| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
17.10.2015, 20:57
| #1 |
 |  Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, anbei die Logs von MBAM und FRST Herlicher Gruss Ralf MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 17.10.2015 Suchlaufzeit: 21:42 Protokolldatei: mbam_20151017_2150.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.10.17.04 Rootkit-Datenbank: v2015.10.16.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: schmiro64 Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 476040 Abgelaufene Zeit: 6 Min., 30 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Deaktiviert Rootkits: Aktiviert Heuristik: Deaktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-10-2015 durchgeführt von schmiro64 (Administrator) auf WIN764 (17-10-2015 21:53:43) Gestartet von D:\_____xxx20151015 Geladene Profile: schmiro64 & (Verfügbare Profile: schmiro64 & petra64 & internet1 & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe (Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] () HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [571192 2014-08-14] (Acronis) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782520 2015-09-22] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5380368 2015-07-20] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [693336 2015-07-20] (Acronis International GmbH) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.) Winlogon\Notify\igfxcui: igfxdev.dll [X] HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Run: [Amazon Music] => C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] () HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] () HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Amazon Music] => C:\Users\schmiro64\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] () HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [ApacheTomcatMonitor7.0_Tomcat7] => C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe [104448 2013-10-18] (Apache Software Foundation) HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {2cecf5cc-5367-11e2-bfc9-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {45a7dc50-5364-11e2-b921-806e6f6e6963} - H:\.\Bin\ASSETUP.exe HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\MountPoints2: {479fb6ff-c967-11e2-b0e7-50465db51cac} - K:\LGAutoRun.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SnagIt 8.lnk [2014-06-08] ShortcutTarget: SnagIt 8.lnk -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation) Startup: C:\Users\schmiro64\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bginfo.exe - Verknüpfung.lnk [2013-03-23] ShortcutTarget: Bginfo.exe - Verknüpfung.lnk -> C:\_systools\noinstall\BGInfo\Bginfo.exe (Sysinternals) GroupPolicyScripts: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\..\Interfaces\{AA160C9A-E0F5-4D8C-9654-DBEF5B5C7961}: [NameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll [2007-05-16] (TechSmith Corporation) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28] (CANON INC.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-22] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-22] (Oracle Corporation) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-16] (TechSmith Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28] (CANON INC.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-12] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28] (CANON INC.) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28] (CANON INC.) Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-16] (TechSmith Corporation) Handler-x32: li5bin - {1E39F80A-E02D-40CC-AA23-9620BC3F2A0B} - C:\_systools\install\LOGINventory5\LoginProtocolHandler.dll [2013-11-29] (Schmidt's LOGIN GmbH) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-04] () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.581\npSurveillancePlugin_x86_64.dll [2015-07-22] (Synology) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-04] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.) FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.581\npSurveillancePlugin.dll [2015-07-22] (Synology) FF Extension: O2CPlayer Plugin - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\o2cplayer@eleco.com [2015-03-10] FF Extension: Garmin Communicator - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-14] FF Extension: Firebug - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\firebug@software.joehewitt.com.xpi [2013-02-13] FF Extension: FirePath - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\FireXPath@pierre.tholence.com.xpi [2013-02-13] FF Extension: NoScript - C:\Users\schmiro64\AppData\Roaming\Mozilla\Firefox\Profiles\kfgrd4bd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-03] Chrome: ======= CHR Profile: C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-15] CHR Extension: (Google Docs) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-15] CHR Extension: (Google Drive) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-15] CHR Extension: (YouTube) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-15] CHR Extension: (Google-Suche) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-15] CHR Extension: (Google Tabellen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-15] CHR Extension: (Google Text & Tabellen Offline) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-20] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-15] CHR Extension: (Google Mail) - C:\Users\schmiro64\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-15] ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [932912 2015-09-22] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-09-22] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG) R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] () R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.) R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [1475744 2012-05-25] (ASUSTeK Computer Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [647680 2014-11-23] (Macrovision Europe Ltd.) [Datei ist nicht signiert] R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2014-11-23] (Macrovision Europe Ltd.) [Datei ist nicht signiert] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries) R3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [Datei ist nicht signiert] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-12-15] (NETGEAR) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5405456 2014-11-12] (TeamViewer GmbH) S3 Tomcat7; C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [80896 2013-10-18] (Apache Software Foundation) [Datei ist nicht signiert] R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2014-02-25] () R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479312 2013-10-07] (VMware, Inc.) R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.) R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479312 2013-10-07] (VMware, Inc.) