-4D8C-9654-DBEF5B5C7961}: [NameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll [2007-05-16] (TechSmith Corporation)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28] (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-22] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-22] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-16] (TechSmith Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28] (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28] (CANON INC.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16] (TechSmith Corporation)
Handler-x32: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - C:\_systools\install\LOGINventory5\LoginProtocolHandler.dll [2013-11-29] (Schmidt's LOGIN GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-04] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.581\npSurveillancePlugin_x86_64.dll [2015-07-22] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-04] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.581\npSurveillancePlugin.dll [2015-07-22] (Synology)
FF Extension: O2CPlayer Plugin - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\o2cplayer@eleco.com [2015-03-10]
FF Extension: Garmin Communicator - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-14]
FF Extension: Firebug - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\firebug@software.joehewitt.com.xpi [2013-02-13]
FF Extension: FirePath - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\FireXPath@pierre.tholence.com.xpi [2013-02-13]
FF Extension: NoScript - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-03]

Chrome: 
=======
CHR Profile: C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-15]
CHR Extension: (Google Docs) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15]
CHR Extension: (Google Drive) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15]
CHR Extension: (YouTube) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15]
CHR Extension: (Google-Suche) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15]
CHR Extension: (Google Tabellen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-15]
CHR Extension: (Google Text & Tabellen Offline) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15]
CHR Extension: (Google Mail) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2014-11-23] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2014-11-23] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [Datei ist nicht signiert]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-12-15] (NETGEAR)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12] (TeamViewer GmbH)
S3 Tomcat7; C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [80896 2013-10-18] (Apache Software Foundation) [Datei ist nicht signiert]
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] ()
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-22] (Avira Operations GmbH & Co. KG)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.)
S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [40960 2010-03-01] (Motorola, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-03-15] (Acronis International GmbH)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [30592 2013-01-07] (REALiX(tm))
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-02-26] (CACE Technologies, Inc.)
S3 NUServer64; C:\Windows\System32\DRIVERS\NUServer64.sys [240128 2010-09-17] ( ) [Datei ist nicht signiert]
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-08-21] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-08-21] (Acronis International GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90928 2012-03-01] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [632752 2012-03-01] (Paragon)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 WIMMount; G:\ctnot\Projects\Tools\Win8PESE\X64\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S3 NUS_Bus; system32\DRIVERS\NUS_Bus.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-17 09:32 - 2015-10-17 09:32 - 00000000 ____D C:\FRST
2015-10-17 09:19 - 2015-10-17 09:19 - 00000000 _____ C:\Users\schmiro64\defogger_reenable
2015-10-17 08:59 - 2015-10-17 08:59 - 00075068 _____ C:\Users\schmiro64\Downloads\AVSCAN-20151016-233643-1B0F2AFC.LOG
2015-10-16 20:10 - 2015-10-16 20:10 - 00063188 _____ C:\Users\schmiro64\Downloads\AVSCAN-20151016-192519-C32CBE66.LOG
2015-10-15 22:35 - 2015-10-16 19:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 21:32 - 2015-10-15 22:49 - 00000000 ____D C:\Users\schmiro64\Downloads\20151015
2015-10-15 21:31 - 2015-10-15 21:31 - 00331526 _____ C:\Users\schmiro64\Downloads\20151015.zip
2015-10-14 20:04 - 2015-09-18 21:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 20:04 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 20:04 - 2015-09-16 06:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 20:04 - 2015-09-16 06:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 20:04 - 2015-09-16 06:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 20:04 - 2015-09-16 06:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 20:04 - 2015-09-16 06:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 20:04 - 2015-09-16 06:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 20:04 - 2015-09-16 06:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 20:04 - 2015-09-16 06:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 20:04 - 2015-09-16 06:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 20:04 - 2015-09-16 06:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 20:04 - 2015-09-16 06:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 20:04 - 2015-09-16 06:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 20:04 - 2015-09-16 06:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 20:04 - 2015-09-16 06:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 20:04 - 2015-09-16 06:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 20:04 - 2015-09-16 06:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 20:04 - 2015-09-16 06:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 20:04 - 2015-09-16 06:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 20:04 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 20:04 - 2015-09-16 05:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 20:04 - 2015-09-16 05:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 20:04 - 2015-09-16 05:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 20:04 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 20:04 - 2015-09-16 05:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 20:04 - 2015-09-16 05:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 20:04 - 2015-09-16 05:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 20:04 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 20:04 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 20:04 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 20:04 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 20:04 - 2015-09-16 05:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 20:04 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 20:04 - 2015-09-16 05:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 20:04 - 2015-09-16 05:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 20:04 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 20:04 - 2015-09-16 05:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 20:04 - 2015-09-16 05:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 20:04 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 20:04 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 20:04 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 20:04 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 20:04 - 2015-09-16 05:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 20:04 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 20:04 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 20:04 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 20:04 - 2015-09-16 05:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 20:04 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 20:04 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 20:04 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 20:04 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 20:04 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 20:04 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 20:04 - 2015-09-16 04:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 20:04 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 20:04 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 20:04 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 20:04 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 20:04 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 20:04 - 2015-09-16 04:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 20:04 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 20:04 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 20:04 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 20:03 - 2015-08-06 20:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 20:03 - 2015-08-06 20:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 20:03 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 20:03 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 20:02 - 2015-09-29 05:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 20:02 - 2015-09-29 05:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 20:02 - 2015-09-29 05:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 20:02 - 2015-09-29 05:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 20:02 - 2015-09-29 05:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 20:02 - 2015-09-29 05:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 20:02 - 2015-09-29 05:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 20:02 - 2015-09-29 05:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 20:02 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 20:02 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 20:02 - 2015-09-29 05:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 20:02 - 2015-09-29 05:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 20:02 - 2015-09-29 05:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 20:02 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 20:02 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 20:02 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 20:02 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 20:02 - 2015-09-29 04:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 20:02 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 20:02 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 20:02 - 2015-09-29 04:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 20:02 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 20:02 - 2015-09-29 04:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 20:02 - 2015-09-29 04:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 20:02 - 2015-09-29 04:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 20:02 - 2015-09-29 04:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 20:02 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 20:02 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 03:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 20:02 - 2015-09-29 03:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 20:02 - 2015-09-29 03:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 20:02 - 2015-09-29 03:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 20:02 - 2015-09-29 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 20:02 - 2015-09-29 03:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 03:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 03:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 20:02 - 2015-09-29 03:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 20:02 - 2015-09-25 20:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 20:02 - 2015-09-25 20:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 20:02 - 2015-09-25 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 20:02 - 2015-09-25 20:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 20:02 - 2015-09-25 20:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 20:02 - 2015-09-25 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 20:02 - 2015-09-25 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 20:02 - 2015-09-25 20:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 20:02 - 2015-09-25 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 20:02 - 2015-09-25 20:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 20:02 - 2015-09-25 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 20:02 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 20:02 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 20:02 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 20:02 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 20:02 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 20:02 - 2015-09-18 21:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 20:02 - 2015-09-18 21:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 20:02 - 2015-09-18 21:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 20:02 - 2015-09-18 21:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 20:02 - 2015-09-18 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 20:02 - 2015-09-18 21:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 20:02 - 2015-09-18 21:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 20:02 - 2015-09-15 20:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 20:02 - 2015-09-15 20:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 20:02 - 2015-09-15 20:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 20:02 - 2015-09-15 20:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 20:02 - 2015-09-15 20:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 20:02 - 2015-09-15 20:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 20:02 - 2015-09-15 20:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 20:02 - 2015-09-15 20:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 20:02 - 2015-09-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 20:02 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 20:02 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 20:02 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 20:02 - 2015-09-15 19:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 20:01 - 2015-10-01 20:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 20:01 - 2015-10-01 20:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 20:01 - 2015-10-01 20:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 20:01 - 2015-10-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 20:01 - 2015-10-01 20:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 20:01 - 2015-10-01 20:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 20:01 - 2015-10-01 20:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 20:01 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 20:01 - 2015-10-01 19:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 20:01 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-06 15:17 - 2015-10-06 15:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-09-27 23:29 - 2015-09-27 23:30 - 06521184 _____ (Tim Kosse) C:\Users\schmiro64\Downloads\FileZilla_3.14.0_win64-setup.exe
2015-09-22 22:49 - 2015-09-22 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-17 09:21 - 2009-07-14 06:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-17 09:21 - 2009-07-14 06:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-17 09:19 - 2012-12-31 18:12 - 00000000 ____D C:\Users\schmiro64
2015-10-17 09:18 - 2010-11-21 08:50 - 00702154 _____ C:\Windows\system32\perfh007.dat
2015-10-17 09:18 - 2010-11-21 08:50 - 00150820 _____ C:\Windows\system32\perfc007.dat
2015-10-17 09:18 - 2009-07-14 07:13 - 01628962 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-17 09:16 - 2012-12-31 18:13 - 01139898 _____ C:\Windows\WindowsUpdate.log
2015-10-17 09:13 - 2015-09-12 14:35 - 00002296 _____ C:\Windows\setupact.log
2015-10-17 09:13 - 2015-03-15 17:07 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-17 09:13 - 2013-02-16 21:56 - 00000000 ____D C:\Users\schmiro64\AppData\Local\FreePDF_XP
2015-10-17 09:13 - 2013-01-05 16:33 - 00000000 ____D C:\ProgramData\VMware
2015-10-17 09:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-17 08:39 - 2015-03-15 17:07 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-17 03:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-10-16 23:40 - 2015-03-15 17:08 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-16 23:28 - 2013-01-05 18:55 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-10-16 23:27 - 2013-02-17 13:59 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{357339D0-7A51-47A5-AEF2-2E61E0144585}
2015-10-16 20:09 - 2014-03-03 19:52 - 00000000 ____D C:\Users\schmiro64\Documents\SnagIt Katalog
2015-10-16 19:20 - 2015-09-08 23:30 - 00000000 __SHD C:\Users\schmiro64\AppData\Roaming\gjtdghee
2015-10-16 19:09 - 2015-09-16 22:05 - 00009902 _____ C:\Windows\PFRO.log
2015-10-16 19:09 - 2013-01-03 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-15 21:56 - 2015-05-01 16:26 - 00000000 ____D C:\Users\schmiro64\AppData\Local\CrashDumps
2015-10-15 21:46 - 2015-05-26 21:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-15 21:45 - 2015-05-26 21:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-15 21:27 - 2015-04-19 19:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 21:27 - 2014-05-06 22:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-14 20:21 - 2013-08-10 16:47 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 20:18 - 2013-01-03 12:24 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 00:07 - 2013-03-24 15:11 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\BOM
2015-10-09 18:06 - 2013-01-05 16:34 - 00000000 ____D C:\Users\schmiro64\AppData\Local\VMware
2015-10-09 17:56 - 2013-01-05 16:34 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\VMware
2015-10-09 09:36 - 2015-04-05 12:33 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 23:45 - 2015-04-05 12:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-10-04 21:57 - 2014-08-10 16:26 - 00082944 _____ C:\Users\schmiro64\Desktop\guzzi_parts.xls
2015-10-04 18:48 - 2014-06-27 21:51 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\ZoomBrowser EX
2015-10-04 18:48 - 2014-06-27 21:45 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\CameraWindowDC
2015-10-04 13:09 - 2014-08-21 21:05 - 00000000 ____D C:\Users\schmiro64\AppData\Local\Adobe
2015-10-04 13:08 - 2013-01-03 12:04 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-04 13:08 - 2013-01-03 12:04 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-27 23:33 - 2013-03-24 15:06 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\FileZilla
2015-09-26 22:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-09-24 08:23 - 2013-10-24 19:34 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 22:49 - 2015-05-07 20:20 - 00002014 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-09-22 22:48 - 2013-05-07 18:49 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-09-22 22:48 - 2013-03-27 21:09 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-09-19 11:33 - 2015-03-15 17:07 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-19 11:33 - 2015-03-15 17:07 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-06-17 09:50 - 2015-02-22 17:35 - 0000093 _____ () C:\Users\schmiro64\AppData\Roaming\ARCompanion.log
2013-12-19 20:58 - 2015-04-03 00:09 - 0000545 ____H () C:\Users\schmiro64\AppData\Roaming\eSReg.ini
2013-11-16 21:12 - 2015-04-08 20:09 - 0000600 _____ () C:\Users\schmiro64\AppData\Roaming\winscp.rnd
2013-05-19 17:47 - 2013-05-19 17:47 - 0004608 _____ () C:\Users\schmiro64\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-23 19:16 - 2014-11-24 00:33 - 0006506 _____ () C:\Users\schmiro64\AppData\Local\mbt-actwiz.log
2013-11-16 21:06 - 2015-04-08 21:42 - 0000600 _____ () C:\Users\schmiro64\AppData\Local\PUTTY.RND
2012-12-31 18:52 - 2015-09-04 20:47 - 0007656 _____ () C:\Users\schmiro64\AppData\Local\Resmon.ResmonCfg

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe
C:\Users\schmiro64\AppData\Local\Temp\Economyadapt\economy-encouraging.exe


Einige Dateien in TEMP:
====================
C:\Users\schmiro64\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-11 19:24

==================== Ende von FRST.txt ============================
--- --- ---

Gmer Logs:
Gmer.txt
GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-10-17 09:40:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 Samsung_ rev.DXT0 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\SCHMIR~1\AppData\Local\Temp\pwldqpoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\KERNEL32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe[2076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                  0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                    0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                  0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                  0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                     0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17              0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                     0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17              0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                    0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                         0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                  0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                    0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                       0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                    0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                  0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20              0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31              0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\kernel32.dll
.text   C:\WINDOWS\SYSWOW64\VMNAT.EXE[2596] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathW + 4                                                     00000000691013b0 2 bytes JMP 763d55f8 C:\Windows\syswow64\SHELL32.dll
.text   C:\WINDOWS\SYSWOW64\VMNAT.EXE[2596] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathW + 20                                                    00000000691013c0 2 bytes CALL 755a9cee C:\Windows\syswow64\msvcrt.dll
.text   ...                                                                                                                                           * 20
.text   C:\WINDOWS\SYSWOW64\VMNAT.EXE[2596] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathA + 22                                                    000000006910153e 2 bytes CALL 76467774 C:\Windows\syswow64\SHELL32.dll
.text   C:\WINDOWS\SYSWOW64\VMNAT.EXE[2596] C:\WINDOWS\SYSWOW64\SHFOLDER.dll!SHGetFolderPathA + 43                                                    0000000069101553 2 bytes CALL 75a410ff C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                       0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                       0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                           0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                         0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                           0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                             0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                           0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                           0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                              0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                       0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                              0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                       0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                             0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                  0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                           0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                             0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                             0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                           0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                       0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\concentr.exe[5220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                       0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                         0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                           0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                         0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                         0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                            0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                     0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                            0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                     0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                           0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                         0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                           0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                              0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                           0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                         0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                     0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\redirector.exe[5280] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                     0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                             0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                               0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                             0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                             0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                         0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                         0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                               0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                    0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                             0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                               0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                  0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                               0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                             0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                         0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\Receiver\Receiver.exe[5376] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                         0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17           0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17             0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17           0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42           0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\KERNEL32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17              0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17       0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17              0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17       0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17             0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                  0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17           0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17             0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17             0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17           0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20       0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe[5888] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31       0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\KERNEL32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                           0000000074f61401 2 bytes JMP 75a6b21b C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                             0000000074f61419 2 bytes JMP 75a6b346 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                           0000000074f61431 2 bytes JMP 75ae8fd1 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                           0000000074f6144a 2 bytes CALL 75a4489d C:\Windows\syswow64\kernel32.dll
.text   ...                                                                                                                                           * 9
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                              0000000074f614dd 2 bytes JMP 75ae88c4 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                       0000000074f614f5 2 bytes JMP 75ae8aa0 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                              0000000074f6150d 2 bytes JMP 75ae87ba C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                       0000000074f61525 2 bytes JMP 75ae8b8a C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                             0000000074f6153d 2 bytes JMP 75a5fca8 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                  0000000074f61555 2 bytes JMP 75a668ef C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                           0000000074f6156d 2 bytes JMP 75ae9089 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                             0000000074f61585 2 bytes JMP 75ae8bea C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                0000000074f6159d 2 bytes JMP 75ae877e C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                             0000000074f615b5 2 bytes JMP 75a5fd41 C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                           0000000074f615cd 2 bytes JMP 75a6b2dc C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                       0000000074f616b2 2 bytes JMP 75ae8f4c C:\Windows\syswow64\kernel32.dll
.text   C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe[5952] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                       0000000074f616bd 2 bytes JMP 75ae8713 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\ftp.exe [6972:6996]                                                                                                       000000007ef9bc78
Thread  C:\Windows\SysWOW64\ftp.exe [6972:7000]                                                                                                       000000007ef9bc2a
Thread  C:\Windows\SysWOW64\ftp.exe [6972:7016]                                                                                                       000000007ef9d229
Thread  C:\Windows\SysWOW64\ftp.exe [6972:7024]                                                                                                       000000007efa2a61
Thread  C:\Windows\SysWOW64\ftp.exe [6972:6760]                                                                                                       000000007efa6d96

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc03bd3d                                                                   
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bdc03bd3d (not active ControlSet)                                               
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ExcludeProfileDirs                                                                 AppData\Local;AppData\LocalLow;$Recycle.Bin
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@BuildNumber                                                                        7601
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@FirstLogon                                                                         0
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@ParseAutoexec                                                                      1

---- EOF - GMER 2.1 ----
--- --- ---
Geändert von schmiro (17.10.2015 um 09:44 Uhr)

Alt 17.10.2015, 10:35   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.