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.) S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] () R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] () R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-09-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-08-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-09-22] (Avira Operations GmbH & Co. KG) S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-08-28] (VMware, Inc.) S3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [40960 2010-03-01] (Motorola, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-03-15] (Acronis International GmbH) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [30592 2013-01-07] (REALiX(tm)) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 NUServer64; C:\Windows\System32\DRIVERS\NUServer64.sys [240128 2010-09-17] ( ) [Datei ist nicht signiert] R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-08-21] (Acronis International GmbH) R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-08-21] (Acronis International GmbH) R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90928 2012-03-01] (Windows (R) 2000 DDK provider) R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [632752 2012-03-01] (Paragon) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.) S3 WIMMount; G:\ctnot\Projects\Tools\Win8PESE\X64\wimmount.sys [40392 2012-07-25] (Microsoft Corporation) S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X] S3 NUS_Bus; system32\DRIVERS\NUS_Bus.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-17 21:29 - 2015-10-17 21:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-10-17 21:28 - 2015-10-17 21:28 - 00001114 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-10-17 21:28 - 2015-10-17 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-10-17 21:28 - 2015-10-17 21:28 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-10-17 21:28 - 2015-10-17 21:28 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-10-17 21:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-10-17 21:28 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-10-17 21:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-10-17 20:15 - 2015-10-17 21:00 - 00033877 _____ C:\ComboFix.txt 2015-10-17 19:47 - 2015-10-17 21:00 - 00000000 ____D C:\Qoobox 2015-10-17 19:47 - 2015-10-17 20:57 - 00000000 ____D C:\Windows\erdnt 2015-10-17 19:47 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2015-10-17 19:47 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2015-10-17 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2015-10-17 19:47 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2015-10-17 19:45 - 2015-10-17 19:45 - 05636101 ____R (Swearware) C:\Users\schmiro64\Desktop\ComboFix.exe 2015-10-17 15:52 - 2015-10-17 15:52 - 00000000 _____ C:\Users\schmiro64\Desktop\Neues Textdokument (2).txt 2015-10-17 15:31 - 2015-10-17 15:31 - 00000000 ____D C:\TDSSKiller_Quarantine 2015-10-17 15:26 - 2015-10-17 15:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\schmiro64\Desktop\tdsskiller.exe 2015-10-17 09:32 - 2015-10-17 21:53 - 00000000 ____D C:\FRST 2015-10-17 09:19 - 2015-10-17 09:19 - 00000000 _____ C:\Users\schmiro64\defogger_reenable 2015-10-17 08:59 - 2015-10-17 08:59 - 00075068 _____ C:\Users\schmiro64\Downloads\AVSCAN-20151016-233643-1B0F2AFC.LOG 2015-10-16 20:10 - 2015-10-16 20:10 - 00063188 _____ C:\Users\schmiro64\Downloads\AVSCAN-20151016-192519-C32CBE66.LOG 2015-10-15 22:35 - 2015-10-16 19:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-15 21:32 - 2015-10-15 22:49 - 00000000 ____D C:\Users\schmiro64\Downloads\20151015 2015-10-15 21:31 - 2015-10-15 21:31 - 00331526 _____ C:\Users\schmiro64\Downloads\20151015.zip 2015-10-14 20:04 - 2015-09-18 21:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-14 20:04 - 2015-09-18 20:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-14 20:04 - 2015-09-16 06:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-14 20:04 - 2015-09-16 06:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-10-14 20:04 - 2015-09-16 06:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-10-14 20:04 - 2015-09-16 06:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-10-14 20:04 - 2015-09-16 06:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-10-14 20:04 - 2015-09-16 06:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-10-14 20:04 - 2015-09-16 06:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-10-14 20:04 - 2015-09-16 06:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-10-14 20:04 - 2015-09-16 06:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-14 20:04 - 2015-09-16 06:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-14 20:04 - 2015-09-16 06:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-14 20:04 - 2015-09-16 06:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-10-14 20:04 - 2015-09-16 06:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-10-14 20:04 - 2015-09-16 06:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-10-14 20:04 - 2015-09-16 06:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-10-14 20:04 - 2015-09-16 05:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-14 20:04 - 2015-09-16 05:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-14 20:04 - 2015-09-16 05:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-10-14 20:04 - 2015-09-16 05:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-10-14 20:04 - 2015-09-16 05:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-10-14 20:04 - 2015-09-16 05:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-14 20:04 - 2015-09-16 05:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-14 20:04 - 2015-09-16 05:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-10-14 20:04 - 2015-09-16 05:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-14 20:04 - 2015-09-16 05:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-10-14 20:04 - 2015-09-16 05:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-10-14 20:04 - 2015-09-16 05:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-10-14 20:04 - 2015-09-16 05:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-10-14 20:04 - 2015-09-16 05:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-10-14 20:04 - 2015-09-16 05:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-14 20:04 - 2015-09-16 05:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-14 20:04 - 2015-09-16 05:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-14 20:04 - 2015-09-16 05:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-10-14 20:04 - 2015-09-16 05:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-14 20:04 - 2015-09-16 05:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-10-14 20:04 - 2015-09-16 05:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-10-14 20:04 - 2015-09-16 05:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-14 20:04 - 2015-09-16 05:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-10-14 20:04 - 2015-09-16 05:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-14 20:04 - 2015-09-16 05:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-14 20:04 - 2015-09-16 05:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-10-14 20:04 - 2015-09-16 05:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-14 20:04 - 2015-09-16 05:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-14 20:04 - 2015-09-16 05:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-10-14 20:04 - 2015-09-16 05:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-10-14 20:04 - 2015-09-16 05:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-14 20:04 - 2015-09-16 05:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-14 20:04 - 2015-09-16 05:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-14 20:04 - 2015-09-16 05:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-10-14 20:04 - 2015-09-16 04:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-14 20:04 - 2015-09-16 04:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-14 20:04 - 2015-09-16 04:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-10-14 20:04 - 2015-09-16 04:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-14 20:04 - 2015-09-16 04:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-14 20:04 - 2015-09-16 04:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-10-14 20:04 - 2015-09-16 04:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-10-14 20:04 - 2015-09-16 04:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-14 20:04 - 2015-09-16 04:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-14 20:04 - 2015-09-16 04:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-10-14 20:03 - 2015-08-06 20:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-14 20:03 - 2015-08-06 20:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-10-14 20:03 - 2015-08-06 19:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-14 20:03 - 2015-08-06 19:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2015-10-14 20:02 - 2015-09-29 05:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-10-14 20:02 - 2015-09-29 05:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-10-14 20:02 - 2015-09-29 05:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-10-14 20:02 - 2015-09-29 05:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-10-14 20:02 - 2015-09-29 05:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-10-14 20:02 - 2015-09-29 05:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-10-14 20:02 - 2015-09-29 05:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-10-14 20:02 - 2015-09-29 05:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-10-14 20:02 - 2015-09-29 05:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-10-14 20:02 - 2015-09-29 05:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-10-14 20:02 - 2015-09-29 05:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-10-14 20:02 - 2015-09-29 05:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-10-14 20:02 - 2015-09-29 05:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 05:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-10-14 20:02 - 2015-09-29 04:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-10-14 20:02 - 2015-09-29 04:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-10-14 20:02 - 2015-09-29 04:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-10-14 20:02 - 2015-09-29 04:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-10-14 20:02 - 2015-09-29 04:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-10-14 20:02 - 2015-09-29 04:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-10-14 20:02 - 2015-09-29 04:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-10-14 20:02 - 2015-09-29 04:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 04:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-10-14 20:02 - 2015-09-29 03:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-10-14 20:02 - 2015-09-29 03:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-10-14 20:02 - 2015-09-29 03:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-10-14 20:02 - 2015-09-29 03:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-10-14 20:02 - 2015-09-29 03:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-10-14 20:02 - 2015-09-29 03:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-10-14 20:02 - 2015-09-25 20:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-10-14 20:02 - 2015-09-25 20:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-14 20:02 - 2015-09-25 20:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-10-14 20:02 - 2015-09-25 20:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-14 20:02 - 2015-09-25 20:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-14 20:02 - 2015-09-25 19:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-10-14 20:02 - 2015-09-25 19:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-14 20:02 - 2015-09-18 21:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-14 20:02 - 2015-09-18 21:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-14 20:02 - 2015-09-18 21:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-14 20:02 - 2015-09-18 21:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-14 20:02 - 2015-09-15 20:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-10-14 20:02 - 2015-09-15 20:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-10-14 20:02 - 2015-09-15 20:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-10-14 20:02 - 2015-09-15 20:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-10-14 20:02 - 2015-09-15 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-10-14 20:02 - 2015-09-15 19:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-10-14 20:02 - 2015-09-15 19:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-10-14 20:02 - 2015-09-15 19:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-10-14 20:02 - 2015-09-15 19:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-10-14 20:01 - 2015-10-01 20:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-14 20:01 - 2015-10-01 20:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-14 20:01 - 2015-10-01 20:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-10-14 20:01 - 2015-10-01 20:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-10-14 20:01 - 2015-10-01 20:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-10-14 20:01 - 2015-10-01 20:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-10-14 20:01 - 2015-10-01 20:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-10-14 20:01 - 2015-10-01 19:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-10-14 20:01 - 2015-10-01 19:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-10-14 20:01 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-10-14 20:01 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-10-06 15:17 - 2015-10-06 15:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-09-27 23:29 - 2015-09-27 23:30 - 06521184 _____ (Tim Kosse) C:\Users\schmiro64\Downloads\FileZilla_3.14.0_win64-setup.exe 2015-09-22 22:49 - 2015-09-22 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-10-17 21:39 - 2015-03-15 17:07 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-17 21:30 - 2012-12-31 18:13 - 01197956 _____ C:\Windows\WindowsUpdate.log 2015-10-17 21:11 - 2009-07-14 06:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-17 21:11 - 2009-07-14 06:45 - 00031680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-17 21:01 - 2010-11-21 08:50 - 00702154 _____ C:\Windows\system32\perfh007.dat 2015-10-17 21:01 - 2010-11-21 08:50 - 00150820 _____ C:\Windows\system32\perfc007.dat 2015-10-17 21:01 - 2009-07-14 07:13 - 01628962 _____ C:\Windows\system32\PerfStringBackup.INI 2015-10-17 21:00 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-10-17 20:57 - 2015-03-15 17:07 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-17 20:57 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2015-10-17 20:56 - 2015-09-16 22:05 - 00010460 _____ C:\Windows\PFRO.log 2015-10-17 20:56 - 2015-09-12 14:35 - 00002520 _____ C:\Windows\setupact.log 2015-10-17 20:56 - 2013-04-01 19:44 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-10-17 20:56 - 2013-01-05 16:33 - 00000000 ____D C:\ProgramData\VMware 2015-10-17 20:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-10-17 20:56 - 2009-07-14 04:34 - 45088768 _____ C:\Windows\system32\config\COMPONENTS.bak 2015-10-17 20:56 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak 2015-10-17 20:56 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2015-10-17 20:56 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2015-10-17 19:41 - 2013-02-16 21:56 - 00000000 ____D C:\Users\schmiro64\AppData\Local\FreePDF_XP 2015-10-17 15:58 - 2014-03-03 19:52 - 00000000 ____D C:\Users\schmiro64\Documents\SnagIt Katalog 2015-10-17 09:19 - 2012-12-31 18:12 - 00000000 ____D C:\Users\schmiro64 2015-10-17 03:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-10-16 23:40 - 2015-03-15 17:08 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-10-16 23:28 - 2013-01-05 18:55 - 00000072 _____ C:\Users\Public\LMDebug.log 2015-10-16 23:27 - 2013-02-17 13:59 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{357339D0-7A51-47A5-AEF2-2E61E0144585} 2015-10-16 19:20 - 2015-09-08 23:30 - 00000000 __SHD C:\Users\schmiro64\AppData\Roaming\gjtdghee 2015-10-16 19:09 - 2013-01-03 11:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-10-15 21:56 - 2015-05-01 16:26 - 00000000 ____D C:\Users\schmiro64\AppData\Local\CrashDumps 2015-10-15 21:46 - 2015-05-26 21:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-10-15 21:45 - 2015-05-26 21:31 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2015-10-15 21:27 - 2015-04-19 19:29 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-15 21:27 - 2014-05-06 22:36 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-10-14 20:21 - 2013-08-10 16:47 - 00000000 ____D C:\Windows\system32\MRT 2015-10-14 20:18 - 2013-01-03 12:24 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-10-13 00:07 - 2013-03-24 15:11 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\BOM 2015-10-09 18:06 - 2013-01-05 16:34 - 00000000 ____D C:\Users\schmiro64\AppData\Local\VMware 2015-10-09 17:56 - 2013-01-05 16:34 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\VMware 2015-10-09 09:36 - 2015-04-05 12:33 - 00000000 ___SD C:\Windows\system32\GWX 2015-10-08 23:45 - 2015-04-05 12:33 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-10-04 21:57 - 2014-08-10 16:26 - 00082944 _____ C:\Users\schmiro64\Desktop\guzzi_parts.xls 2015-10-04 18:48 - 2014-06-27 21:51 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\ZoomBrowser EX 2015-10-04 18:48 - 2014-06-27 21:45 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\CameraWindowDC 2015-10-04 13:09 - 2014-08-21 21:05 - 00000000 ____D C:\Users\schmiro64\AppData\Local\Adobe 2015-10-04 13:08 - 2013-01-03 12:04 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-04 13:08 - 2013-01-03 12:04 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-09-27 23:33 - 2013-03-24 15:06 - 00000000 ____D C:\Users\schmiro64\AppData\Roaming\FileZilla 2015-09-26 22:59 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-09-24 08:23 - 2013-10-24 19:34 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-09-22 22:49 - 2015-05-07 20:20 - 00002014 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk 2015-09-22 22:48 - 2013-05-07 18:49 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-09-22 22:48 - 2013-03-27 21:09 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-09-19 11:33 - 2015-03-15 17:07 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-19 11:33 - 2015-03-15 17:07 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-06-17 09:50 - 2015-02-22 17:35 - 0000093 _____ () C:\Users\schmiro64\AppData\Roaming\ARCompanion.log 2013-12-19 20:58 - 2015-04-03 00:09 - 0000545 ____H () C:\Users\schmiro64\AppData\Roaming\eSReg.ini 2013-11-16 21:12 - 2015-04-08 20:09 - 0000600 _____ () C:\Users\schmiro64\AppData\Roaming\winscp.rnd 2013-05-19 17:47 - 2013-05-19 17:47 - 0004608 _____ () C:\Users\schmiro64\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-11-23 19:16 - 2014-11-24 00:33 - 0006506 _____ () C:\Users\schmiro64\AppData\Local\mbt-actwiz.log 2013-11-16 21:06 - 2015-04-08 21:42 - 0000600 _____ () C:\Users\schmiro64\AppData\Local\PUTTY.RND 2012-12-31 18:52 - 2015-09-04 20:47 - 0007656 _____ () C:\Users\schmiro64\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-10-11 19:24 ==================== Ende von FRST.txt ============================ |
|
17.10.2015, 20:58
| #2 |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 ... und hier von FRST Addition.txt
__________________Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-10-2015
durchgeführt von schmiro64 (2015-10-17 21:54:00)
Gestartet von D:\_____xxx20151015
Windows 7 Professional Service Pack 1 (X64) (2012-12-31 16:12:22)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1582384673-2009952006-1762237435-500 - Administrator - Disabled) => C:\Users\Administrator
Gast (S-1-5-21-1582384673-2009952006-1762237435-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1582384673-2009952006-1762237435-1007 - Limited - Enabled)
internet1 (S-1-5-21-1582384673-2009952006-1762237435-1004 - Limited - Enabled) => C:\Users\internet1
petra64 (S-1-5-21-1582384673-2009952006-1762237435-1003 - Limited - Enabled) => C:\Users\petra64
schmiro64 (S-1-5-21-1582384673-2009952006-1762237435-1000 - Administrator - Enabled) => C:\Users\schmiro64
___VMware_Conv_SA___ (S-1-5-21-1582384673-2009952006-1762237435-1008 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image 2015 (HKLM-x32\...\{2F70A6E6-2F71-4907-8441-BDC5D300310B}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
AIDA64 Extreme Edition v2.70 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.70 - FinalWire Ltd.)
Amazon Music (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apache Tomcat 7.0 Tomcat7 (remove only) (HKLM\...\Apache Tomcat 7.0 Tomcat7) (Version: - )
Arcon 11 (HKLM-x32\...\{1923A3BE-1437-4C5A-A7FE-77D298B6DFCB}) (Version: 1.00.0000 - Eleco)
Arduino (HKLM-x32\...\Arduino) (Version: 1.0.5 - Arduino LLC)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
Biet-O-Matic v2.14.12 (HKLM-x32\...\Biet-O-Matic v2.14.12) (Version: 2.14.12 - BOM Development Team)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.4.0.8 - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.0.3 - )
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.5.0.15 - )
Canon MX920 series Benutzerregistrierung (HKLM-x32\...\Canon MX920 series Benutzerregistrierung) (Version: - *Canon Inc.)
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.00 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.0.0.8 - )
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.0.0.15 - )
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.1.15 - )
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - )
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.0.5 - )
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.0.0.246 - )
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.0.0.19 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
CPUID CPU-Z 1.62 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DesignCAD 3D Max 21 (HKLM-x32\...\{90408D47-8AD3-4BE8-B176-E2CE2C794FFE}) (Version: 21.0.0 - IMSIDesign)
DesignSpark Mechanical 1.0 (HKLM\...\{724120B5-FF8C-4337-A7EF-3C1E0FB6B92F}) (Version: 8.1.2 - RS Components)
Easy Smart Configuration Utility (HKLM-x32\...\InstallShield_{2E6F915E-1948-49D0-B660-0F17C768E511}) (Version: 1.0.0.6 - TP-LINK)
Easy Smart Configuration Utility (x32 Version: 1.0.0.6 - TP-LINK) Hidden
EasyLog USB (HKLM-x32\...\{C6EAC902-F135-4DE1-A792-18459C9B1FB3}) (Version: 5.5.3 - Lascar Electronics Ltd.)