Los geht's:

Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Bitte noch die Addition.txt vom FRST-Scan posten.
__________________

__________________
Alt 17.10.2015, 14:55   #3
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Hallo Juergen,

wow das ging aber schnell. Klasse !
Vielen Dank für deine Hilfe.

Den TDSSKiller habe ich mir heruntergeladen und ausgeführt.
Es wurden 4 Threats gefunden.

Dummerweise war ich zu blöd zu erkennen, dass man Skip in der DropDownBox des jeweiligen Threats auswählen muss. Ich habe verzweifelt nach Cure und Skip auf dem UI gesucht und da ich nichts fand habe ich dann Continue gedrückt. Ich Idiot !
Bin einfach zu nervös/ hektisch. Ist mein 1. Virus seit 10 Jahren.
Ich habe dann den Scan noch einmal -jetzt genau nach Anleitung- durchgeführt.

Ich hoffe du hast nicht schon jetzt die Schnauze voll von mir. Ich gelobe Besserung !

Die TDSSKiller Log-Dateie muss ich aufteilen, da zu gross.
Der 2. Teil und die FRST Addition.txt kommt in einer 2.(3.) Antwort.

Herzlichen Gruss
schmiro


DieTDSSSKiller Logdatei:
Code:
ATTFilter
15:34:05.0662 0x1a68  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
15:34:08.0007 0x1a68  ============================================================
15:34:08.0007 0x1a68  Current date / time: 2015/10/17 15:34:08.0007
15:34:08.0007 0x1a68  SystemInfo:
15:34:08.0007 0x1a68  
15:34:08.0007 0x1a68  OS Version: 6.1.7601 ServicePack: 1.0
15:34:08.0007 0x1a68  Product type: Workstation
15:34:08.0007 0x1a68  ComputerName: WIN764
15:34:08.0007 0x1a68  UserName: schmiro64
15:34:08.0007 0x1a68  Windows directory: C:\Windows
15:34:08.0007 0x1a68  System windows directory: C:\Windows
15:34:08.0007 0x1a68  Running under WOW64
15:34:08.0007 0x1a68  Processor architecture: Intel x64
15:34:08.0007 0x1a68  Number of processors: 4
15:34:08.0007 0x1a68  Page size: 0x1000
15:34:08.0007 0x1a68  Boot type: Normal boot
15:34:08.0007 0x1a68  ============================================================
15:34:08.0082 0x1a68  System UUID: {FFE04E6C-CB35-ADBA-096C-9E29598CC76F}
15:34:08.0294 0x1a68  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:34:08.0295 0x1a68  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:34:08.0308 0x1a68  ============================================================
15:34:08.0308 0x1a68  \Device\Harddisk0\DR0:
15:34:08.0308 0x1a68  MBR partitions:
15:34:08.0308 0x1a68  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:34:08.0308 0x1a68  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
15:34:08.0308 0x1a68  \Device\Harddisk1\DR1:
15:34:08.0308 0x1a68  MBR partitions:
15:34:08.0308 0x1a68  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1F400000
15:34:08.0308 0x1a68  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1F400800, BlocksNum 0x3E800000
15:34:08.0308 0x1a68  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x5DC00800, BlocksNum 0x3E800000
15:34:08.0308 0x1a68  \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x9C401000, BlocksNum 0x3E800000
15:34:08.0308 0x1a68  \Device\Harddisk1\DR1\Partition5: MBR, Type 0x7, StartLBA 0xDAC01800, BlocksNum 0xE206800
15:34:08.0309 0x1a68  ============================================================
15:34:08.0309 0x1a68  C: <-> \Device\Harddisk0\DR0\Partition2
15:34:08.0310 0x1a68  D: <-> \Device\Harddisk1\DR1\Partition1
15:34:08.0310 0x1a68  E: <-> \Device\Harddisk1\DR1\Partition2
15:34:08.0311 0x1a68  F: <-> \Device\Harddisk1\DR1\Partition3
15:34:08.0311 0x1a68  G: <-> \Device\Harddisk1\DR1\Partition4
15:34:08.0311 0x1a68  J: <-> \Device\Harddisk1\DR1\Partition5
15:34:08.0311 0x1a68  ============================================================
15:34:08.0311 0x1a68  Initialize success
15:34:08.0311 0x1a68  ============================================================
15:34:14.0612 0x0d48  ============================================================
15:34:14.0612 0x0d48  Scan started
15:34:14.0612 0x0d48  Mode: Manual; SigCheck; TDLFS; 
15:34:14.0612 0x0d48  ============================================================
15:34:14.0612 0x0d48  KSN ping started
15:34:17.0246 0x0d48  KSN ping finished: true
15:34:17.0376 0x0d48  ================ Scan system memory ========================
15:34:17.0376 0x0d48  System memory - ok
15:34:17.0377 0x0d48  ================ Scan services =============================
15:34:17.0408 0x0d48  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:34:17.0439 0x0d48  1394ohci - ok
15:34:17.0448 0x0d48  [ 4F2C32C8BBF976D23302F1A9C4FA3C51, 4371C8A0B3C13F85EAD37D26F26003548AF617B56D0F15ABA764071ADCD0DE2D ] 35996908        C:\Windows\system32\drivers\42809976.sys
15:34:17.0459 0x0d48  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:34:17.0469 0x0d48  ACPI - ok
15:34:17.0472 0x0d48  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:34:17.0479 0x0d48  AcpiPmi - ok
15:34:17.0501 0x0d48  [ 8EEC0269D86CFADD292C9B05F59F23ED, 779F863563F9F31B102EB7A7C1580281D73F083213B0DD17A82A9EF2886DFD79 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
15:34:17.0523 0x0d48  AcrSch2Svc - ok
15:34:17.0527 0x0d48  [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:34:17.0534 0x0d48  AdobeARMservice - ok
15:34:17.0543 0x0d48  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:34:17.0555 0x0d48  adp94xx - ok
15:34:17.0562 0x0d48  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:34:17.0572 0x0d48  adpahci - ok
15:34:17.0577 0x0d48  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:34:17.0585 0x0d48  adpu320 - ok
15:34:17.0589 0x0d48  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:34:17.0596 0x0d48  AeLookupSvc - ok
15:34:17.0655 0x0d48  [ 3B0908381A28DEFD42F42DBA9F06D39B, 3179AC9F26338D684CB806F29CD37EA75BE7F4553834F682E65ECE6D6D797FD4 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
15:34:17.0713 0x0d48  afcdpsrv - ok
15:34:17.0727 0x0d48  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
15:34:17.0740 0x0d48  AFD - ok
15:34:17.0743 0x0d48  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:34:17.0749 0x0d48  agp440 - ok
15:34:17.0753 0x0d48  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:34:17.0761 0x0d48  ALG - ok
15:34:17.0763 0x0d48  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:34:17.0769 0x0d48  aliide - ok
15:34:17.0771 0x0d48  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:34:17.0776 0x0d48  amdide - ok
15:34:17.0779 0x0d48  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:34:17.0786 0x0d48  AmdK8 - ok
15:34:17.0789 0x0d48  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
15:34:17.0796 0x0d48  AmdPPM - ok
15:34:17.0799 0x0d48  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:34:17.0807 0x0d48  amdsata - ok
15:34:17.0811 0x0d48  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:34:17.0819 0x0d48  amdsbs - ok
15:34:17.0822 0x0d48  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:34:17.0828 0x0d48  amdxata - ok
15:34:17.0829 0x0d48  andnetadb - ok
15:34:17.0832 0x0d48  [ DB9374B42A0203DF3B13F7909742F18E, ADA57FA76458DEA6F2F468D9A5FFD7059588CEE94A7387D5E79B112777C56758 ] AndNetDiag      C:\Windows\system32\DRIVERS\lgandnetdiag64.sys
15:34:17.0839 0x0d48  AndNetDiag - ok
15:34:17.0842 0x0d48  [ 362169798009F467211D8BB9EBC6BE17, E6008F6A5B3199028E62D00BF4456AAB35C012D62BDC9CA94911DF4D451651CA ] ANDNetModem     C:\Windows\system32\DRIVERS\lgandnetmodem64.sys
15:34:17.0848 0x0d48  ANDNetModem - ok
15:34:17.0850 0x0d48  andnetndis - ok
15:34:17.0871 0x0d48  [ 6B31C215750CD41567E962D22839EE44, FF0B92807296B88DE37F9F2EB27FF7B73AA998B98074AA54A949A2B79690AFE5 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
15:34:17.0893 0x0d48  AntiVirMailService - ok
15:34:17.0902 0x0d48  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:34:17.0914 0x0d48  AntiVirSchedulerService - ok
15:34:17.0923 0x0d48  [ 18B0643B3B504E0FDCFCE0C8743B29C7, 1D4C004AD5066F52A4AA039F5364814F8F6B04EC1F704A5A3110172AD465661C ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:34:17.0935 0x0d48  AntiVirService - ok
15:34:17.0955 0x0d48  [ D84E576299C73B0B1DC477D2B99958C4, D6703C2B63B9FA87C2DA009CC7B6DF76C3603C6A9874B152D685A1B92EE2DF28 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
15:34:17.0976 0x0d48  AntiVirWebService - ok
15:34:17.0979 0x0d48  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
15:34:17.0987 0x0d48  AppID - ok
15:34:17.0990 0x0d48  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:34:17.0996 0x0d48  AppIDSvc - ok
15:34:17.0999 0x0d48  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
15:34:18.0006 0x0d48  Appinfo - ok
15:34:18.0011 0x0d48  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:34:18.0020 0x0d48  AppMgmt - ok
15:34:18.0024 0x0d48  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:34:18.0030 0x0d48  arc - ok
15:34:18.0033 0x0d48  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:34:18.0040 0x0d48  arcsas - ok
15:34:18.0055 0x0d48  [ 31E2470E61D5A390405BA41C279D8446, ADA2518DCB78529F716622E45775283CBBB8CA61A4E90B99C2D799C23C8AFCAA ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
15:34:18.0072 0x0d48  asComSvc - ok
15:34:18.0089 0x0d48  [ 0466B91EE5767A769E9F8EDB8EF94DDB, 04A529E57D6F617688B072B3BD281538B6B02BB985EE0AE2E355E685E52BE0C8 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
15:34:18.0107 0x0d48  asHmComSvc - ok
15:34:18.0131 0x0d48  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
15:34:18.0137 0x0d48  AsIO - ok
15:34:18.0148 0x0d48  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:34:18.0157 0x0d48  aspnet_state - ok
15:34:18.0162 0x0d48  [ AD8947D621FDCA48F1F39F4624B60AA1, D685CD1A378FA411EA11C18615A1EC5D66CEC2F990DB0D4181EE3140B9DF3E8B ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
15:34:18.0170 0x0d48  AsSysCtrlService - ok
15:34:18.0172 0x0d48  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
15:34:18.0178 0x0d48  AsUpIO - ok
15:34:18.0204 0x0d48  [ E73BD58EFACB75B2C66AF74B65EF8755, 9434733EC8661CC4E81CD33CA3DB26855E1BD4CF43E1353159BA7D66E19B639A ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
15:34:18.0231 0x0d48  AsusFanControlService - ok
15:34:18.0236 0x0d48  [ A5E4CDB420540095D1293C874B5F89AA, EBC082FF94872537649F00D91AF22E0AFB4D538ACDB4731C9A95D209C7B144FD ] ASUSFILTER      C:\Windows\syswow64\drivers\ASUSFILTER.sys
15:34:18.0241 0x0d48  ASUSFILTER - ok
15:34:18.0244 0x0d48  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:34:18.0262 0x0d48  AsyncMac - ok
15:34:18.0265 0x0d48  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:34:18.0271 0x0d48  atapi - ok
15:34:18.0283 0x0d48  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:34:18.0299 0x0d48  AudioEndpointBuilder - ok
15:34:18.0311 0x0d48  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:34:18.0328 0x0d48  AudioSrv - ok
15:34:18.0333 0x0d48  [ 03C6DEB5C74C8140C2167677DBE2F79A, D5C727B007C5B486DECE1A1B83D8155299DD7CB46DC8208CE9185C5BAE5CC33A ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:34:18.0341 0x0d48  avgntflt - ok
15:34:18.0345 0x0d48  [ 043E5F34C3878C844568658B79B3E55C, D13D8FC5205562E02F252C0EE1AB2236C9212445D6EC3715041EBDF993CB467F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:34:18.0353 0x0d48  avipbb - ok
15:34:18.0356 0x0d48  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:34:18.0361 0x0d48  avkmgr - ok
15:34:18.0365 0x0d48  [ 080860E03F0219AF0A0377A02292741F, F0A151509BFEBFE639CC15388847EB2EDA298CFAE0AC4A1358A1472F42320249 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
15:34:18.0372 0x0d48  avnetflt - ok
15:34:18.0376 0x0d48  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:34:18.0387 0x0d48  AxInstSV - ok
15:34:18.0395 0x0d48  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:34:18.0408 0x0d48  b06bdrv - ok
15:34:18.0414 0x0d48  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:34:18.0424 0x0d48  b57nd60a - ok
15:34:18.0428 0x0d48  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:34:18.0436 0x0d48  BDESVC - ok
15:34:18.0438 0x0d48  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:34:18.0456 0x0d48  Beep - ok
15:34:18.0469 0x0d48  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:34:18.0485 0x0d48  BFE - ok
15:34:18.0500 0x0d48  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:34:18.0530 0x0d48  BITS - ok
15:34:18.0537 0x0d48  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:34:18.0544 0x0d48  blbdrive - ok
15:34:18.0603 0x0d48  [ 11A065F7F81C5A619A63D69E01696DD5, D2F9272C3901A0E09283EA1D030568801EA2EE13460FFDC93E10CDE0EC1E9982 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
15:34:18.0664 0x0d48  Bluetooth Device Manager - ok
15:34:18.0684 0x0d48  [ 0DA7BE0FC312B7A153D600F854539EE7, 4601C061D8BC5F7950FF340E1A765AEFE98529F062D959735B3E38798305544D ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
15:34:18.0702 0x0d48  Bluetooth Media Service - ok
15:34:18.0714 0x0d48  [ 8C28FBB99C69ACD711533DD93C362E53, 1AC99638677EFB74BA1922AA5D29812115F80FD07C2018573E3E794A834E4397 ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
15:34:18.0728 0x0d48  Bluetooth OBEX Service - ok
15:34:18.0731 0x0d48  [ 911485714D824EF514380BD896B0D518, 8179A0E61BCB4A3AE44906EB7CAB19F49E43B09F3E55E1B742DB3FECB068A133 ] bmdrvr          C:\Windows\syswow64\drivers\bmdrvr.sys
15:34:18.0737 0x0d48  bmdrvr - ok
15:34:18.0742 0x0d48  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:34:18.0749 0x0d48  bowser - ok
15:34:18.0751 0x0d48  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:34:18.0759 0x0d48  BrFiltLo - ok
15:34:18.0762 0x0d48  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:34:18.0769 0x0d48  BrFiltUp - ok
15:34:18.0773 0x0d48  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:34:18.0781 0x0d48  Browser - ok
15:34:18.0788 0x0d48  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:34:18.0798 0x0d48  Brserid - ok
15:34:18.0801 0x0d48  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:34:18.0809 0x0d48  BrSerWdm - ok
15:34:18.0812 0x0d48  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:34:18.0819 0x0d48  BrUsbMdm - ok
15:34:18.0822 0x0d48  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:34:18.0828 0x0d48  BrUsbSer - ok
15:34:18.0830 0x0d48  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:34:18.0837 0x0d48  BthEnum - ok
15:34:18.0840 0x0d48  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:34:18.0849 0x0d48  BTHMODEM - ok
15:34:18.0852 0x0d48  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:34:18.0862 0x0d48  BthPan - ok
15:34:18.0872 0x0d48  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:34:18.0885 0x0d48  BTHPORT - ok
15:34:18.0889 0x0d48  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:34:18.0908 0x0d48  bthserv - ok
15:34:18.0912 0x0d48  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:34:18.0919 0x0d48  BTHUSB - ok
15:34:18.0922 0x0d48  [ BD00C9233D7F165D5584EB2586FC5514, 8833B325D48F1477E7CFCFD26DA417A856FF4CDA8B0AA8983E1D1AFD7E1CF571 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
15:34:18.0928 0x0d48  btmaudio - ok
15:34:18.0931 0x0d48  [ B038DB761B33D1B7CE5A75D500D7B0DF, 0B65D12D1D83925C86A3C0A4166F6B4356B5FA7243381E74E44C13D306C742A1 ] BTMCOM          C:\Windows\system32\Drivers\btmcom.sys
15:34:18.0937 0x0d48  BTMCOM - ok
15:34:18.0947 0x0d48  [ 468501C714451C29163810B6E9A8782C, 5F81ECA24B67B12E737FCFE528BB5715355F7DFDB97F1B01A4A06F487A635268 ] BTMUSB          C:\Windows\system32\Drivers\btmusb.sys
15:34:18.0958 0x0d48  BTMUSB - ok
15:34:18.0961 0x0d48  [ 32B94975BF6F101C27C43E90FF8ABBEB, B5475D9A705894CBFA583D6E9DAF969527A75800E98D0288182BAB2F10136642 ] busenum         C:\Windows\system32\DRIVERS\busenum.sys
15:34:18.0967 0x0d48  busenum - ok
15:34:18.0970 0x0d48  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:34:18.0989 0x0d48  cdfs - ok
15:34:18.0993 0x0d48  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:34:19.0002 0x0d48  cdrom - ok
15:34:19.0005 0x0d48  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:34:19.0024 0x0d48  CertPropSvc - ok
15:34:19.0026 0x0d48  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:34:19.0034 0x0d48  circlass - ok
15:34:19.0042 0x0d48  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
15:34:19.0053 0x0d48  CLFS - ok
15:34:19.0098 0x0d48  [ 55C892763A614BA39BA956A0323C65F3, 3A4FFB6140D8390CBA67ADEB459C71B0B6B5720D17E30E2677CC9AB603D43016 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
15:34:19.0142 0x0d48  ClickToRunSvc - ok
15:34:19.0149 0x0d48  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:34:19.0155 0x0d48  clr_optimization_v2.0.50727_32 - ok
15:34:19.0160 0x0d48  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:34:19.0167 0x0d48  clr_optimization_v2.0.50727_64 - ok
15:34:19.0176 0x0d48  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:34:19.0184 0x0d48  clr_optimization_v4.0.30319_32 - ok
15:34:19.0192 0x0d48  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:34:19.0201 0x0d48  clr_optimization_v4.0.30319_64 - ok
15:34:19.0203 0x0d48  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:34:19.0209 0x0d48  CmBatt - ok
15:34:19.0212 0x0d48  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:34:19.0217 0x0d48  cmdide - ok
15:34:19.0227 0x0d48  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
15:34:19.0241 0x0d48  CNG - ok
15:34:19.0244 0x0d48  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:34:19.0250 0x0d48  Compbatt - ok
15:34:19.0252 0x0d48  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:34:19.0260 0x0d48  CompositeBus - ok
15:34:19.0262 0x0d48  COMSysApp - ok
15:34:19.0268 0x0d48  [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
15:34:19.0278 0x0d48  cphs - ok
15:34:19.0280 0x0d48  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:34:19.0286 0x0d48  crcdisk - ok
15:34:19.0291 0x0d48  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:34:19.0300 0x0d48  CryptSvc - ok
15:34:19.0311 0x0d48  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:34:19.0324 0x0d48  CSC - ok
15:34:19.0336 0x0d48  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:34:19.0352 0x0d48  CscService - ok
15:34:19.0357 0x0d48  [ 35D1B1D879926DA06B740547428A45B7, 467915863EAFF1F5C8BFFB3C3FAF6CAAC8E621EFBF399B796F420C7443B3B022 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
15:34:19.0363 0x0d48  ctxusbm - ok
15:34:19.0374 0x0d48  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:34:19.0399 0x0d48  DcomLaunch - ok
15:34:19.0405 0x0d48  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:34:19.0427 0x0d48  defragsvc - ok
15:34:19.0431 0x0d48  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:34:19.0450 0x0d48  DfsC - ok
15:34:19.0454 0x0d48  [ 5492F6FB1F32E10AEF02679872AFD194, 470A0C39734E261DC7443C8E59ECE89A7E367ABCFC15AA325EB995452C3973AA ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
15:34:19.0460 0x0d48  dg_ssudbus - ok
15:34:19.0467 0x0d48  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:34:19.0478 0x0d48  Dhcp - ok
15:34:19.0504 0x0d48  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
15:34:19.0529 0x0d48  DiagTrack - ok
15:34:19.0533 0x0d48  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:34:19.0551 0x0d48  discache - ok
15:34:19.0554 0x0d48  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:34:19.0560 0x0d48  Disk - ok
15:34:19.0563 0x0d48  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:34:19.0571 0x0d48  dmvsc - ok
15:34:19.0575 0x0d48  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:34:19.0584 0x0d48  Dnscache - ok
15:34:19.0590 0x0d48  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:34:19.0611 0x0d48  dot3svc - ok
15:34:19.0615 0x0d48  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:34:19.0635 0x0d48  DPS - ok
15:34:19.0638 0x0d48  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:34:19.0643 0x0d48  drmkaud - ok
15:34:19.0660 0x0d48  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:34:19.0679 0x0d48  DXGKrnl - ok
15:34:19.0683 0x0d48  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:34:19.0703 0x0d48  EapHost - ok
15:34:19.0751 0x0d48  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:34:19.0801 0x0d48  ebdrv - ok
15:34:19.0806 0x0d48  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] EFS             C:\Windows\System32\lsass.exe
15:34:19.0813 0x0d48  EFS - ok
15:34:19.0826 0x0d48  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:34:19.0842 0x0d48  ehRecvr - ok
15:34:19.0846 0x0d48  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:34:19.0854 0x0d48  ehSched - ok
15:34:19.0864 0x0d48  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:34:19.0877 0x0d48  elxstor - ok
15:34:19.0879 0x0d48  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:34:19.0885 0x0d48  ErrDev - ok
15:34:19.0888 0x0d48  EST_BusEnum - ok
15:34:19.0897 0x0d48  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:34:19.0921 0x0d48  EventSystem - ok
15:34:19.0926 0x0d48  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:34:19.0947 0x0d48  exfat - ok
15:34:19.0952 0x0d48  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:34:19.0973 0x0d48  fastfat - ok
15:34:19.0985 0x0d48  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:34:20.0001 0x0d48  Fax - ok
15:34:20.0003 0x0d48  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:34:20.0010 0x0d48  fdc - ok
15:34:20.0012 0x0d48  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:34:20.0032 0x0d48  fdPHost - ok
15:34:20.0035 0x0d48  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:34:20.0053 0x0d48  FDResPub - ok
15:34:20.0056 0x0d48  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:34:20.0063 0x0d48  FileInfo - ok
15:34:20.0065 0x0d48  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:34:20.0084 0x0d48  Filetrace - ok
15:34:20.0091 0x0d48  [ 72CC30F0D6DF8D3FBD5CD728259A8F69, F7774D35B38F35E31A8EEE37FF2F203C1CED433FF84EC265CD92B38CBFE3AB8F ] file_tracker    C:\Windows\system32\DRIVERS\file_tracker.sys
15:34:20.0100 0x0d48  file_tracker - ok
15:34:20.0114 0x0d48  [ 3D9B36631032FDE0FFEA0DC0260E4E35, 48B574A67D3FA015EBD078715CEC3E2B63B939D379CD4B40BFBB80397A2C58B3 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:34:20.0125 0x0d48  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
15:34:22.0340 0x1d14  Object required for P2P: [ 55C892763A614BA39BA956A0323C65F3 ] ClickToRunSvc
15:34:22.0810 0x0d48  Detect skipped due to KSN trusted
15:34:22.0810 0x0d48  FLEXnet Licensing Service - ok
15:34:22.0843 0x0d48  [ 52C0312AB35EB7187015FB6A99136BB5, 54A45B0BF8108D018C86FD0542DA92E7A6F58CDB92C9E3674E115CD770031732 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:34:22.0864 0x0d48  FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic ( 1 )
15:34:25.0120 0x1d14  Object send P2P result: true
15:34:25.0646 0x0d48  Detect skipped due to KSN trusted
15:34:25.0646 0x0d48  FLEXnet Licensing Service 64 - ok
15:34:25.0652 0x0d48  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:34:25.0667 0x0d48  flpydisk - ok
15:34:25.0678 0x0d48  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:34:25.0695 0x0d48  FltMgr - ok
15:34:25.0700 0x0d48  [ 9BD0273A5B650CC16E8A54AD9B312BEB, 1AA219C4CC29E8301075537A330CC7FB677CD884AABD8FB3D99CFBEA1AB4CDF2 ] fltsrv          C:\Windows\system32\DRIVERS\fltsrv.sys
15:34:25.0706 0x0d48  fltsrv - ok
15:34:25.0726 0x0d48  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
15:34:25.0749 0x0d48  FontCache - ok
15:34:25.0752 0x0d48  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:34:25.0758 0x0d48  FontCache3.0.0.0 - ok
15:34:25.0761 0x0d48  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:34:25.0767 0x0d48  FsDepends - ok
15:34:25.0770 0x0d48  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:34:25.0776 0x0d48  Fs_Rec - ok
15:34:25.0779 0x0d48  [ 82D4BD620F7E27EA268EA0E2F701A7AE, 744014A791C07CF3B9387ADECB94552D8B6AC523433F7063411198509155F3E9 ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
15:34:25.0784 0x0d48  FTDIBUS - ok
15:34:25.0789 0x0d48  [ 0D015D3584704EC814A58276232F143B, 13290A33FEB4089DBD35259C60FD8BAD648DA2FC9435541FA89C7D9717AA095B ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
15:34:25.0795 0x0d48  Futuremark SystemInfo Service - ok
15:34:25.0800 0x0d48  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:34:25.0810 0x0d48  fvevol - ok
15:34:25.0813 0x0d48  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:34:25.0820 0x0d48  gagp30kx - ok
15:34:25.0834 0x0d48  [ 898F20847EFAFA91EB8936D39A9B6F7D, 6BE43ADC7094016B555623F474D70E091751628C0A19A9C2D6C706B0487795D7 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
15:34:25.0849 0x0d48  Garmin Device Interaction Service - ok
15:34:25.0863 0x0d48  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:34:25.0892 0x0d48  gpsvc - ok
15:34:25.0896 0x0d48  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:34:25.0902 0x0d48  gupdate - ok
15:34:25.0905 0x0d48  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:34:25.0911 0x0d48  gupdatem - ok
15:34:25.0915 0x0d48  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:34:25.0921 0x0d48  gusvc - ok
15:34:25.0924 0x0d48  [ 9932E254656DF50C514B8AE61EF12CCC, 502C06A9FE869CF65508155ABCD29640D5A0097FBF199DF0D61D9193D98C978B ] hcmon           C:\Windows\system32\drivers\hcmon.sys
15:34:25.0930 0x0d48  hcmon - ok
15:34:25.0932 0x0d48  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:34:25.0939 0x0d48  hcw85cir - ok
15:34:25.0946 0x0d48  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:34:25.0958 0x0d48  HdAudAddService - ok
15:34:25.0962 0x0d48  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:34:25.0972 0x0d48  HDAudBus - ok
15:34:25.0974 0x0d48  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:34:25.0981 0x0d48  HidBatt - ok
15:34:25.0984 0x0d48  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:34:25.0993 0x0d48  HidBth - ok
15:34:25.0996 0x0d48  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:34:26.0004 0x0d48  HidIr - ok
15:34:26.0007 0x0d48  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:34:26.0026 0x0d48  hidserv - ok
15:34:26.0029 0x0d48  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:34:26.0035 0x0d48  HidUsb - ok
15:34:26.0038 0x0d48  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:34:26.0058 0x0d48  hkmsvc - ok
15:34:26.0063 0x0d48  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:34:26.0073 0x0d48  HomeGroupListener - ok
15:34:26.0078 0x0d48  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:34:26.0087 0x0d48  HomeGroupProvider - ok
15:34:26.0090 0x0d48  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:34:26.0097 0x0d48  HpSAMD - ok
15:34:26.0110 0x0d48  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:34:26.0127 0x0d48  HTTP - ok
15:34:26.0130 0x0d48  [ F78FF50C486D530504B7D2BB36B1ED22, 51A0DC35947FC0AAF20E4E47EA88866CED55DC810B4C11E11626763B381225B5 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
15:34:26.0136 0x0d48  HWiNFO32 - ok
15:34:26.0138 0x0d48  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:34:26.0144 0x0d48  hwpolicy - ok
15:34:26.0147 0x0d48  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:34:26.0155 0x0d48  i8042prt - ok
15:34:26.0167 0x0d48  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:34:26.0179 0x0d48  iaStor - ok
15:34:26.0183 0x0d48  [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:34:26.0188 0x0d48  IAStorDataMgrSvc - ok
15:34:26.0195 0x0d48  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:34:26.0206 0x0d48  iaStorV - ok
15:34:26.0211 0x0d48  [ 90D95B25F8413F937A2E155F196D892C, 5D08EE7BFEB000F2A06FA2F37729C29C2A71760A4BD6241330E6FF257CB8D8EE ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
15:34:26.0215 0x0d48  ICCS - detected UnsignedFile.Multi.Generic ( 1 )
15:34:28.0899 0x0d48  Detect skipped due to KSN trusted
15:34:28.0899 0x0d48  ICCS - ok