EasyLog USB Device (Driver Removal) (HKLM-x32\...\EL-USB&10C4&0002) (Version: - Lascar Electronics Ltd.)
easyROUTES 3 GPS-Tourenplaner (HKLM-x32\...\easyROUTES 3 GPS-Tourenplaner_is1) (Version: 3 - REINER H. NITSCHKE Verlags-GmbH)
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FileZilla Client 3.7.3 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FOSCAM Client (HKLM-x32\...\{9F9CDA0B-2291-4061-85C4-441A75BE6713}) (Version: 1.4.13 - FOSCAM)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version: - )
Frontplatten Designer (HKLM-x32\...\Frontplatten Designer) (Version: 4.4.2 - Schaeffer AG)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Garmin BaseCamp (HKLM-x32\...\{0D7C8884-192D-4E2D-A635-B282B3647E45}) (Version: 4.4.7 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2015.40 (HKLM-x32\...\{04B2E836-EF35-438B-89B8-59F484090283}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Europe NT 2016.10 (HKLM-x32\...\{53F166AF-9991-45CD-B917-384DDAA243A4}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HWiNFO64 Version 4.06 (HKLM\...\HWiNFO64_is1) (Version: 4.06 - Martin Malík - REALiX)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
IPCam Admin v3.0.28 (HKLM-x32\...\IPCam Admin Utility_is1) (Version: - Edimax Technology Co., Ltd.)
IPCam Surveillance Software 3.0.3.5 (HKLM-x32\...\IPCam Surveillance Software_is1) (Version: - Edimax Technology Co., Ltd.)
IPCamSetup (HKLM-x32\...\{02C39DE9-B03A-4FE7-89F9-61E224FE65CC}) (Version: 1.00.0000 - FOSCAM)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
LG PC Suite (HKLM-x32\...\LG PC Suite) (Version: 5.3.25.20150529 - LG Electronics)
LG United Mobile Drivers (HKLM-x32\...\{4DE95ED9-0A29-4C4F-8463-35857CF9BA36}) (Version: 3.14.1 - LG Electronics)
Liberta (HKLM-x32\...\{1EE5DCB1-E25C-44CB-8B32-EB063ED8EF73}) (Version: 1 - Weto)
LOGINventory5 (HKLM-x32\...\LOGINventory5) (Version: 5.11.0.5756 - Schmidt's LOGIN GmbH)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
mb Software ArCon (HKLM-x32\...\ArCon) (Version: - )
mb Software ArCon online (HKLM-x32\...\ArCon online) (Version: - )
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Bluetooth (HKLM\...\Motorola Bluetooth_is1) (Version: 3.0.1.227 - Motorola, Inc.)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
Nero BurningROM 12 (HKLM-x32\...\{3D9F1904-15A3-4022-B619-FDF43021BE2F}) (Version: 12.5.01400 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.57 - NETGEAR Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5 - Notepad++ Team)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Paint Shop Pro 5.03 CD (HKLM-x32\...\Paint Shop Pro 5.03) (Version: - )
Paragon Festplatten Manager™ 12 Professional (HKLM-x32\...\{1E104AF0-EA49-11DE-AC07-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF24 Creator 6.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuoVadis 7 (HKLM-x32\...\QuoVadis 7_is1) (Version: 7 - Flemming Software Development CC)
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.01.16.00 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung ML-2950 Series (HKLM-x32\...\Samsung ML-2950 Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Sudoku (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\e3626db9ef6c8cdc) (Version: 4.8.2.0 - Clemens Pichl)
Sudoku (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\e3626db9ef6c8cdc) (Version: 4.8.2.0 - Clemens Pichl)
Sudoku (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\e3626db9ef6c8cdc) (Version: 4.8.2.0 - Clemens Pichl)
SurveillancePlugin (HKLM-x32\...\{FB90D390-FBD6-465D-A39D-CED6A7C3580D}) (Version: 1.0.0.581 - Synology)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.35436 Beta - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
TFD128 (HKLM-x32\...\TFD128) (Version: 1.01 - ELV Elektronik AG)
TFD128 (x32 Version: 1.01 - ELV Elektronik AG) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.7 - VMware, Inc)
VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden
VMware vCenter Converter Standalone (HKLM-x32\...\{2BCC4907-4205-4338-BDA5-94F183144C35}) (Version: 5.5.0.1362012 - VMware, Inc.)