15:34:28.0904 0x0d48  [ C1010ADD3DDAE1196ED21057AF7B2AAE, 68196851855AD395008D7F29FCEB28BA4BEB1F062B1844A60813E7DD102ACB1C ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
15:34:28.0915 0x0d48  ICCWDT - ok
15:34:28.0938 0x0d48  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:34:28.0963 0x0d48  idsvc - ok
15:34:28.0965 0x0d48  IEEtwCollectorService - ok
15:34:29.0021 0x0d48  [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:34:29.0080 0x0d48  igfx - ok
15:34:29.0091 0x0d48  [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
15:34:29.0101 0x0d48  igfxCUIService1.0.0.0 - ok
15:34:29.0104 0x0d48  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:34:29.0111 0x0d48  iirsp - ok
15:34:29.0137 0x0d48  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:34:29.0156 0x0d48  IKEEXT - ok
15:34:29.0216 0x0d48  [ 9CC645EB9697AA4F2D5A39835C80A0A2, 39861B19E9BF17F5250D571996167A178606150B62C876529D3699817FDDC42A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:34:29.0276 0x0d48  IntcAzAudAddService - ok
15:34:29.0286 0x0d48  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:34:29.0296 0x0d48  IntcDAud - ok
15:34:29.0308 0x0d48  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:34:29.0321 0x0d48  Intel(R) Capability Licensing Service Interface - ok
15:34:29.0324 0x0d48  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:34:29.0329 0x0d48  intelide - ok
15:34:29.0332 0x0d48  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:34:29.0340 0x0d48  intelppm - ok
15:34:29.0343 0x0d48  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:34:29.0363 0x0d48  IPBusEnum - ok
15:34:29.0366 0x0d48  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:34:29.0385 0x0d48  IpFilterDriver - ok
15:34:29.0396 0x0d48  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:34:29.0410 0x0d48  iphlpsvc - ok
15:34:29.0413 0x0d48  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:34:29.0420 0x0d48  IPMIDRV - ok
15:34:29.0425 0x0d48  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:34:29.0445 0x0d48  IPNAT - ok
15:34:29.0447 0x0d48  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:34:29.0456 0x0d48  IRENUM - ok
15:34:29.0459 0x0d48  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:34:29.0464 0x0d48  isapnp - ok
15:34:29.0470 0x0d48  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:34:29.0479 0x0d48  iScsiPrt - ok
15:34:29.0481 0x0d48  [ D596D915CF091DA1F8CE4BD38BB5D509, 9B4D246B6886FFD9BE329F3543B819FC010661B0F70206F16ECBF25A7B12AA6F ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
15:34:29.0486 0x0d48  iusb3hcs - ok
15:34:29.0493 0x0d48  [ 023896E23B61543A15A230EED996D911, 2F8D15B67AB2C1E87EA46F2CB9DBA564865D89DEA93A83B44A9B148883B96731 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
15:34:29.0503 0x0d48  iusb3hub - ok
15:34:29.0517 0x0d48  [ 7FAEC13F1ADD619F4B5B2D2CBF841E8E, E7ED64DD26FD4EA04C2C32C33BDA16FB985F3C6F1F8451480A0D24375B7F57AC ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
15:34:29.0533 0x0d48  iusb3xhc - ok
15:34:29.0538 0x0d48  [ 78ABBE558F57144047F10A0F50FE4B2F, 6BE608F7697D83FD6C7E6EA422AC5637933BDC96B1044C12DE9A419CE7D6F6CE ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:34:29.0545 0x0d48  jhi_service - ok
15:34:29.0548 0x0d48  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:34:29.0554 0x0d48  kbdclass - ok
15:34:29.0557 0x0d48  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:34:29.0564 0x0d48  kbdhid - ok
15:34:29.0569 0x0d48  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] KeyIso          C:\Windows\system32\lsass.exe
15:34:29.0575 0x0d48  KeyIso - ok
15:34:29.0581 0x0d48  [ 3A8C03156C3E31E70EF84E48CA179B46, E25E43D53BB6EE1B5F34C95B4FAD111B37A36367B8D047B10FC614DEE13658E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:34:29.0589 0x0d48  KSecDD - ok
15:34:29.0597 0x0d48  [ C6330F7C2E92A00E6773E82F79078AFC, D8B851BF4FCE85F2A269F0B46BC7EC5A118FCFDACE8460E7B54C1A7CE306774A ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:34:29.0604 0x0d48  KSecPkg - ok
15:34:29.0609 0x0d48  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:34:29.0627 0x0d48  ksthunk - ok
15:34:29.0647 0x0d48  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:34:29.0671 0x0d48  KtmRm - ok
15:34:29.0677 0x0d48  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:34:29.0698 0x0d48  LanmanServer - ok
15:34:29.0702 0x0d48  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:34:29.0722 0x0d48  LanmanWorkstation - ok
15:34:29.0726 0x0d48  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:34:29.0745 0x0d48  lltdio - ok
15:34:29.0751 0x0d48  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:34:29.0774 0x0d48  lltdsvc - ok
15:34:29.0776 0x0d48  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:34:29.0795 0x0d48  lmhosts - ok
15:34:29.0801 0x0d48  [ 2C24DC448DBE8DB9BE1441B824C57E79, DA2257EEC964A47D03C2BB13317FD788E51D4685E2395B303ED7B2575FEF3B19 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:34:29.0809 0x0d48  LMS - ok
15:34:29.0814 0x0d48  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:34:29.0821 0x0d48  LSI_FC - ok
15:34:29.0825 0x0d48  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:34:29.0831 0x0d48  LSI_SAS - ok
15:34:29.0834 0x0d48  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:34:29.0840 0x0d48  LSI_SAS2 - ok
15:34:29.0844 0x0d48  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:34:29.0851 0x0d48  LSI_SCSI - ok
15:34:29.0854 0x0d48  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:34:29.0874 0x0d48  luafv - ok
15:34:29.0877 0x0d48  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:34:29.0885 0x0d48  Mcx2Svc - ok
15:34:29.0888 0x0d48  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:34:29.0894 0x0d48  megasas - ok
15:34:29.0900 0x0d48  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:34:29.0909 0x0d48  MegaSR - ok
15:34:29.0912 0x0d48  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:34:29.0918 0x0d48  MEIx64 - ok
15:34:29.0920 0x0d48  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:34:29.0940 0x0d48  MMCSS - ok
15:34:29.0942 0x0d48  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:34:29.0961 0x0d48  Modem - ok
15:34:29.0964 0x0d48  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:34:29.0972 0x0d48  monitor - ok
15:34:29.0974 0x0d48  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:34:29.0980 0x0d48  mouclass - ok
15:34:29.0983 0x0d48  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:34:29.0990 0x0d48  mouhid - ok
15:34:29.0993 0x0d48  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:34:30.0000 0x0d48  mountmgr - ok
15:34:30.0004 0x0d48  [ C34AB4280614658903BE848CE79ACDB5, 9A943D9B3CF941DAE4EA4E2771B5EC5DA37AB16AD43095EF092B4259D62FF810 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:34:30.0011 0x0d48  MozillaMaintenance - ok
15:34:30.0015 0x0d48  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:34:30.0023 0x0d48  mpio - ok
15:34:30.0026 0x0d48  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:34:30.0046 0x0d48  mpsdrv - ok
15:34:30.0060 0x0d48  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:34:30.0090 0x0d48  MpsSvc - ok
15:34:30.0094 0x0d48  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:34:30.0102 0x0d48  MRxDAV - ok
15:34:30.0106 0x0d48  [ ACB6782973BD93760D597FC7BB37E692, 9B6EC2858D236DCE61FD5E0247F4D947A5DC484C9C0AABFDAF8270ABA392E787 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:34:30.0115 0x0d48  mrxsmb - ok
15:34:30.0121 0x0d48  [ 262BF7BB7D0E44CFAA9B12A1E0A6EDF1, CCC3A4CE929C7C8B07C1038BBE8425590CE14F5C37E1D5608978A3AD2F41519C ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:34:30.0132 0x0d48  mrxsmb10 - ok
15:34:30.0136 0x0d48  [ 8C0376974AA28398FF501E78C04ACB30, 81CE67BE933F67F760A72BF9B581F33BC151D98970765FE4425450A2EF450409 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:34:30.0144 0x0d48  mrxsmb20 - ok
15:34:30.0146 0x0d48  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:34:30.0152 0x0d48  msahci - ok
15:34:30.0156 0x0d48  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:34:30.0164 0x0d48  msdsm - ok
15:34:30.0168 0x0d48  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:34:30.0177 0x0d48  MSDTC - ok
15:34:30.0181 0x0d48  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:34:30.0199 0x0d48  Msfs - ok
15:34:30.0201 0x0d48  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:34:30.0220 0x0d48  mshidkmdf - ok
15:34:30.0222 0x0d48  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:34:30.0228 0x0d48  msisadrv - ok
15:34:30.0232 0x0d48  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:34:30.0253 0x0d48  MSiSCSI - ok
15:34:30.0255 0x0d48  msiserver - ok
15:34:30.0257 0x0d48  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:34:30.0276 0x0d48  MSKSSRV - ok
15:34:30.0278 0x0d48  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:34:30.0296 0x0d48  MSPCLOCK - ok
15:34:30.0298 0x0d48  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:34:30.0317 0x0d48  MSPQM - ok
15:34:30.0325 0x0d48  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:34:30.0335 0x0d48  MsRPC - ok
15:34:30.0339 0x0d48  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:34:30.0344 0x0d48  mssmbios - ok
15:34:30.0346 0x0d48  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:34:30.0365 0x0d48  MSTEE - ok
15:34:30.0367 0x0d48  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:34:30.0374 0x0d48  MTConfig - ok
15:34:30.0376 0x0d48  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:34:30.0383 0x0d48  Mup - ok
15:34:30.0392 0x0d48  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:34:30.0417 0x0d48  napagent - ok
15:34:30.0424 0x0d48  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:34:30.0438 0x0d48  NativeWifiP - ok
15:34:30.0451 0x0d48  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
15:34:30.0466 0x0d48  NAUpdate - ok
15:34:30.0484 0x0d48  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:34:30.0502 0x0d48  NDIS - ok
15:34:30.0505 0x0d48  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:34:30.0524 0x0d48  NdisCap - ok
15:34:30.0526 0x0d48  [ 270B10B8BD822DD4673781E0A1935DFB, 63D644B2E9AA14E0DA7660C00343C3597385EE2ACCCC61EFC3CD9A765CD35EFF ] ndisrd          C:\Windows\system32\DRIVERS\ndisrd.sys
15:34:30.0531 0x0d48  ndisrd - ok
15:34:30.0533 0x0d48  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:34:30.0552 0x0d48  NdisTapi - ok
15:34:30.0554 0x0d48  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:34:30.0573 0x0d48  Ndisuio - ok
15:34:30.0578 0x0d48  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:34:30.0597 0x0d48  NdisWan - ok
15:34:30.0600 0x0d48  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:34:30.0619 0x0d48  NDProxy - ok
15:34:30.0621 0x0d48  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:34:30.0640 0x0d48  NetBIOS - ok
15:34:30.0646 0x0d48  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:34:30.0667 0x0d48  NetBT - ok
15:34:30.0674 0x0d48  [ D7BEE08496534AB6EFACCDC78CDDA903, 5DB56601D6B8C31CAB3F94E539047F5D28EC7A756A21D35908CEB672BE409F02 ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
15:34:30.0681 0x0d48  NETGEARGenieDaemon - ok
15:34:30.0684 0x0d48  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] Netlogon        C:\Windows\system32\lsass.exe
15:34:30.0691 0x0d48  Netlogon - ok
15:34:30.0698 0x0d48  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:34:30.0722 0x0d48  Netman - ok
15:34:30.0730 0x0d48  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:30.0738 0x0d48  NetMsmqActivator - ok
15:34:30.0742 0x0d48  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:30.0750 0x0d48  NetPipeActivator - ok
15:34:30.0759 0x0d48  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:34:30.0784 0x0d48  netprofm - ok
15:34:30.0789 0x0d48  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:30.0797 0x0d48  NetTcpActivator - ok
15:34:30.0800 0x0d48  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:34:30.0808 0x0d48  NetTcpPortSharing - ok
15:34:30.0811 0x0d48  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:34:30.0817 0x0d48  nfrd960 - ok
15:34:30.0824 0x0d48  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:34:30.0834 0x0d48  NlaSvc - ok
15:34:30.0837 0x0d48  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF             C:\Windows\system32\drivers\npf.sys
15:34:30.0842 0x0d48  NPF - ok
15:34:30.0845 0x0d48  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:34:30.0864 0x0d48  Npfs - ok
15:34:30.0866 0x0d48  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:34:30.0886 0x0d48  nsi - ok
15:34:30.0888 0x0d48  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:34:30.0906 0x0d48  nsiproxy - ok
15:34:30.0933 0x0d48  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:34:30.0962 0x0d48  Ntfs - ok
15:34:30.0965 0x0d48  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:34:30.0983 0x0d48  Null - ok
15:34:30.0989 0x0d48  [ 05ED699058671EE1DC0B10E8B1152E92, 820F23EC6BECDA8AD7D9179390C32AC518F7BFA8A94665D2FF3CC3B7071605F8 ] NUServer64      C:\Windows\system32\DRIVERS\NUServer64.sys
15:34:30.0994 0x0d48  NUServer64 - detected UnsignedFile.Multi.Generic ( 1 )
15:34:33.0675 0x0d48  Detect skipped due to KSN trusted
15:34:33.0675 0x0d48  NUServer64 - ok
15:34:33.0680 0x0d48  NUS_Bus - ok
15:34:33.0688 0x0d48  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:34:33.0704 0x0d48  nvraid - ok
15:34:33.0709 0x0d48  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:34:33.0718 0x0d48  nvstor - ok
15:34:33.0723 0x0d48  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:34:33.0731 0x0d48  nv_agp - ok
15:34:33.0734 0x0d48  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:34:33.0742 0x0d48  ohci1394 - ok
15:34:33.0747 0x0d48  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:34:33.0755 0x0d48  ose - ok
__________________
Alt 17.10.2015, 14:56   #4
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


... und hier der 2. Teil der TDSSKiller Log-Datei

Code:
ATTFilter
15:34:33.0826 0x0d48  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:34:33.0901 0x0d48  osppsvc - ok
15:34:33.0911 0x0d48  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:34:33.0922 0x0d48  p2pimsvc - ok
15:34:33.0931 0x0d48  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:34:33.0944 0x0d48  p2psvc - ok
15:34:33.0947 0x0d48  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:34:33.0955 0x0d48  Parport - ok
15:34:33.0958 0x0d48  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:34:33.0965 0x0d48  partmgr - ok
15:34:33.0969 0x0d48  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:34:33.0994 0x0d48  PcaSvc - ok
15:34:33.0999 0x0d48  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:34:34.0007 0x0d48  pci - ok
15:34:34.0009 0x0d48  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:34:34.0015 0x0d48  pciide - ok
15:34:34.0020 0x0d48  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:34:34.0029 0x0d48  pcmcia - ok
15:34:34.0032 0x0d48  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:34:34.0038 0x0d48  pcw - ok
15:34:34.0050 0x0d48  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:34:34.0065 0x0d48  PEAUTH - ok
15:34:34.0088 0x0d48  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:34:34.0113 0x0d48  PeerDistSvc - ok
15:34:34.0139 0x0d48  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:34:34.0146 0x0d48  PerfHost - ok
15:34:34.0172 0x0d48  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:34:34.0210 0x0d48  pla - ok
15:34:34.0219 0x0d48  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:34:34.0231 0x0d48  PlugPlay - ok
15:34:34.0234 0x0d48  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:34:34.0241 0x0d48  PNRPAutoReg - ok
15:34:34.0248 0x0d48  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:34:34.0259 0x0d48  PNRPsvc - ok
15:34:34.0268 0x0d48  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:34:34.0293 0x0d48  PolicyAgent - ok
15:34:34.0298 0x0d48  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:34:34.0320 0x0d48  Power - ok
15:34:34.0323 0x0d48  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:34:34.0342 0x0d48  PptpMiniport - ok
15:34:34.0345 0x0d48  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:34:34.0352 0x0d48  Processor - ok
15:34:34.0358 0x0d48  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:34:34.0368 0x0d48  ProfSvc - ok
15:34:34.0370 0x0d48  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:34:34.0377 0x0d48  ProtectedStorage - ok
15:34:34.0381 0x0d48  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:34:34.0400 0x0d48  Psched - ok
15:34:34.0424 0x0d48  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:34:34.0450 0x0d48  ql2300 - ok
15:34:34.0455 0x0d48  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:34:34.0462 0x0d48  ql40xx - ok
15:34:34.0468 0x0d48  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:34:34.0480 0x0d48  QWAVE - ok
15:34:34.0483 0x0d48  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:34:34.0493 0x0d48  QWAVEdrv - ok
15:34:34.0495 0x0d48  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:34:34.0514 0x0d48  RasAcd - ok
15:34:34.0516 0x0d48  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:34:34.0536 0x0d48  RasAgileVpn - ok
15:34:34.0539 0x0d48  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:34:34.0559 0x0d48  RasAuto - ok
15:34:34.0563 0x0d48  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:34:34.0583 0x0d48  Rasl2tp - ok
15:34:34.0591 0x0d48  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:34:34.0614 0x0d48  RasMan - ok
15:34:34.0618 0x0d48  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:34:34.0637 0x0d48  RasPppoe - ok
15:34:34.0640 0x0d48  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:34:34.0660 0x0d48  RasSstp - ok
15:34:34.0667 0x0d48  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:34:34.0689 0x0d48  rdbss - ok
15:34:34.0692 0x0d48  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:34:34.0700 0x0d48  rdpbus - ok
15:34:34.0702 0x0d48  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:34:34.0721 0x0d48  RDPCDD - ok
15:34:34.0726 0x0d48  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:34:34.0735 0x0d48  RDPDR - ok
15:34:34.0737 0x0d48  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:34:34.0756 0x0d48  RDPENCDD - ok
15:34:34.0758 0x0d48  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:34:34.0777 0x0d48  RDPREFMP - ok
15:34:34.0781 0x0d48  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:34:34.0788 0x0d48  RdpVideoMiniport - ok
15:34:34.0793 0x0d48  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:34:34.0802 0x0d48  RDPWD - ok
15:34:34.0807 0x0d48  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:34:34.0816 0x0d48  rdyboost - ok
15:34:34.0819 0x0d48  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:34:34.0840 0x0d48  RemoteAccess - ok
15:34:34.0844 0x0d48  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:34:34.0865 0x0d48  RemoteRegistry - ok
15:34:34.0870 0x0d48  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:34:34.0880 0x0d48  RFCOMM - ok
15:34:34.0884 0x0d48  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:34:34.0904 0x0d48  RpcEptMapper - ok
15:34:34.0907 0x0d48  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:34:34.0914 0x0d48  RpcLocator - ok
15:34:34.0923 0x0d48  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:34:34.0949 0x0d48  RpcSs - ok
15:34:34.0953 0x0d48  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:34:34.0972 0x0d48  rspndr - ok
15:34:34.0985 0x0d48  [ 3713DACCA1025B05A6343104112708D9, 77830F361775166ED2408CFF9F0DBEDFF225895DD0FAC93F3DC5FFD8DBE0ED2B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:34:34.0999 0x0d48  RTL8167 - ok
15:34:35.0002 0x0d48  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:34:35.0008 0x0d48  s3cap - ok
15:34:35.0010 0x0d48  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] SamSs           C:\Windows\system32\lsass.exe
15:34:35.0016 0x0d48  SamSs - ok
15:34:35.0020 0x0d48  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:34:35.0027 0x0d48  sbp2port - ok
15:34:35.0032 0x0d48  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:34:35.0053 0x0d48  SCardSvr - ok
15:34:35.0056 0x0d48  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:34:35.0074 0x0d48  scfilter - ok
15:34:35.0093 0x0d48  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
15:34:35.0115 0x0d48  Schedule - ok
15:34:35.0119 0x0d48  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:34:35.0137 0x0d48  SCPolicySvc - ok
15:34:35.0142 0x0d48  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:34:35.0151 0x0d48  SDRSVC - ok
15:34:35.0153 0x0d48  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:34:35.0160 0x0d48  secdrv - ok
15:34:35.0162 0x0d48  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:34:35.0181 0x0d48  seclogon - ok
15:34:35.0184 0x0d48  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:34:35.0204 0x0d48  SENS - ok
15:34:35.0206 0x0d48  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:34:35.0213 0x0d48  SensrSvc - ok
15:34:35.0216 0x0d48  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:34:35.0223 0x0d48  Serenum - ok
15:34:35.0226 0x0d48  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:34:35.0233 0x0d48  Serial - ok
15:34:35.0236 0x0d48  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:34:35.0242 0x0d48  sermouse - ok
15:34:35.0249 0x0d48  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:34:35.0269 0x0d48  SessionEnv - ok
15:34:35.0271 0x0d48  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:34:35.0279 0x0d48  sffdisk - ok
15:34:35.0281 0x0d48  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:34:35.0289 0x0d48  sffp_mmc - ok
15:34:35.0291 0x0d48  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:34:35.0299 0x0d48  sffp_sd - ok
15:34:35.0302 0x0d48  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:34:35.0308 0x0d48  sfloppy - ok
15:34:35.0315 0x0d48  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:34:35.0339 0x0d48  SharedAccess - ok
15:34:35.0346 0x0d48  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:34:35.0369 0x0d48  ShellHWDetection - ok
15:34:35.0372 0x0d48  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:34:35.0378 0x0d48  SiSRaid2 - ok
15:34:35.0381 0x0d48  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:34:35.0387 0x0d48  SiSRaid4 - ok
15:34:35.0390 0x0d48  [ 55C26C510199730D3EB87DB9CB77ED29, 5DAEF4463577F36DEF54231E76434CD7EF3C4A496D3B7685E12A45E0E605F686 ] SIUSBXP         C:\Windows\system32\drivers\SiUSBXp.sys
15:34:35.0396 0x0d48  SIUSBXP - ok
15:34:35.0399 0x0d48  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:34:35.0419 0x0d48  Smb - ok
15:34:35.0427 0x0d48  [ 2F7A6F88A9516EB47B0BF13024434244, 5FC5635D077AAA42853F78306C941995B56E939015CC3F27D376CBD9395C7410 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
15:34:35.0436 0x0d48  snapman - ok
15:34:35.0438 0x0d48  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:34:35.0446 0x0d48  SNMPTRAP - ok
15:34:35.0448 0x0d48  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:34:35.0454 0x0d48  spldr - ok
15:34:35.0464 0x0d48  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:34:35.0478 0x0d48  Spooler - ok
15:34:35.0530 0x0d48  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:34:35.0595 0x0d48  sppsvc - ok
15:34:35.0602 0x0d48  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:34:35.0622 0x0d48  sppuinotify - ok
15:34:35.0631 0x0d48  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:34:35.0644 0x0d48  srv - ok
15:34:35.0652 0x0d48  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:34:35.0663 0x0d48  srv2 - ok
15:34:35.0668 0x0d48  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:34:35.0676 0x0d48  srvnet - ok
15:34:35.0681 0x0d48  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:34:35.0703 0x0d48  SSDPSRV - ok
15:34:35.0706 0x0d48  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
15:34:35.0711 0x0d48  SSPORT - ok
15:34:35.0714 0x0d48  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:34:35.0734 0x0d48  SstpSvc - ok
15:34:35.0739 0x0d48  [ 627FFBE52FEDF0460C3D7259FC0EDF50, 92CB006CA91E4AF0CAA3ECD74D9329C349650EAFF70D847E62D9D8F2BE38B3B1 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
15:34:35.0747 0x0d48  ssudmdm - ok
15:34:35.0760 0x0d48  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
15:34:35.0774 0x0d48  ss_conn_service - ok
15:34:35.0777 0x0d48  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:34:35.0783 0x0d48  stexstor - ok
15:34:35.0794 0x0d48  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:34:35.0811 0x0d48  stisvc - ok
15:34:35.0814 0x0d48  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:34:35.0820 0x0d48  storflt - ok
15:34:35.0822 0x0d48  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
15:34:35.0829 0x0d48  StorSvc - ok
15:34:35.0832 0x0d48  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:34:35.0838 0x0d48  storvsc - ok
15:34:35.0840 0x0d48  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:34:35.0845 0x0d48  swenum - ok
15:34:35.0854 0x0d48  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:34:35.0881 0x0d48  swprv - ok
15:34:35.0978 0x0d48  [ 06A5A15C89E5F2C08D0C595C1DA776AF, EEFC5803E3C76115DF24B00A4BD6F3196D6CD87049802EF58BE6CF2CCB758FBF ] syncagentsrv    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
15:34:36.0075 0x0d48  syncagentsrv - ok
15:34:36.0108 0x0d48  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
15:34:36.0139 0x0d48  SysMain - ok
15:34:36.0143 0x0d48  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:34:36.0154 0x0d48  TabletInputService - ok
15:34:36.0160 0x0d48  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:34:36.0183 0x0d48  TapiSrv - ok
15:34:36.0186 0x0d48  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:34:36.0206 0x0d48  TBS - ok
15:34:36.0236 0x0d48  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:34:36.0268 0x0d48  Tcpip - ok
15:34:36.0300 0x0d48  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:34:36.0331 0x0d48  TCPIP6 - ok
15:34:36.0336 0x0d48  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:34:36.0343 0x0d48  tcpipreg - ok
15:34:36.0346 0x0d48  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:34:36.0352 0x0d48  TDPIPE - ok
15:34:36.0355 0x0d48  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:34:36.0361 0x0d48  TDTCP - ok
15:34:36.0365 0x0d48  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:34:36.0373 0x0d48  tdx - ok
15:34:36.0458 0x0d48  [ 19ADFE7E7861372D9FAC774252AB1AC7, 76EF484F51A34C592CEECAFA400094F88B92D85EE3267C0AA36E79B73185C48C ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
15:34:36.0536 0x0d48  TeamViewer - ok
15:34:36.0544 0x0d48  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:34:36.0550 0x0d48  TermDD - ok
15:34:36.0562 0x0d48  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:34:36.0578 0x0d48  TermService - ok
15:34:36.0581 0x0d48  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:34:36.0592 0x0d48  Themes - ok
15:34:36.0594 0x0d48  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:34:36.0614 0x0d48  THREADORDER - ok
15:34:36.0634 0x0d48  [ AEEEB1EE424A8D6F17B3A6461E0FC7E6, 3A5FD27DF6132E84DC03366FB684B31A454C0805A5E4EA0C67B0CE85FF446B93 ] tib             C:\Windows\system32\DRIVERS\tib.sys
15:34:36.0653 0x0d48  tib - ok
15:34:36.0660 0x0d48  [ 3813F93D8A69EDE68913CC3050640FE3, 4931BC6DA6FD0808C985CD6202FB759F6B8DE8957FB44E6AD8844EA58C891AC1 ] tib_mounter     C:\Windows\system32\DRIVERS\tib_mounter.sys
15:34:36.0669 0x0d48  tib_mounter - ok
15:34:36.0674 0x0d48  [ 0BE207E358E5C198E7CB005C08E96E89, 62DA84BD22086456827D5384DE14647318576F8BDAC68B901F835E26CDE8E364 ] Tomcat7         C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe
15:34:36.0677 0x0d48  Tomcat7 - detected UnsignedFile.Multi.Generic ( 1 )
15:34:39.0360 0x0d48  Detect skipped due to KSN trusted
15:34:39.0360 0x0d48  Tomcat7 - ok
15:34:39.0369 0x0d48  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:34:39.0408 0x0d48  TrkWks - ok
15:34:39.0413 0x0d48  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:34:39.0434 0x0d48  TrustedInstaller - ok
15:34:39.0438 0x0d48  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:34:39.0445 0x0d48  tssecsrv - ok
15:34:39.0448 0x0d48  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:34:39.0455 0x0d48  TsUsbFlt - ok
15:34:39.0458 0x0d48  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:34:39.0464 0x0d48  TsUsbGD - ok
15:34:39.0468 0x0d48  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:34:39.0487 0x0d48  tunnel - ok
15:34:39.0490 0x0d48  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:34:39.0496 0x0d48  uagp35 - ok
15:34:39.0503 0x0d48  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:34:39.0525 0x0d48  udfs - ok
15:34:39.0530 0x0d48  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:34:39.0538 0x0d48  UI0Detect - ok
15:34:39.0542 0x0d48  [ 6D5E0269F2B97011800B788ACCF2EAF6, 1F1B0B161BC85F04863FA4383FCC9A1AAAD939394D39D02F061FA7F314719233 ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
15:34:39.0548 0x0d48  UimBus - ok
15:34:39.0559 0x0d48  [ A30AC921D38E6F3EACFF0D0FF5510F1A, 1888455F4B42A0D183F26B8A1C68E2D6DCB2C5F47B4C6E59B0EA568971510D03 ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
15:34:39.0572 0x0d48  Uim_IM - ok
15:34:39.0575 0x0d48  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:34:39.0582 0x0d48  uliagpkx - ok
15:34:39.0584 0x0d48  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:34:39.0592 0x0d48  umbus - ok
15:34:39.0594 0x0d48  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:34:39.0600 0x0d48  UmPass - ok
15:34:39.0605 0x0d48  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:34:39.0615 0x0d48  UmRdpService - ok
15:34:39.0623 0x0d48  [ E1A119AD21F5AFE22EB516C549306D3D, 48769D5E7A78B7A2C00F1F6798AC133CF3E0B2C76F71D3719BD741DDD8F2D229 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:34:39.0633 0x0d48  UNS - ok
15:34:39.0640 0x0d48  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:34:39.0665 0x0d48  upnphost - ok
15:34:39.0669 0x0d48  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:34:39.0676 0x0d48  usbccgp - ok
15:34:39.0679 0x0d48  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:34:39.0687 0x0d48  usbcir - ok
15:34:39.0693 0x0d48  [ 635686E528F2C9CB916EC1BB04EE6AD1, 080A0F209773232860F510F17005EF92650BA831F69BB0006AEF11A2BB0A4906 ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
15:34:39.0701 0x0d48  UsbClientService - ok
15:34:39.0704 0x0d48  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:34:39.0711 0x0d48  usbehci - ok
15:34:39.0718 0x0d48  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:34:39.0729 0x0d48  usbhub - ok
15:34:39.0731 0x0d48  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:34:39.0738 0x0d48  usbohci - ok
15:34:39.0740 0x0d48  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:34:39.0748 0x0d48  usbprint - ok
15:34:39.0751 0x0d48  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\usbser.sys
15:34:39.0757 0x0d48  usbser - ok
15:34:39.0761 0x0d48  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:34:39.0768 0x0d48  USBSTOR - ok
15:34:39.0770 0x0d48  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:34:39.0777 0x0d48  usbuhci - ok
15:34:39.0779 0x0d48  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:34:39.0799 0x0d48  UxSms - ok
15:34:39.0801 0x0d48  [ 5424EC756808C1002457033D969115C7, 85B86C3DF9BCF4BA085C4978BE36A38D0079CE24C5C61FB754286E476EB77741 ] VaultSvc        C:\Windows\system32\lsass.exe
15:34:39.0808 0x0d48  VaultSvc - ok
15:34:39.0810 0x0d48  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:34:39.0816 0x0d48  vdrvroot - ok
15:34:39.0826 0x0d48  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:34:39.0852 0x0d48  vds - ok
15:34:39.0854 0x0d48  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:34:39.0863 0x0d48  vga - ok
15:34:39.0865 0x0d48  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:34:39.0884 0x0d48  VgaSave - ok
15:34:39.0889 0x0d48  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:34:39.0897 0x0d48  vhdmp - ok
15:34:39.0899 0x0d48  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:34:39.0905 0x0d48  viaide - ok
15:34:39.0909 0x0d48  [ BD00A8CFB76E6BB0E89DB191E3712528, 870664951D908772454E30042E2CD464722DF7331AFAC016B0884EC375FEA5C3 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
15:34:39.0915 0x0d48  VMAuthdService - ok
15:34:39.0920 0x0d48  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:34:39.0929 0x0d48  vmbus - ok
15:34:39.0931 0x0d48  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:34:39.0937 0x0d48  VMBusHID - ok
15:34:39.0940 0x0d48  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
15:34:39.0946 0x0d48  vmci - ok
15:34:39.0949 0x0d48  [ C0E61F8A36ADFB7C953BA3AA73B2F13A, 54F8A798DD933C32ADEFD08EF61F64A87F9C81A9E9B6FE95173020FD8F4B839D ] vmkbd           C:\Windows\system32\drivers\VMkbd.sys
15:34:39.0955 0x0d48  vmkbd - ok
15:34:39.0957 0x0d48  [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
15:34:39.0962 0x0d48  VMnetAdapter - ok
15:34:39.0965 0x0d48  [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
15:34:39.0971 0x0d48  VMnetBridge - ok
15:34:39.0998 0x0d48  [ 338CD01BD29805A93902B9237A39CAC5, AB667D0BD54FFCAA997F97755CE576E47D361EEA21E45B95DEA1E912693B4CE2 ] VMnetDHCP       C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
15:34:40.0009 0x0d48  VMnetDHCP - ok
15:34:40.0012 0x0d48  [ 76C4CFAC694A581EA5C8DE89B6AEBD4B, B6D19529223BD20AA2A17D93A8F0D2D32369FDE4E8535F6D1191B065B0755EE4 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
15:34:40.0018 0x0d48  VMnetuserif - ok