VNC Viewer 5.0.5 (HKLM\...\RealVNCViewer_is1) (Version: 5.0.5 - RealVNC Ltd)
weblica - 3.6.3 (HKLM-x32\...\weblica) (Version: 3.6.3 - empros gmbh)
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version: - )
WinDirStat 1.1.2 (HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinDirStat) (Version: - )
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinImage (HKLM\...\WinImage) (Version: - )
WinImage (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\...\WinImage) (Version: - )
WinImage (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinImage) (Version: - )
WinImage (HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\WinImage) (Version: - )
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
WOL2 (HKLM-x32\...\{1F951BBA-C582-4D59-9E07-8630E6245854}) (Version: 2.0 - Marko Oette (www.oette.info))
WOW Slider (HKLM-x32\...\WOW Slider_is1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1582384673-2009952006-1762237435-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Wiederherstellungspunkte =========================
17-10-2015 19:47:37 ComboFix created restore point
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-10-17 19:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01A1C850-3C90-4FB6-B992-78F1024D95D4} - System32\Tasks\LOGINquiry5 Task => C:\_systools\install\LOGINventory5\LOGINquiry.exe [2013-11-29] (Schmidt's LOGIN GmbH)
Task: {04AC5F64-5100-4E3E-A542-2129F4E3EDC9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {1E5A82D7-1A9F-4B5A-B8C9-94C0E500E17E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3AA534D4-5DCE-4F04-841B-098423D78243} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {3B6EA404-86A1-4308-998E-6C7DD34E255A} - System32\Tasks\Paragon Archive name diff_241014190039002 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {4E6799E9-7C7F-4219-88BB-FE3B54CD48F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {6EB98E7C-2649-4D4C-8710-8ABA1DC1C425} - System32\Tasks\Paragon Archive name diff_150315172000766 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {7F0AD858-8FE3-43E7-A690-A02CC2B72E4A} - System32\Tasks\LOGINsert5 Task => C:\_systools\install\LOGINventory5\LOGINsert.exe [2013-11-29] (Schmidt's LOGIN GmbH)
Task: {8B77CBDE-6F4F-4BD5-9583-16C4B7D50A06} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {8E731F31-C3E2-46A9-A37D-3A38A3111FB7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {903B12F1-44AB-4346-A993-A4E159CF4A16} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe [2012-07-23] (ASUSTeK Computer Inc.)
Task: {95DFCFDA-E7BC-436F-B74F-7FA321D4D406} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {A1357EB8-7472-48C6-A023-4B3F25A26D95} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {BA458291-3E36-44F9-8D71-24503D450618} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {C60D38D9-4383-477A-88E5-77FE64F8431D} - System32\Tasks\Paragon Archive name diff_150315152607576 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {C8008792-A5C4-4F1C-94DC-B90181179B2D} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {D5246ACB-B4EF-4F73-AE38-F3D1EA3DEEB8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {DEBCABFE-DB1F-48AC-AE75-C460E80EFF86} - System32\Tasks\Paragon Archive name diff_250115191339836 => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe [2012-03-01] (Paragon Software Group)
Task: {E577C9EE-7DD6-43A7-BADE-E1124AF51CB3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-15] (Google Inc.)
Task: {F809BAD6-9659-4082-A065-30EB19C09A25} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {FCF6CB30-A9EA-4694-A3EE-AB5681A98C5A} - System32\Tasks\CrystalDiskInfo => C:\_systools\noinstall\diskinfo\DiskInfo.exe [2012-09-25] (Crystal Dew World)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LOGINquiry5 Task.job => C:\_systools\install\LOGINventory5\LOGINquiry.exe
Task: C:\Windows\Tasks\LOGINsert5 Task.job => C:\_systools\install\LOGINventory5\LOGINsert.exe
Task: C:\Windows\Tasks\Paragon Archive name diff_150315152607576.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_150315153003888.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_150315172000766.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_150315172131567.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_241014190039002.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_241014190315882.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
Task: C:\Windows\Tasks\Paragon Archive name diff_250115191339836.job => C:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\scripts.exe¤--rebootonconfirm -Wno --alternate --graph --multiple C:/Program Files (x86)/Paragon Software/Festplatten Manager 12 Professional/scripts/scr_250115191555603.pslUC:\Program Files (x86)\Paragon Software\Festplatten Manager 12 Professional\program\
schmiro64.Sic
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-02-16 21:56 - 2010-06-17 22:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2013-01-05 18:54 - 2011-04-01 05:30 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2012-06-01 11:42 - 2012-06-01 11:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-03-19 19:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-25 03:28 - 2014-02-25 03:28 - 00248736 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2013-04-14 18:02 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2007-05-16 11:39 - 2007-05-16 11:39 - 00385096 _____ () C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItShellExt64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\_systools\install\Notepad++\NppShell_05.dll
2013-01-03 12:36 - 2015-10-17 20:56 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-01-03 12:36 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2013-10-07 19:44 - 2013-10-07 19:44 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-10-07 19:43 - 2013-10-07 19:43 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-10-07 19:42 - 2013-10-07 19:42 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2015-06-24 14:28 - 2015-06-24 14:28 - 01301720 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-01-03 12:39 - 2012-05-17 12:57 - 00043520 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2013-01-03 12:39 - 2012-07-05 13:05 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2013-01-03 12:37 - 2011-07-12 20:14 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2013-01-03 12:37 - 2010-10-05 09:22 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2013-01-03 12:37 - 2012-03-21 13:07 - 00972288 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2013-01-03 12:38 - 2012-06-19 13:56 - 01305600 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2013-01-03 12:39 - 2012-07-25 10:56 - 01124864 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