15:34:40.0021 0x0d48  [ 5C33E873349CF67272A8B342AC963A6E, 9CB419F422C88C0055440E1AF94716C537E9D9CD34DF6F2AE81C3D2CDDD1FD31 ] vmusb           C:\Windows\system32\DRIVERS\vmusb.sys
15:34:40.0027 0x0d48  vmusb - ok
15:34:40.0042 0x0d48  [ 9D88591D3B97D30234F5B965B8E0ABD6, 42ECDD6D789645242E4640F10C1FB91BF0C2B37CDE3CF864B8175EE3E05DB2DB ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
15:34:40.0059 0x0d48  VMUSBArbService - ok
15:34:40.0069 0x0d48  [ 2B2BB1F8BFEBE6B847FDB32F89EA2A3E, 743EBF3EF12067A77454B04559E266EFB306A454AF765A0821193C646A952F2E ] VMware NAT Service C:\WINDOWS\SYSWOW64\VMNAT.EXE
15:34:40.0080 0x0d48  VMware NAT Service - ok
15:34:40.0090 0x0d48  [ A0B529AE4ED3E1BB60577582E9D4872E, 6F8BC4415E2B3FD7A4F6C27DBBF6363369EC9787E1E231A9B6AD2E6B5959A176 ] vmware-converter-agent C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
15:34:40.0101 0x0d48  vmware-converter-agent - ok
15:34:40.0111 0x0d48  [ D6966F3F940BFA0B0D6F081498718319, DF7DC540D7F80D01C92F1D6F6F25F1CF002D842F6F0311BABC9E87813C537F63 ] vmware-converter-server C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
15:34:40.0121 0x0d48  vmware-converter-server - ok
15:34:40.0130 0x0d48  [ D6966F3F940BFA0B0D6F081498718319, DF7DC540D7F80D01C92F1D6F6F25F1CF002D842F6F0311BABC9E87813C537F63 ] vmware-converter-worker C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
15:34:40.0141 0x0d48  vmware-converter-worker - ok
15:34:40.0144 0x0d48  [ F6B89D7078138FE6E9C00CF311FFE517, 701A33BB32A0289B2878268A27A5F4D36167C126601D51DC6EEE1C109E990868 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
15:34:40.0150 0x0d48  vmx86 - ok
15:34:40.0153 0x0d48  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:34:40.0159 0x0d48  volmgr - ok
15:34:40.0167 0x0d48  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:34:40.0177 0x0d48  volmgrx - ok
15:34:40.0183 0x0d48  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:34:40.0193 0x0d48  volsnap - ok
15:34:40.0197 0x0d48  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:34:40.0205 0x0d48  vsmraid - ok
15:34:40.0208 0x0d48  [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock           C:\Windows\system32\drivers\vsock.sys
15:34:40.0213 0x0d48  vsock - ok
15:34:40.0239 0x0d48  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:34:40.0279 0x0d48  VSS - ok
15:34:40.0283 0x0d48  [ C279CC22288F277A14620EB949F0E1B9, 8E158D7C930EA6B3ACD7194062AFB562DE8D392A32E4F93E64D06F4A20739E69 ] vstor2-mntapi20-shared C:\Windows\syswow64\drivers\vstor2-mntapi20-shared.sys
15:34:40.0288 0x0d48  vstor2-mntapi20-shared - ok
15:34:40.0290 0x0d48  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:34:40.0298 0x0d48  vwifibus - ok
15:34:40.0306 0x0d48  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:34:40.0331 0x0d48  W32Time - ok
15:34:40.0334 0x0d48  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:34:40.0341 0x0d48  WacomPen - ok
15:34:40.0344 0x0d48  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:34:40.0363 0x0d48  WANARP - ok
15:34:40.0366 0x0d48  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:34:40.0384 0x0d48  Wanarpv6 - ok
15:34:40.0408 0x0d48  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:34:40.0435 0x0d48  wbengine - ok
15:34:40.0441 0x0d48  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:34:40.0454 0x0d48  WbioSrvc - ok
15:34:40.0461 0x0d48  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:34:40.0476 0x0d48  wcncsvc - ok
15:34:40.0478 0x0d48  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:34:40.0486 0x0d48  WcsPlugInService - ok
15:34:40.0488 0x0d48  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:34:40.0494 0x0d48  Wd - ok
15:34:40.0507 0x0d48  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:34:40.0524 0x0d48  Wdf01000 - ok
15:34:40.0528 0x0d48  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:34:40.0536 0x0d48  WdiServiceHost - ok
15:34:40.0539 0x0d48  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:34:40.0546 0x0d48  WdiSystemHost - ok
15:34:40.0552 0x0d48  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
15:34:40.0562 0x0d48  WebClient - ok
15:34:40.0568 0x0d48  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:34:40.0590 0x0d48  Wecsvc - ok
15:34:40.0594 0x0d48  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:34:40.0614 0x0d48  wercplsupport - ok
15:34:40.0618 0x0d48  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:34:40.0638 0x0d48  WerSvc - ok
15:34:40.0641 0x0d48  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:34:40.0659 0x0d48  WfpLwf - ok
15:34:40.0673 0x0d48  [ 80D4D2866A3D1E0F281A35CC17C18666, 02D21490945D85F48BE2267415CE0B739A0F44E4BB0F660DE72580CC3091F73E ] WIMMount        G:\ctnot\Projects\Tools\Win8PESE\X64\wimmount.sys
15:34:40.0680 0x0d48  WIMMount - ok
15:34:40.0681 0x0d48  WinDefend - ok
15:34:40.0685 0x0d48  WinHttpAutoProxySvc - ok
15:34:40.0694 0x0d48  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:34:40.0716 0x0d48  Winmgmt - ok
15:34:40.0746 0x0d48  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
15:34:40.0781 0x0d48  WinRM - ok
15:34:40.0787 0x0d48  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:34:40.0796 0x0d48  WinUsb - ok
15:34:40.0811 0x0d48  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:34:40.0833 0x0d48  Wlansvc - ok
15:34:40.0836 0x0d48  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:34:40.0843 0x0d48  WmiAcpi - ok
15:34:40.0849 0x0d48  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:34:40.0858 0x0d48  wmiApSrv - ok
15:34:40.0860 0x0d48  WMPNetworkSvc - ok
15:34:40.0863 0x0d48  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:34:40.0870 0x0d48  WPCSvc - ok
15:34:40.0873 0x0d48  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:34:40.0883 0x0d48  WPDBusEnum - ok
15:34:40.0885 0x0d48  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:34:40.0904 0x0d48  ws2ifsl - ok
15:34:40.0907 0x0d48  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:34:40.0918 0x0d48  wscsvc - ok
15:34:40.0920 0x0d48  WSearch - ok
15:34:40.0960 0x0d48  [ 291778E1A36716182AFBC1731B2DFEAB, C0B928CCCE8C496C90C42E0D294BAB51DC67C02B0D20CFB6A16B0AE1F51CC497 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:34:41.0001 0x0d48  wuauserv - ok
15:34:41.0006 0x0d48  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:34:41.0014 0x0d48  WudfPf - ok
15:34:41.0019 0x0d48  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:34:41.0028 0x0d48  WUDFRd - ok
15:34:41.0031 0x0d48  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:34:41.0039 0x0d48  wudfsvc - ok
15:34:41.0045 0x0d48  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:34:41.0055 0x0d48  WwanSvc - ok
15:34:41.0059 0x0d48  ================ Scan global ===============================
15:34:41.0062 0x0d48  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:34:41.0067 0x0d48  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
15:34:41.0074 0x0d48  [ 4AD1C61152A0199E3D7F9A82C07AC629, A4A42C7757EB084EE368A6BC4EBAB0C47BE41B0B4119A6AECD1B8E3332A7C5D5 ] C:\Windows\system32\winsrv.dll
15:34:41.0079 0x0d48  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:34:41.0087 0x0d48  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:34:41.0091 0x0d48  [ Global ] - ok
15:34:41.0091 0x0d48  ================ Scan MBR ==================================
15:34:41.0092 0x0d48  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:34:41.0137 0x0d48  \Device\Harddisk0\DR0 - ok
15:34:41.0138 0x0d48  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:34:41.0154 0x0d48  \Device\Harddisk1\DR1 - ok
15:34:41.0155 0x0d48  ================ Scan VBR ==================================
15:34:41.0156 0x0d48  [ A277FC704CD42ADAD7D12967C7DEF5C3 ] \Device\Harddisk0\DR0\Partition1
15:34:41.0157 0x0d48  \Device\Harddisk0\DR0\Partition1 - ok
15:34:41.0159 0x0d48  [ 31C49B77016D16910AA8EAC2D2155ACF ] \Device\Harddisk0\DR0\Partition2
15:34:41.0160 0x0d48  \Device\Harddisk0\DR0\Partition2 - ok
15:34:41.0161 0x0d48  [ D8A6C106545612A8C3F422E872F5B6C6 ] \Device\Harddisk1\DR1\Partition1
15:34:41.0162 0x0d48  \Device\Harddisk1\DR1\Partition1 - ok
15:34:41.0163 0x0d48  [ B8F2C64F4F05D13FDC0B2DE25128970C ] \Device\Harddisk1\DR1\Partition2
15:34:41.0165 0x0d48  \Device\Harddisk1\DR1\Partition2 - ok
15:34:41.0166 0x0d48  [ B9FA8B72BB000D7F5F82BD929562176B ] \Device\Harddisk1\DR1\Partition3
15:34:41.0167 0x0d48  \Device\Harddisk1\DR1\Partition3 - ok
15:34:41.0168 0x0d48  [ 7892A44651D397851C80901C09B94E9C ] \Device\Harddisk1\DR1\Partition4
15:34:41.0169 0x0d48  \Device\Harddisk1\DR1\Partition4 - ok
15:34:41.0170 0x0d48  [ 48ECFE2055B2D48FB3DCF57F8339453D ] \Device\Harddisk1\DR1\Partition5
15:34:41.0171 0x0d48  \Device\Harddisk1\DR1\Partition5 - ok
15:34:41.0171 0x0d48  ================ Scan generic autorun ======================
15:34:41.0267 0x0d48  [ AF04B6DDF123991C625472494BC1221C, D02BEC96FF466187130B5868DCB70E56CEE25101A8889A1AEF3CFE60ECBE6DC6 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
15:34:41.0357 0x0d48  RTHDVCPL - ok
15:34:41.0371 0x0d48  [ 4B5F92605D77D07041D8C05955A4B0B3, BA8E2AB779CC4FCA64DB54452E4D8543AA91305BA448E41D04132E5B760FD0E4 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
15:34:41.0379 0x0d48  CDAServer - detected UnsignedFile.Multi.Generic ( 1 )
15:34:44.0062 0x0d48  Detect skipped due to KSN trusted
15:34:44.0063 0x0d48  CDAServer - ok
15:34:44.0065 0x0d48  BTMTrayAgent - ok
15:34:44.0084 0x0d48  [ F06F76C6D57022CF30D5B8853A8D873D, 4F373451A9D8CD16D2B4B339C730531936A993BDC819703C737E53384B79A289 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
15:34:44.0111 0x0d48  Acronis Scheduler2 Service - ok
15:34:44.0114 0x0d48  [ 5514B64F7F2D25E09E2FDAF5D62B688C, 43263715ADC49250762A01E41DB2832C6A8B63CE4F66CDD8FC0B51DCA031DF27 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
15:34:44.0120 0x0d48  IAStorIcon - ok
15:34:44.0126 0x0d48  [ A005676B30AEB3C7703C317D992B193A, 446155F3AB94BF33DB91E7C2C1EED57ED449D82710BFC96DFA07DBA1D346399E ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
15:34:44.0134 0x0d48  USB3MON - ok
15:34:44.0154 0x0d48  [ C1A86A6D6847DEFF009EAE85BA0C1F20, 7DC2A823FA281117B335B74876469C788A5C81534251179BE86F3FB35F1B6D67 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
15:34:44.0170 0x0d48  avgnt - ok
15:34:44.0178 0x0d48  [ 4AC6587E639CD5EAB5B657E7C1FBE680, 30FED733DA956D57016AB6570851E9B8A1C7711D0741EF14B792E3ECEB5AD035 ] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
15:34:44.0186 0x0d48  FreePDF Assistant - detected UnsignedFile.Multi.Generic ( 1 )
15:34:46.0866 0x0d48  Detect skipped due to KSN trusted
15:34:46.0866 0x0d48  FreePDF Assistant - ok
15:34:46.0904 0x0d48  [ 6001F7750D4CAA170862D38FEE8BC46F, 14E8886EBDE90D7E37B97E6200F55DEEFE252BB25FC8DB039842B56BFCD524F1 ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
15:34:46.0926 0x0d48  CanonQuickMenu - ok
15:34:46.0935 0x0d48  [ 247FD3171B3E08CFCC8ACB540818CA15, 7F1195A40187C04CEE532B258421A3422AACA16BE54FD55F12966DC00FDBDCC4 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
15:34:46.0946 0x0d48  IJNetworkScannerSelectorEX - ok
15:34:46.0950 0x0d48  [ 5100ADC704F2D6CE3DF8C0D5105D6C84, BD46EE57F881EDAB63A0540186D9471F4C70F3E4D72F1C52D72DD9BADF9E7334 ] C:\Program Files (x86)\PDF24\pdf24.exe
15:34:46.0957 0x0d48  PDFPrint - ok
15:34:46.0967 0x0d48  [ 5DAB9A0A2D2B4C7DBB5FD381CB2C2B0D, 67A9661B2AC5CFF9DCB3D0B76D617742B93190E6DE4D501565D4FC2E9993934C ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
15:34:46.0977 0x0d48  ConnectionCenter - ok
15:34:46.0981 0x0d48  [ F590FFAF1A12C4B4BE1BCCA29CCB10A2, 8F73820E7107AABD7A5F402D02D786725650311368F96024C92BB2F200BA2AEF ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
15:34:46.0988 0x0d48  Redirector - ok
15:34:47.0063 0x0d48  [ 34F837070B4DB119CF03B2749DBD4D8A, 3F8F1605B4F18998BD46A67704C1EE2956A66CC11DF307ED1088B54F080F45AA ] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
15:34:47.0138 0x0d48  TrueImageMonitor.exe - ok
15:34:47.0155 0x0d48  [ 9E864BC8914B0E2589B079210965C5B6, 1682736015F11994225778F6A3E1760B228FEC5BA8E33811470B6EC0410A8EDF ] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
15:34:47.0168 0x0d48  AcronisTibMounterMonitor - ok
15:34:47.0175 0x0d48  [ 2EA68E33DFF41A10F1BAB15FC3A28076, C971C009F36A87116FBE785E45EB7192EAD9BAF713C43C8A3AC643624144ECF9 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
15:34:47.0183 0x0d48  KiesTrayAgent - ok
15:34:47.0185 0x0d48  {BBBBDA83-58C9-473A-87F8-3BD4639590E1} - ok
15:34:47.0203 0x0d48  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:34:47.0225 0x0d48  Sidebar - ok
15:34:47.0228 0x0d48  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:34:47.0239 0x0d48  mctadmin - ok
15:34:47.0258 0x0d48  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:34:47.0280 0x0d48  Sidebar - ok
15:34:47.0284 0x0d48  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:34:47.0294 0x0d48  mctadmin - ok
15:34:47.0317 0x0d48  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
15:34:47.0343 0x0d48  Sidebar - ok
15:34:47.0367 0x0d48  [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
15:34:47.0389 0x0d48  GarminExpressTrayApp - ok
15:34:47.0393 0x0d48  [ DCF47773E046EE212D937D5CABEA5F4C, 6F04C524955E0E07C1C5AA438CBBE7B4213B6C6FCFF1E828A360F13366548F49 ] C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe
15:34:47.0397 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - detected UnsignedFile.Multi.Generic ( 1 )
15:34:50.0092 0x0d48  Detect skipped due to KSN trusted
15:34:50.0092 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - ok
15:34:50.0233 0x0d48  [ B0E08F135E64D4D9BE120E7236617875, B2DF285CD6A5C646614BBDA3655764DB67CA2F90F8B423484B15D095D70F099D ] C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe
15:34:50.0314 0x0d48  Amazon Music - ok
15:34:50.0341 0x0d48  [ 90E8F2383F7B38CA7980655C87A1A0B4, B62DA429E5514A308A96512E34DBDB58033C475E29B50EE6347066B2E5919888 ] C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe
15:34:50.0341 0x0d48  Suspicious file ( NoAccess ): C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe. md5: 90E8F2383F7B38CA7980655C87A1A0B4, sha256: B62DA429E5514A308A96512E34DBDB58033C475E29B50EE6347066B2E5919888
15:34:50.0343 0x0d48  rule-know - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
15:34:53.0081 0x0d48  rule-know ( Trojan-Spy.Win32.ZBot.gen ) - infected
15:34:53.0081 0x0d48  Force sending object to P2P due to detect: C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe
15:34:55.0846 0x0d48  Object send P2P result: true
15:34:58.0518 0x0d48  [ 36203FC1AA2EFDC2064925808784C5C8, 05D3B1107432F08B490CC8FB655F978E74406837E346BCFB20D8E5AACA94C3C1 ] C:\Users\SCHMIR~1\AppData\Local\Temp\Economyadapt\economy-encouraging.exe
15:34:58.0519 0x0d48  Suspicious file ( NoAccess ): C:\Users\SCHMIR~1\AppData\Local\Temp\Economyadapt\economy-encouraging.exe. md5: 36203FC1AA2EFDC2064925808784C5C8, sha256: 05D3B1107432F08B490CC8FB655F978E74406837E346BCFB20D8E5AACA94C3C1
15:34:58.0522 0x0d48  economy-earn - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
15:35:01.0205 0x0d48  economy-earn ( Trojan-Spy.Win32.ZBot.gen ) - infected
15:35:01.0205 0x0d48  Force sending object to P2P due to detect: C:\Users\SCHMIR~1\AppData\Local\Temp\Economyadapt\economy-encouraging.exe
15:35:03.0971 0x0d48  Object send P2P result: true
15:35:06.0646 0x0d48  [ 90E8F2383F7B38CA7980655C87A1A0B4, B62DA429E5514A308A96512E34DBDB58033C475E29B50EE6347066B2E5919888 ] C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe
15:35:06.0646 0x0d48  Suspicious file ( NoAccess ): C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe. md5: 90E8F2383F7B38CA7980655C87A1A0B4, sha256: B62DA429E5514A308A96512E34DBDB58033C475E29B50EE6347066B2E5919888
15:35:06.0650 0x0d48  rule-know - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
15:35:06.0650 0x0d48  rule-know ( Trojan-Spy.Win32.ZBot.gen ) - infected
15:35:06.0650 0x0d48  Force sending object to P2P due to detect: C:\Users\schmiro64\AppData\Local\Temp\Ruledisappointed\rule-bicycle.exe
15:35:09.0414 0x0d48  Object send P2P result: true
15:35:12.0088 0x0d48  [ 36203FC1AA2EFDC2064925808784C5C8, 05D3B1107432F08B490CC8FB655F978E74406837E346BCFB20D8E5AACA94C3C1 ] C:\Users\schmiro64\AppData\Local\Temp\Economyadapt\economy-encouraging.exe
15:35:12.0089 0x0d48  Suspicious file ( NoAccess ): C:\Users\schmiro64\AppData\Local\Temp\Economyadapt\economy-encouraging.exe. md5: 36203FC1AA2EFDC2064925808784C5C8, sha256: 05D3B1107432F08B490CC8FB655F978E74406837E346BCFB20D8E5AACA94C3C1
15:35:12.0092 0x0d48  economy-earn - detected Trojan-Spy.Win32.ZBot.gen ( 0 )
15:35:12.0092 0x0d48  economy-earn ( Trojan-Spy.Win32.ZBot.gen ) - infected
15:35:12.0092 0x0d48  Force sending object to P2P due to detect: C:\Users\schmiro64\AppData\Local\Temp\Economyadapt\economy-encouraging.exe
15:35:14.0861 0x0d48  Object send P2P result: true
15:35:17.0566 0x0d48  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
15:35:17.0592 0x0d48  Sidebar - ok
15:35:17.0617 0x0d48  [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
15:35:17.0640 0x0d48  GarminExpressTrayApp - ok
15:35:17.0644 0x0d48  [ DCF47773E046EE212D937D5CABEA5F4C, 6F04C524955E0E07C1C5AA438CBBE7B4213B6C6FCFF1E828A360F13366548F49 ] C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe
15:35:17.0648 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - detected UnsignedFile.Multi.Generic ( 1 )
15:35:17.0648 0x0d48  Detect skipped due to KSN trusted
15:35:17.0648 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - ok
15:35:17.0670 0x0d48  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
15:35:17.0696 0x0d48  Sidebar - ok
15:35:17.0720 0x0d48  [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
15:35:17.0743 0x0d48  GarminExpressTrayApp - ok
15:35:17.0747 0x0d48  [ DCF47773E046EE212D937D5CABEA5F4C, 6F04C524955E0E07C1C5AA438CBBE7B4213B6C6FCFF1E828A360F13366548F49 ] C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe
15:35:17.0751 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - detected UnsignedFile.Multi.Generic ( 1 )
15:35:17.0751 0x0d48  Detect skipped due to KSN trusted
15:35:17.0751 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - ok
15:35:17.0773 0x0d48  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
15:35:17.0799 0x0d48  Sidebar - ok
15:35:17.0822 0x0d48  [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
15:35:17.0845 0x0d48  GarminExpressTrayApp - ok
15:35:17.0849 0x0d48  [ DCF47773E046EE212D937D5CABEA5F4C, 6F04C524955E0E07C1C5AA438CBBE7B4213B6C6FCFF1E828A360F13366548F49 ] C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe
15:35:17.0853 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - detected UnsignedFile.Multi.Generic ( 1 )
15:35:17.0853 0x0d48  Detect skipped due to KSN trusted
15:35:17.0853 0x0d48  ApacheTomcatMonitor7.0_Tomcat7 - ok
15:35:17.0860 0x0d48  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.13.202 ), 0x41000 ( enabled : updated )
15:35:17.0862 0x0d48  Win FW state via NFP2: enabled ( trusted )
15:35:20.0523 0x0d48  ============================================================
15:35:20.0523 0x0d48  Scan finished
15:35:20.0523 0x0d48  ============================================================
15:35:20.0530 0x1f14  Detected object count: 4
15:35:20.0530 0x1f14  Actual detected object count: 4
15:35:46.0885 0x1f14  rule-know ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
15:35:46.0885 0x1f14  rule-know ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
15:35:46.0886 0x1f14  economy-earn ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
15:35:46.0886 0x1f14  economy-earn ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
15:35:46.0888 0x1f14  rule-know ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
15:35:46.0888 0x1f14  rule-know ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip 
15:35:46.0889 0x1f14  economy-earn ( Trojan-Spy.Win32.ZBot.gen ) - skipped by user
15:35:46.0889 0x1f14  economy-earn ( Trojan-Spy.Win32.ZBot.gen ) - User select action: Skip

Alt 17.10.2015, 14:57   #5
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


... und hier die FRST Addition.txt

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-10-2015
durchgeführt von schmiro64 (2015-10-17 09:33:06)
Gestartet von D:\_____xxx20151015
Windows 7 Professional Service Pack 1 (X64) (2012-12-31 16:12:22)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1582384673-2009952006-1762237435-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-1582384673-2009952006-1762237435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1582384673-2009952006-1762237435-1007 - Limited - Enabled)
internet1 (S-1-5-21-1582384673-2009952006-1762237435-1004 - Limited - Enabled) => C:\Users\internet1
petra64 (S-1-5-21-1582384673-2009952006-1762237435-1003 - Limited - Enabled) => C:\Users\petra64
schmiro64 (S-1-5-21-1582384673-2009952006-1762237435-1000 - Administrator - Enabled) => C:\Users\schmiro64
___VMware_Conv_SA___ (S-1-5-21-1582384673-2009952006-1762237435-1008 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Amazon Music (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version:  - )
Arcon 11 (HKLM-x32\...\{1923A3BE-1437-4C5A-A7FE-77D298B6DFCB}) (Version: 1.00.0000 - Eleco)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.4.0.8 - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.0.3 - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon MX920 series Benutzerregistrierung (HKLM-x32\...\Canon MX920 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.0.0.15 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DesignCAD 3D Max 21 (HKLM-x32\...\{90408D47-8AD3-4BE8-B176-E2CE2C794FFE}) (Version: 21.0.0 - IMSIDesign)
DesignSpark Mechanical 1.0 (HKLM\...\{724120B5-FF8C-4337-A7EF-3C1E0FB6B92F}) (Version: 8.1.2 - RS Components)
Easy Smart Configuration Utility (HKLM-x32\...\InstallShield_{2E6F915E-1948-49D0-B660-0F17C768E511}) (Version: 1.0.0.6 - TP-LINK)
Easy Smart Configuration Utility (x32 Version: 1.0.0.6 - TP-LINK) Hidden
EasyLog USB (HKLM-x32\...\{C6EAC902-F135-4DE1-A792-18459C9B1FB3}) (Version: 5.5.3 - Lascar Electronics Ltd.)
EasyLog USB Device (Driver Removal) (HKLM-x32\...\EL-USB&10C4&0002) (Version:  - Lascar Electronics Ltd.)
easyROUTES 3 GPS-Tourenplaner (HKLM-x32\...\easyROUTES 3 GPS-Tourenplaner_is1) (Version: 3 - REINER H. NITSCHKE Verlags-GmbH)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Frontplatten Designer (HKLM-x32\...\Frontplatten Designer) (Version: 4.4.2 - Schaeffer AG)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2016.10 (HKLM-x32\...\{53F166AF-9991-45CD-B917-384DDAA243A4}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HWiNFO64 Version 4.06 (HKLM\...\HWiNFO64_is1) (Version: 4.06 - Martin Malík - REALiX)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
IPCam Admin v3.0.28 (HKLM-x32\...\IPCam Admin Utility_is1) (Version:  - Edimax Technology Co., Ltd.)
IPCam Surveillance Software 3.0.3.5 (HKLM-x32\...\IPCam Surveillance Software_is1) (Version:  - Edimax Technology Co., Ltd.)
IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Liberta (HKLM-x32\...\{1EE5DCB1-E25C-44CB-8B32-EB063ED8EF73}) (Version: 1 - Weto)
LOGINventory5 (HKLM-x32\...\LOGINventory5) (Version: 5.11.0.5756 - Schmidt's LOGIN GmbH)
mb Software ArCon (HKLM-x32\...\ArCon) (Version:  - )
mb Software ArCon online (HKLM-x32\...\ArCon online) (Version:  - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Bluetooth (HKLM\...\Motorola Bluetooth_is1) (Version: 3.0.1.227 - Motorola, Inc.)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
Nero BurningROM 12 (HKLM-x32\...\{3D9F1904-15A3-4022-B619-FDF43021BE2F}) (Version: 12.5.01400 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.57 - NETGEAR Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version:  - )
Paragon Festplatten Manager™ 12 Professional (HKLM-x32\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuoVadis 7 (HKLM-x32\...\QuoVadis 7_is1) (Version: 7 - Flemming Software Development CC)
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.01.16.00 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung ML-2950 Series (HKLM-x32\...\Samsung ML-2950 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Sudoku (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\e3626db9ef6c8cdc) (Version: 4.8.2.0 - Clemens Pichl)
SurveillancePlugin (HKLM-x32\...\{FB90D390-FBD6-465D-A39D-CED6A7C3580D}) (Version: 1.0.0.581 - Synology)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.35436 Beta - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TFD128 (HKLM-x32\...\TFD128) (Version: 1.01 - ELV Elektronik AG)
TFD128 (x32 Version: 1.01 - ELV Elektronik AG) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.7 - VMware, Inc)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
VMware vCenter Converter Standalone (HKLM-x32\...\{2BCC4907-4205-4338-BDA5-94F183144C35}) (Version: 5.5.0.1362012 - VMware, Inc.)
VNC Viewer 5.0.5 (HKLM\...\RealVNCViewer_is1) (Version: 5.0.5 - RealVNC Ltd)
weblica - 3.6.3 (HKLM-x32\...\weblica) (Version: 3.6.3 - empros gmbh)
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\WinDirStat) (Version:  - )
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinImage (HKLM\...\WinImage) (Version:  - )
WinImage (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\WinImage) (Version:  - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
WOL2 (HKLM-x32\...\{1F951BBA-C582-4D59-9E07-8630E6245854}) (Version: 2.0 - Marko Oette (www.oette.info))
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1582384673-2009952006-1762237435-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Wiederherstellungspunkte =========================

14-10-2015 20:16:36 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {01A1C850-3C90-4FB6-B992-78F1024D95D4} - System32\Tasks\LOGINquiry5 Task => C:\_systools\install\LOGINventory5\LOGINquiry.exe [2013-11-29] (Schmidt's LOGIN GmbH)
Task: {04AC5F64-5100-4E3E-A542-2129F4E3EDC9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {1E5A82D7-1A9F-4B5A-B8C9-94C0E500E17E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3AA534D4-5DCE-4F04-841B-098423D78243} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {3B6EA404-86A1-4308-998E-6C7DD34E255A} - System32\Tasks\Paragon Archive name diff_241014190039002 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {4E6799E9-7C7F-4219-88BB-FE3B54CD48F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {6EB98E7C-2649-4D4C-8710-8ABA1DC1C425} - System32\Tasks\Paragon Archive name diff_150315172000766 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {7F0AD858-8FE3-43E7-A690-A02CC2B72E4A} - System32\Tasks\LOGINsert5 Task => C:\_systools\install\LOGINventory5\LOGINsert.exe [2013-11-29] (Schmidt's LOGIN GmbH)
Task: {8B77CBDE-6F4F-4BD5-9583-16C4B7D50A06} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {8E731F31-C3E2-46A9-A37D-3A38A3111FB7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {903B12F1-44AB-4346-A993-A4E159CF4A16} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {95DFCFDA-E7BC-436F-B74F-7FA321D4D406} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {A1357EB8-7472-48C6-A023-4B3F25A26D95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {BA458291-3E36-44F9-8D71-24503D450618} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {C60D38D9-4383-477A-88E5-77FE64F8431D} - System32\Tasks\Paragon Archive name diff_150315152607576 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {C8008792-A5C4-4F1C-94DC-B90181179B2D} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {D5246ACB-B4EF-4F73-AE38-F3D1EA3DEEB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {DEBCABFE-DB1F-48AC-AE75-C460E80EFF86} - System32\Tasks\Paragon Archive name diff_250115191339836 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {E577C9EE-7DD6-43A7-BADE-E1124AF51CB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {F809BAD6-9659-4082-A065-30EB19C09A25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {FCF6CB30-A9EA-4694-A3EE-AB5681A98C5A} - System32\Tasks\CrystalDiskInfo => C:\_systools\noinstall\diskinfo\DiskInfo.exe [2012-09-25] (Crystal Dew World)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LOGINquiry5 Task.job => C:\_systools\install\LOGINventory5\LOGINquiry.exe
Task: C:\Windows\Tasks\LOGINsert5 Task.job => C:\_systools\install\LOGINventory5\LOGINsert.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_150315152607576.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_150315153003888.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_150315172000766.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_150315172131567.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_241014190039002.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_241014190315882.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_250115191339836.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_250115191555603.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2013-02-16 21:56 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-01-05 18:54 - 2011-04-01 05:30 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2012-06-01 11:42 - 2012-06-01 11:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-03-19 19:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-25 03:28 - 2014-02-25 03:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2015-03-29 12:29 - 2015-03-29 12:29 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-04-14 18:02 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2007-05-16 11:39 - 2007-05-16 11:39 - 00385096 _____ () C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItShellExt64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\_systools\install\Notepad++\NppShell_05.dll
2010-12-17 19:13 - 2010-12-17 19:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 19:13 - 2010-12-17 19:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-06-27 21:41 - 2015-07-21 07:02 - 05887808 _____ () C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe
2013-01-03 12:36 - 2015-10-17 09:13 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-01-03 12:36 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-10-07 19:44 - 2013-10-07 19:44 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-10-07 19:43 - 2013-10-07 19:43 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-10-07 19:42 - 2013-10-07 19:42 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2015-06-24 14:28 - 2015-06-24 14:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-01-03 12:39 - 2012-05-17 12:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2013-01-03 12:39 - 2012-07-05 13:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00037696 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 11:44 - 2014-11-27 11:44 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2013-01-03 12:37 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-01-03 12:37 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-01-03 12:37 - 2012-03-21 13:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-01-03 12:38 - 2012-06-19 13:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-01-03 12:39 - 2012-07-25 10:56 - 01124864 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2013-01-03 12:39 - 2012-07-20 10:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-01-03 12:37 - 2012-05-25 11:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-01-03 12:37 - 2012-05-28 22:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-01-03 12:37 - 2011-09-19 21:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-01-03 12:37 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-01-03 12:37 - 2011-10-14 21:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-01-03 12:36 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-01-03 12:37 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-01-03 12:37 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-10-21 22:39 - 2014-10-21 22:39 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-12-31 18:27 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-12-31 18:49 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\TEMP:4878DF65
AlternateDataStreams: C:\Users\schmiro64\Downloads\Terminfindung Alm-Sommerfest (via Doodle).eml:OECustomProperty

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SCHMIR~1\AppData\Local\Temp\BGInfo.bmp
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FF48EF72-8538-4291-8711-97225BED3E59}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{0D21665D-894F-48DF-9463-4F1BD3496C41}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{BC238D54-0C43-4E66-A4D3-9001A7B9D1A1}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{FF2CF3E2-52B4-428A-915C-878CF642D691}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7DDCC9B7-6238-4C70-A3EF-BE8D5645E0E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1ECD3D32-4D8A-404D-9995-01A26645121A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{18E0CA2C-2E5A-43DD-B8E3-9E7DB48CA9F8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{BE711326-3994-4F90-A58A-1C73479A9CDC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{22237E1C-31E1-486E-999C-D49BF849A1C2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F9E3902F-7AB8-4D16-82AA-2C3953486A92}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E9D5FC16-F721-43CE-AE7E-3EE4487CCFB6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{C8AC91C5-9350-40CE-8C5F-4B407BCABC69}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [TCP Query User{BD673F55-36B1-4895-A052-F1442A07F296}C:\_systools\install\iometer 2006.07.27\iometer.exe] => (Block) C:\_systools\install\iometer 2006.07.27\iometer.exe
FirewallRules: [UDP Query User{D259A41B-DAF1-4612-B89D-DCA17D5EB5BA}C:\_systools\install\iometer 2006.07.27\iometer.exe] => (Block) C:\_systools\install\iometer 2006.07.27\iometer.exe
FirewallRules: [TCP Query User{E2417FD7-DFDC-4EA3-804D-58FE5DEABE7E}C:\_systools\install\iometer 2006.07.27\dynamo.exe] => (Block) C:\_systools\install\iometer 2006.07.27\dynamo.exe
FirewallRules: [UDP Query User{D9A0C0F4-086E-4E51-9D35-4E55653A00D4}C:\_systools\install\iometer 2006.07.27\dynamo.exe] => (Block) C:\_systools\install\iometer 2006.07.27\dynamo.exe
FirewallRules: [{B1396C91-18E4-48F1-9B83-3A5E7BC9EE79}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{25887B28-4FB8-4B5F-A41D-B0F41C88E15B}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{70038333-4DE1-43B4-A78D-5CE490E844A9}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{9627FB85-C35A-4D09-B13E-34F24C236380}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [TCP Query User{1C1E2064-CA16-4865-BE47-3F8F8347545F}C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe] => (Allow) C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe
FirewallRules: [UDP Query User{17F13603-646A-49ED-B052-33EB0F668EA9}C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe] => (Allow) C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe
FirewallRules: [TCP Query User{5BFA71A5-BB33-4E41-BFFD-AE78688B36AF}C:\program files (x86)\internet camera\admin\admin.exe] => (Allow) C:\program files (x86)\internet camera\admin\admin.exe
FirewallRules: [UDP Query User{F96A49AF-E9D7-4E96-9701-0A0AF44C4EB9}C:\program files (x86)\internet camera\admin\admin.exe] => (Allow) C:\program files (x86)\internet camera\admin\admin.exe
FirewallRules: [{C0368BE4-EF0F-48F3-A794-DEDDE25D3346}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{172353F1-A67C-4532-998A-9B7BE29BFF5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B379267E-6D10-4BEE-B90A-B90763BAA985}C:\program files (x86)\internet camera\viewer\ipcamviewer.exe] => (Allow) C:\program files (x86)\internet camera\viewer\ipcamviewer.exe
FirewallRules: [UDP Query User{19F3762D-BBA5-47B3-A92C-67ADB1CC0F8A}C:\program files (x86)\internet camera\viewer\ipcamviewer.exe] => (Allow) C:\program files (x86)\internet camera\viewer\ipcamviewer.exe
FirewallRules: [{25B04C38-73FD-44B9-B0E2-A125A679F409}] => (Allow) LPort=9089
FirewallRules: [{4CC39688-752D-4423-816B-260786680748}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{A14CEDE7-FACB-49C3-80EC-E30414795161}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [UDP Query User{676F8AE7-3D78-47B8-A289-BB51282CBA2C}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{D42F5EDD-EF7D-45EB-A0F7-0198CA0256CE}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{791E2BF4-4611-48C5-BD7A-946EF1AC9C2B}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [TCP Query User{C5E76871-90B1-49D0-BAC5-B54266C8D9FB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{F9BEFA55-B9C0-4933-BF09-1D150CC1253D}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{074095A2-C368-4653-AECE-8886BAC9384A}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{9EFB92AE-6D9B-447E-A9EA-86A0E57FD2B1}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{84613AAF-CE75-4CD0-9FAA-AF6AD4BBE489}C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe] => (Allow) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [UDP Query User{E77964A6-5B67-424D-A7E4-BA59B6A41ABE}C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe] => (Allow) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{A612FC5A-B547-4956-8B76-CF4D62573420}] => (Block) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{E9CD8A27-EB8D-47FC-9C27-B1F50DCB649F}] => (Block) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{A50AD72F-3D86-47E1-8A55-96196C4FD3F2}] => (Allow) C:\Program Files (x86)\weblica\weblica.exe
FirewallRules: [TCP Query User{31BF2F95-48C2-4279-81EF-458ECB47845D}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{181D3B85-9C42-4B20-AA19-5E909D6834CF}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{FF432F6D-8482-4F27-9846-3FBF88D9378C}C:\program files (x86)\ipcamsetup\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamsetup\ipcamera.exe
FirewallRules: [UDP Query User{574AA6B4-EF4D-4AA7-90A3-BBAFD0966DF5}C:\program files (x86)\ipcamsetup\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamsetup\ipcamera.exe
FirewallRules: [TCP Query User{23670CED-F98A-44B9-8100-790C6CF21FEF}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [UDP Query User{5BA67960-1A98-4FC3-8754-6E998A2C6927}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [TCP Query User{8EBF9044-5F63-4C10-B1CB-2421874EFF01}C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D5FA4231-7192-4317-B40B-F4AAAE292F69}C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe
FirewallRules: [{0D58F267-3810-4B8E-A672-F98212B48B8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{61DE1F8F-C09E-4A44-8B8A-7F23F94EEDB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1822B277-90CA-4B76-873F-D0F66268F6FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A742E651-BDB1-42CB-8E88-24ED7A35077A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{807C8314-A2F6-4025-82D7-396898C37E63}D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe] => (Allow) D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe
FirewallRules: [UDP Query User{8D3F7915-AF1E-42EA-9146-EC1B54B35B7F}D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe] => (Allow) D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe
FirewallRules: [{805EF35B-673B-41F5-A20F-B19E080E5DAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D5B84E2-8EA8-490E-B438-D98CE9AEE71B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{72E94DBA-BF25-4F3E-A897-94F4D643915D}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{E11378B6-A84C-462C-8EEF-73F01E532E08}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{AF81C75D-0278-4D38-97DF-6604F4ED86D8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B48C2087-2C1C-4399-9E96-A0E065CFA879}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6D3DAC28-F25B-4933-B055-EA5F9F4F2F5F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A851D3BF-AA28-42EC-AED8-6B0E49D66F08}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6FE2874D-8C62-428B-994B-B71FA187EB6C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F8BF7E63-924C-49A7-BBAE-48273F381AC1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{AA9F3695-4683-4076-91B0-B61A0B440E0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1BBF8DDB-2E15-46B5-A643-9F506E61B2DE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9FEB803E-9B4C-49D1-B36D-2B16B20F8F51}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{ADA56AF9-627D-453C-8C42-BA4B38E8E86B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{A2B3CEA9-2A7D-400A-A96C-857F0ADCCB0C}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [UDP Query User{9F04CBC0-4C60-4CC6-A274-3EA2F5ED5976}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [{12F47A83-C4B7-4712-8397-A84CED9226ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/17/2015 09:13:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2015 11:34:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2015 11:32:06 PM) (Source: VSS) (EventID: 12298) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (10/16/2015 11:32:06 PM) (Source: VSS) (EventID: 12310) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{45a7dc49-5364-11e2-b921-806e6f6e6963} - 0000000000000068,0x0053c010,000000000038E1A0,0,00000000003CBFD0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (10/16/2015 11:24:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2015 11:23:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (10/16/2015 11:23:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (10/16/2015 08:18:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/16/2015 08:17:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (10/16/2015 08:17:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.