2013-01-03 12:39 - 2012-07-20 10:39 - 01047040 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2013-01-03 12:37 - 2012-05-25 11:33 - 00883712 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2013-01-03 12:37 - 2012-05-28 22:27 - 01622528 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2013-01-03 12:37 - 2011-09-19 21:18 - 01243136 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2013-01-03 12:37 - 2011-07-21 10:06 - 00846848 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2013-01-03 12:37 - 2011-10-14 21:03 - 00885248 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2013-01-03 12:36 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
2013-01-03 12:37 - 2010-10-05 09:22 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2013-01-03 12:37 - 2009-08-12 21:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2014-10-21 22:39 - 2014-10-21 22:39 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2012-12-31 18:27 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-07-20 09:08 - 2015-07-20 09:08 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 09:15 - 2015-07-20 09:15 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2014-11-27 11:44 - 2014-11-27 11:44 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2012-12-31 18:49 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-09 11:00 - 2014-09-09 11:00 - 00023576 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:4878DF65
AlternateDataStreams: C:\Users\schmiro64\Downloads\Terminfindung Alm-Sommerfest (via Doodle).eml:OECustomProperty
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SCHMIR~1\AppData\Local\Temp\BGInfo.bmp
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\SCHMIR~1\AppData\Local\Temp\BGInfo.bmp
HKU\S-1-5-21-1582384673-2009952006-1762237435-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\SCHMIR~1\AppData\Local\Temp\BGInfo.bmp
HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\petra64\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\petra64\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\internet1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\internet1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1582384673-2009952006-1762237435-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FF48EF72-8538-4291-8711-97225BED3E59}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{0D21665D-894F-48DF-9463-4F1BD3496C41}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{BC238D54-0C43-4E66-A4D3-9001A7B9D1A1}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{FF2CF3E2-52B4-428A-915C-878CF642D691}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7DDCC9B7-6238-4C70-A3EF-BE8D5645E0E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1ECD3D32-4D8A-404D-9995-01A26645121A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{18E0CA2C-2E5A-43DD-B8E3-9E7DB48CA9F8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{BE711326-3994-4F90-A58A-1C73479A9CDC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{22237E1C-31E1-486E-999C-D49BF849A1C2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F9E3902F-7AB8-4D16-82AA-2C3953486A92}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E9D5FC16-F721-43CE-AE7E-3EE4487CCFB6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{C8AC91C5-9350-40CE-8C5F-4B407BCABC69}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [TCP Query User{BD673F55-36B1-4895-A052-F1442A07F296}C:\_systools\install\iometer 2006.07.27\iometer.exe] => (Block) C:\_systools\install\iometer 2006.07.27\iometer.exe
FirewallRules: [UDP Query User{D259A41B-DAF1-4612-B89D-DCA17D5EB5BA}C:\_systools\install\iometer 2006.07.27\iometer.exe] => (Block) C:\_systools\install\iometer 2006.07.27\iometer.exe
FirewallRules: [TCP Query User{E2417FD7-DFDC-4EA3-804D-58FE5DEABE7E}C:\_systools\install\iometer 2006.07.27\dynamo.exe] => (Block) C:\_systools\install\iometer 2006.07.27\dynamo.exe
FirewallRules: [UDP Query User{D9A0C0F4-086E-4E51-9D35-4E55653A00D4}C:\_systools\install\iometer 2006.07.27\dynamo.exe] => (Block) C:\_systools\install\iometer 2006.07.27\dynamo.exe
FirewallRules: [{B1396C91-18E4-48F1-9B83-3A5E7BC9EE79}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{25887B28-4FB8-4B5F-A41D-B0F41C88E15B}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{70038333-4DE1-43B4-A78D-5CE490E844A9}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [{9627FB85-C35A-4D09-B13E-34F24C236380}] => (Allow) C:\_systools\noinstall\netio132\bin\win32-i386.exe
FirewallRules: [TCP Query User{1C1E2064-CA16-4865-BE47-3F8F8347545F}C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe] => (Allow) C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe
FirewallRules: [UDP Query User{17F13603-646A-49ED-B052-33EB0F668EA9}C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe] => (Allow) C:\program files (x86)\weblica\plugins\ch.weblica.apache.core_1.3.7\apache\weblica_apache.exe
FirewallRules: [TCP Query User{5BFA71A5-BB33-4E41-BFFD-AE78688B36AF}C:\program files (x86)\internet camera\admin\admin.exe] => (Allow) C:\program files (x86)\internet camera\admin\admin.exe
FirewallRules: [UDP Query User{F96A49AF-E9D7-4E96-9701-0A0AF44C4EB9}C:\program files (x86)\internet camera\admin\admin.exe] => (Allow) C:\program files (x86)\internet camera\admin\admin.exe
FirewallRules: [{C0368BE4-EF0F-48F3-A794-DEDDE25D3346}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{172353F1-A67C-4532-998A-9B7BE29BFF5A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{B379267E-6D10-4BEE-B90A-B90763BAA985}C:\program files (x86)\internet camera\viewer\ipcamviewer.exe] => (Allow) C:\program files (x86)\internet camera\viewer\ipcamviewer.exe
FirewallRules: [UDP Query User{19F3762D-BBA5-47B3-A92C-67ADB1CC0F8A}C:\program files (x86)\internet camera\viewer\ipcamviewer.exe] => (Allow) C:\program files (x86)\internet camera\viewer\ipcamviewer.exe
FirewallRules: [{25B04C38-73FD-44B9-B0E2-A125A679F409}] => (Allow) LPort=9089
FirewallRules: [{4CC39688-752D-4423-816B-260786680748}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{A14CEDE7-FACB-49C3-80EC-E30414795161}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [UDP Query User{676F8AE7-3D78-47B8-A289-BB51282CBA2C}C:\program files (x86)\netgear readynas\raidar.exe] => (Allow) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{D42F5EDD-EF7D-45EB-A0F7-0198CA0256CE}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [{791E2BF4-4611-48C5-BD7A-946EF1AC9C2B}] => (Block) C:\program files (x86)\netgear readynas\raidar.exe
FirewallRules: [TCP Query User{C5E76871-90B1-49D0-BAC5-B54266C8D9FB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{F9BEFA55-B9C0-4933-BF09-1D150CC1253D}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{074095A2-C368-4653-AECE-8886BAC9384A}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{9EFB92AE-6D9B-447E-A9EA-86A0E57FD2B1}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{84613AAF-CE75-4CD0-9FAA-AF6AD4BBE489}C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe] => (Allow) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [UDP Query User{E77964A6-5B67-424D-A7E4-BA59B6A41ABE}C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe] => (Allow) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{A612FC5A-B547-4956-8B76-CF4D62573420}] => (Block) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{E9CD8A27-EB8D-47FC-9C27-B1F50DCB649F}] => (Block) C:\program files (x86)\lan shut-down 1\lanshutdownserver.exe