Systemfehler:
=============
Error: (10/16/2015 11:23:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (10/16/2015 11:21:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 11:21:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 08:19:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


CodeIntegrity:
===================================
  Date: 2015-01-05 23:30:23.891
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:30:23.888
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:30:23.885
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:30:23.882
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:29:01.459
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:29:01.348
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:29:01.235
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:29:01.124
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:29:00.989
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rsaenh.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-05 23:29:00.978
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rsaenh.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 7879.35 MB
Verfügbarer physikalischer RAM: 5122.45 MB
Summe virtueller Speicher: 15756.9 MB
Verfügbarer virtueller Speicher: 12898.33 MB

==================== Laufwerke ================================

Drive c: (win764_c) (Fixed) (Total:111.69 GB) (Free:16.2 GB) NTFS
Drive d: (win764_d) (Fixed) (Total:250 GB) (Free:103.48 GB) NTFS
Drive e: (win764_e) (Fixed) (Total:500 GB) (Free:78.17 GB) NTFS
Drive f: (win764_f) (Fixed) (Total:500 GB) (Free:150.69 GB) NTFS
Drive g: (win764_g) (Fixed) (Total:500 GB) (Free:115.36 GB) NTFS
Drive j: (win764_j) (Fixed) (Total:113.01 GB) (Free:73.12 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3EF9CA37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D6F332BB)
Partition 1: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=613 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================


Alt 17.10.2015, 15:05   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


TDSS Killer nochmal starten und Funde entfernen lassen.
__________________
--> Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761

Alt 17.10.2015, 15:50   #7
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Wichtige Online-Passwörter von einem anderen PC oder Handy ändern. Bis zum clean keine sensiblen Logins mehr von diesem PC.

Anschließend:

Schritt 1

Echtzeitschutz des Virenscanners abschalten.



Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 17.10.2015, 18:59   #8
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Hallo Juergen,

ich habe Combofix ausgeführt.

Am Ende gibt es aber eine Fehlermeldung in einem PopUp:
"Unable to create a backup of the current registry file c:\windows\system32\config\SYSTEM!
Continue restoration of this file ?"
Auswahl Button: JA oder NEIN.

Im Fenster von CombiFix steht derweil: "Starte Windows neu ... Bitte warten.
Bitte lasse ComboFx deinen PC neustarten.
WARNUNG ! Führe keinen manuellen Neustart der Maschine durch."

Kennst du das ?
Habe ich was falsch gemacht ?


Herzlicher Gruss
schmiro

PS: Mein AVIRA Echtzeitscanner ist deaktiviert.

Alt 17.10.2015, 19:01   #9
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Nö hast nichts falsch gemacht. Ist Combofix denn durchgelaufen und hat ein Log erstellt?
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 17.10.2015, 19:27   #10
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Hallo Juergen,


Zitat:
Ist Combofix denn durchgelaufen und hat ein Log erstellt?
ComboFix ist gelaufen in einem blauen CMD Fenster. Ob bis zum Ende bin ich nicht sicher.
Bis zum Autoscan ist er gekommen. Siehe Screemshot von Combofix Website: hxxp://www.bleepstatic.com/download/screenshots/c/combofix/tn/still-scanning-showing-stag.jpg

Danach kam in diesem Fenster wie gesagt:
""Starte Windows neu ... Bitte warten.
Bitte lasse ComboFx deinen PC neustarten.
..."
Und darüber das PopUp mit der Fehlermeldung und der Frage mit Auswahl JA/NEIN.
Soll ich da JA oder NEIN auswählen ?

Ich habe eine ComboFix.txt gefunden.

Aber nicht direkt unter c:/combofix.txt sondern erst durch die Windows Suchfunktion habe ich sie gefunden. Sie liegt im Verzeichnis c:\combofix. Das komische ist nur dass wenn ich direkt über den WindowsExplorer dort reinklicke nur meine ganzen Laufwerke sehe.
Wenn ich über die Suchfunktion gehe und dann über "Dateipfad öffnen" gehe, komme ich in das gleiche Verzeichnis c:\combofix und jetzt sind jede Mende Dateien zu sehen.
Komisch, komisch,...


Herzlicher Gruss
schmiro

ComboFix.txt:
Code:
ATTFilter
ComboFix 15-10-15.01 - schmiro64 17.10.2015  19:48:36.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.7879.4586 [GMT 2:00]
ausgeführt von:: C:\Users\schmiro64\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
Geändert von schmiro (17.10.2015 um 19:37 Uhr)

Alt 17.10.2015, 19:41   #11
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


OK. Dann poste jetzt neue FRST-Logs.

Schritt 1



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 17.10.2015, 19:53   #12
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Hallo Juergen,

Zitat:
Und darüber das PopUp mit der Fehlermeldung und der Frage mit Auswahl JA/NEIN.
Soll ich da JA oder NEIN auswählen ?
Wie soll ich da jetzt weiter machen ? Ja oder Nein auswählen ?

sorry wenn ich frage, aber ich bin unsicher.

Herzlicher Gruss
schmiro

Alt 17.10.2015, 19:54   #13
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Ach so, dann läuft Combofix noch. Wähle Nein und warte ab.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 17.10.2015, 20:16   #14
schmiro
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Hallo Juergen,


also ComboFix ist jetzt durchgelaufen und hat den PC neu gestartet.

Allerdings war der Desktop-Hintergrund komplett in schwarz. Auch keine Icons rechts unten in der Taskleiste von allen sonst per autostart geladenen Programmen. sieht so aus als wenn die gar nicht mehr geladen werden.
Hat das ComboFix alles gemacht ?

Wär kein Problem. Hauptsache der Virus ist weg.

Jetzt findet sich auch eine c:\combofix.txt. Siehe unten.

Herzlicher Gruss
Ralf


Code:
ATTFilter
Combofix Logfile:


	
Code: 

 
ATTFilter


  

	
ComboFix 15-10-15.01 - schmiro64 17.10.2015  19:48:36.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.7879.4586 [GMT 2:00]
ausgeführt von:: c:\users\schmiro64\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\WIN764.txt
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-09-17 bis 2015-10-17  ))))))))))))))))))))))))))))))
.
.
2015-10-17 17:51 . 2015-10-17 17:51	--------	d-----w-	c:\users\petra64\AppData\Local\temp
2015-10-17 17:51 . 2015-10-17 17:51	--------	d-----w-	c:\users\internet1\AppData\Local\temp
2015-10-17 13:31 . 2015-10-17 13:31	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-10-17 07:32 . 2015-10-17 07:33	--------	d-----w-	C:\FRST
2015-10-14 18:03 . 2015-08-06 18:04	14176768	----a-w-	c:\windows\system32\shell32.dll
2015-10-14 18:03 . 2015-08-06 18:03	1866752	----a-w-	c:\windows\system32\ExplorerFrame.dll
2015-10-14 18:03 . 2015-08-06 17:44	1498624	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2015-10-14 18:03 . 2015-09-01 18:14	503296	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 18:03 . 2015-09-01 18:14	1247232	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 18:03 . 2015-09-01 18:14	110592	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 18:03 . 2015-09-01 18:13	224768	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 18:03 . 2015-09-01 18:12	544768	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 18:03 . 2015-09-01 17:52	348672	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 18:03 . 2015-09-01 17:52	10240	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-10-14 18:01 . 2015-10-01 18:06	692672	----a-w-	c:\windows\system32\winload.efi
2015-10-06 13:17 . 2015-10-06 13:17	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-14 18:18 . 2013-01-03 10:24	143481208	----a-w-	c:\windows\system32\MRT.exe
2015-10-04 11:08 . 2013-01-03 10:04	780488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-04 11:08 . 2013-01-03 10:04	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-29 02:58 . 2015-10-14 18:02	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-09-22 20:48 . 2013-05-07 16:49	74952	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-09-22 20:48 . 2013-03-27 19:09	163544	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-09-11 23:47 . 2013-10-24 17:47	632432	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-09-02 03:04 . 2015-09-08 21:30	41984	----a-w-	c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-08 21:30	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-08 21:30	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-08 21:30	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-08 21:30	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-08 21:30	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-08 21:30	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-08 21:30	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-08 21:30	3209216	----a-w-	c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-08 21:30	372736	----a-w-	c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-08 21:30	299520	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-08 21:30	2004480	----a-w-	c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-08 21:30	1887232	----a-w-	c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-08 21:30	2048	----a-w-	c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-08 21:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-08 21:30	1391104	----a-w-	c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-08 21:30	1241088	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-08 21:30	2048	----a-w-	c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-08 21:30	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-08-21 20:51 . 2015-08-21 20:51	248648	----a-w-	c:\windows\system32\drivers\tib_mounter.sys
2015-08-21 20:51 . 2015-03-15 18:21	1058632	----a-w-	c:\windows\system32\drivers\tib.sys
2015-08-05 17:56 . 2015-09-08 21:32	1110016	----a-w-	c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-08 21:32	24576	----a-w-	c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-08 21:32	275456	----a-w-	c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-08 21:32	216064	----a-w-	c:\windows\SysWow64\InkEd.dll
2015-08-01 14:04 . 2013-03-27 19:09	141416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-07-30 18:06 . 2015-08-11 18:43	1648128	----a-w-	c:\windows\system32\DWrite.dll
2015-07-30 18:06 . 2015-08-11 18:43	1180160	----a-w-	c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-11 18:43	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2015-07-30 17:57 . 2015-08-11 18:43	1251328	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-07-30 17:57 . 2015-08-11 18:43	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2015-07-30 13:13 . 2015-08-11 21:09	103120	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-30 13:13 . 2015-08-11 21:09	124624	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-23 00:02 . 2015-09-08 21:30	1390592	----a-w-	c:\windows\system32\diagtrack.dll
2015-07-23 00:02 . 2015-09-08 21:30	879104	----a-w-	c:\windows\system32\tdh.dll
2015-07-23 00:02 . 2015-09-08 21:30	879104	----a-w-	c:\windows\system32\advapi32.dll
2015-07-22 17:53 . 2015-09-08 21:30	635392	----a-w-	c:\windows\SysWow64\tdh.dll
2015-07-22 17:53 . 2015-09-08 21:30	641536	----a-w-	c:\windows\SysWow64\advapi32.dll
2015-07-22 16:48 . 2015-09-08 21:30	41984	----a-w-	c:\windows\system32\UtcResources.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-11 23:47	1733240	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-11 23:47	1733240	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-11 23:47	1733240	----a-w-	c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-09-11 1403192]
"ApacheTomcatMonitor7.0_Tomcat7"="c:\program files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" [2013-10-18 104448]
"Amazon Music"="c:\users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2015-07-21 5887808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-09-22 782520]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2013-03-14 373760]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-08-31 452272]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-12-12 186408]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2014-11-27 407904]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2014-11-27 153952]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2015-07-20 5380368]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2015-07-19 693336]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2015-07-27 311616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-09-11 1403192]
.
c:\users\schmiro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Bginfo.exe - Verknüpfung.lnk - c:\_systools\noinstall\BGInfo\Bginfo.exe [2009-9-30 844648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SnagIt 8.lnk - c:\program files (x86)\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-16 6395464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 bmdrvr;Modified Clusters Tracking Driver;SysWOW64\drivers\bmdrvr.sys;SysWOW64\drivers\bmdrvr.sys [x]
R3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys;c:\windows\SYSNATIVE\DRIVERS\GenBus.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NUS_Bus;Network USB Server Bus;c:\windows\system32\DRIVERS\NUS_Bus.sys;c:\windows\SYSNATIVE\DRIVERS\NUS_Bus.sys [x]
R3 NUServer64;Network USB Server Device ;c:\windows\system32\DRIVERS\NUServer64.sys;c:\windows\SYSNATIVE\DRIVERS\NUServer64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Tomcat7;Apache Tomcat 7.0 Tomcat7;c:\program files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe;c:\program files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\system32\drivers\HWiNFO64A.SYS;c:\windows\SYSNATIVE\drivers\HWiNFO64A.SYS [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S2 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S2 UsbClientService;UsbClientService;c:\program files (x86)\Synology\Assistant\UsbClientService.exe;c:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [x]
S2 vmware-converter-server;VMware vCenter Converter Standalone Server;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe;c:\program files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NPF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-16 21:39	997704	----a-w-	c:\program files (x86)\Google\Chrome\Application\46.0.2490.71\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15 15:07]
.
2015-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15 15:07]
.
2014-01-20 c:\windows\Tasks\LOGINquiry5 Task.job
- c:\_systools\install\LOGINventory5\LOGINquiry.exe [2013-11-29 15:09]
.
2014-01-20 c:\windows\Tasks\LOGINsert5 Task.job
- c:\_systools\install\LOGINventory5\LOGINsert.exe [2013-11-29 15:09]
.
2015-03-28 c:\windows\Tasks\Paragon Archive name diff_150315152607576.job
- c:\program files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01 14:21]
.
2015-03-28 c:\windows\Tasks\Paragon Archive name diff_150315172000766.job
- c:\program files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01 14:21]
.
2015-03-16 c:\windows\Tasks\Paragon Archive name diff_241014190039002.job
- c:\program files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01 14:21]
.
2015-03-16 c:\windows\Tasks\Paragon Archive name diff_250115191339836.job
- c:\program files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01 14:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-09-11 08:26	2340472	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-09-11 08:26	2340472	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-09-11 08:26	2340472	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2014-09-09 09:05	2832680	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2014-09-09 09:05	2832680	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2014-09-09 09:05	2832680	----a-w-	c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-31 20451592]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2014-08-14 571192]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{AA160C9A-E0F5-4D8C-9654-DBEF5B5C7961}: NameServer = 192.168.1.1
Handler: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - c:\_systools\install\LOGINventory5\LoginProtocolHandler.dll
FF - ProfilePath - c:\users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-35996908.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ArCon - c:\windows\IsUn0407.exe
AddRemove-ArCon online - c:\windows\IsUn0407.exe
AddRemove-EL-USB&10C4&0002 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\EL-USB&10C4&0002
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\SYSWOW64\VMNAT.EXE
c:\windows\SYSWOW64\VMNETDHCP.EXE
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-10-17  21:00:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-10-17 19:00
.
Vor Suchlauf: 16 Verzeichnis(se), 19.389.374.464 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 18.801.942.528 Bytes frei
.
- - End Of File - - 1C65C7717C7A79A398F78F6A9626F031
         
 
--- --- ---

Alt 17.10.2015, 20:20   #15
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Standard

Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


Hallo Ralf,

mache bitte so weiter:

Schritt 1

  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.


Schritt 2



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort
Seite 1 von 2 1 2

Themen zu Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761
antivir, avira, canon, computer, converter, desktop, dnsapi.dll, email, firefox, homepage, internet, mozilla, netgear, problem, prozesse, realtek, registry, rundll, scan, services.exe, software, svchost.exe, synology, system, tr/vundo.gen, usb, virus, windows


« Firefox: unerwünschte Werbebanner überall,öffnet selbstständig neue Tabs z.B.zu ReimageRepair Windows7 | Email Online24 Pay geöffnet - Zip runtergeladen »


Ähnliche Themen: Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761


  1. Windows 8.1, Avira EU-Cleaner findet TR/Trustezeb.86528
    Plagegeister aller Art und deren Bekämpfung - 06.08.2015 (10)
  2. Avira Free erkennt TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (3)
  3. Windows 7: Avira findet TR/Crypt.ZPACK.174803
    Log-Analyse und Auswertung - 31.05.2015 (2)
  4. WIN7: Avira Funde TR/Trustezeb.118785 und TR/Crypt.ZACK.128114
    Log-Analyse und Auswertung - 08.04.2015 (21)
  5. Avira Free Antivirus findet ' TR/Crypt.ZPACK.93528 '
    Plagegeister aller Art und deren Bekämpfung - 17.11.2014 (11)
  6. AVIRA meldet TR/Crypt.ZPACK.96184 & Win7 64BitPro RegSvr32 Fehler
    Plagegeister aller Art und deren Bekämpfung - 13.09.2014 (11)
  7. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  8. Avira: TR/Crypt.ZPACK.Gen2 in C:\Windows\Explorer.EXE -> Bluescreen Win7
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (11)
  9. Avira findet 'TR/Crypt.ZPACK.Gen' und 'TR/Agent.53248.57'
    Log-Analyse und Auswertung - 23.10.2012 (9)
  10. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  11. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  12. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  13. Svchost.exe lastet CPU zu fast 100% aus / AntiVir findet 'TR/Crypt.ZPACK.Gen'
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (8)
  14. Diverse Viren => TR/Vundo.Gen, TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (1)
  15. Antivir findet TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  16. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  17. AVIRA findet Malware: TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 06.12.2009 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 - Hallo Trojaner-Board, vor 2 Tagen habe ich mir wohl einen Virus oder Trojaner eingefangen und würde gerne eure Hilfe in Anspruch nehmen. Ich habe blöderweise den Anhang einer email wegen - Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761...
Archiv
Du betrachtest: Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131