FirewallRules: [{A50AD72F-3D86-47E1-8A55-96196C4FD3F2}] => (Allow) C:\Program Files (x86)\weblica\weblica.exe
FirewallRules: [TCP Query User{31BF2F95-48C2-4279-81EF-458ECB47845D}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{181D3B85-9C42-4B20-AA19-5E909D6834CF}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{FF432F6D-8482-4F27-9846-3FBF88D9378C}C:\program files (x86)\ipcamsetup\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamsetup\ipcamera.exe
FirewallRules: [UDP Query User{574AA6B4-EF4D-4AA7-90A3-BBAFD0966DF5}C:\program files (x86)\ipcamsetup\ipcamera.exe] => (Allow) C:\program files (x86)\ipcamsetup\ipcamera.exe
FirewallRules: [TCP Query User{23670CED-F98A-44B9-8100-790C6CF21FEF}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [UDP Query User{5BA67960-1A98-4FC3-8754-6E998A2C6927}C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe] => (Allow) C:\program files (x86)\foscam\foscam client\foscam\fsipcam.exe
FirewallRules: [TCP Query User{8EBF9044-5F63-4C10-B1CB-2421874EFF01}C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe
FirewallRules: [UDP Query User{D5FA4231-7192-4317-B40B-F4AAAE292F69}C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\tp-link\easy smart configuration utility\jre\bin\javaw.exe
FirewallRules: [{0D58F267-3810-4B8E-A672-F98212B48B8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{61DE1F8F-C09E-4A44-8B8A-7F23F94EEDB6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1822B277-90CA-4B76-873F-D0F66268F6FE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A742E651-BDB1-42CB-8E88-24ED7A35077A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{807C8314-A2F6-4025-82D7-396898C37E63}D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe] => (Allow) D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe
FirewallRules: [UDP Query User{8D3F7915-AF1E-42EA-9146-EC1B54B35B7F}D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe] => (Allow) D:\__homeautomationwork\01_arduino\arduino-1.5.8\java\bin\javaw.exe
FirewallRules: [{805EF35B-673B-41F5-A20F-B19E080E5DAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5D5B84E2-8EA8-490E-B438-D98CE9AEE71B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{72E94DBA-BF25-4F3E-A897-94F4D643915D}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{E11378B6-A84C-462C-8EEF-73F01E532E08}C:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) C:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [TCP Query User{AF81C75D-0278-4D38-97DF-6604F4ED86D8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B48C2087-2C1C-4399-9E96-A0E065CFA879}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6D3DAC28-F25B-4933-B055-EA5F9F4F2F5F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A851D3BF-AA28-42EC-AED8-6B0E49D66F08}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6FE2874D-8C62-428B-994B-B71FA187EB6C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{F8BF7E63-924C-49A7-BBAE-48273F381AC1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{AA9F3695-4683-4076-91B0-B61A0B440E0C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{1BBF8DDB-2E15-46B5-A643-9F506E61B2DE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9FEB803E-9B4C-49D1-B36D-2B16B20F8F51}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{ADA56AF9-627D-453C-8C42-BA4B38E8E86B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{A2B3CEA9-2A7D-400A-A96C-857F0ADCCB0C}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [UDP Query User{9F04CBC0-4C60-4CC6-A274-3EA2F5ED5976}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Allow) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [{12F47A83-C4B7-4712-8397-A84CED9226ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (10/17/2015 09:28:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:26:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:23:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:23:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:20:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:10:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:10:00 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:06:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:05:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Error: (10/17/2015 09:05:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Systemfehler:
=============
Error: (10/17/2015 09:36:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/17/2015 07:51:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/17/2015 07:51:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/17/2015 07:51:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (10/17/2015 07:50:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (10/16/2015 11:23:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (10/16/2015 11:21:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/16/2015 11:21:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/16/2015 08:19:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (10/16/2015 08:17:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
CodeIntegrity:
===================================
Date: 2015-10-17 19:51:19.649
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-10-17 19:51:19.618
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-01-05 23:30:23.891
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:30:23.888
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:30:23.885
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:30:23.882
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\bcryptprimitives.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.459
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.348
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.235
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 23:29:01.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume6\ctnot\Target\Win8PESE\Windows\SysWOW64\rpcrtremote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 30%
Installierter physikalischer RAM: 7879.35 MB
Verfügbarer physikalischer RAM: 5498.86 MB
Summe virtueller Speicher: 15756.9 MB
Verfügbarer virtueller Speicher: 13005.18 MB
==================== Laufwerke ================================
Drive c: (win764_c) (Fixed) (Total:111.69 GB) (Free:17.46 GB) NTFS
Drive d: (win764_d) (Fixed) (Total:250 GB) (Free:103.46 GB) NTFS
Drive e: (win764_e) (Fixed) (Total:500 GB) (Free:78.17 GB) NTFS
Drive f: (win764_f) (Fixed) (Total:500 GB) (Free:150.69 GB) NTFS
Drive g: (win764_g) (Fixed) (Total:500 GB) (Free:115.36 GB) NTFS
Drive j: (win764_j) (Fixed) (Total:113.01 GB) (Free:73.12 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3EF9CA37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D6F332BB)
Partition 1: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=613 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
|
|
17.10.2015, 22:07
| #3 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Ich warte ja nicht auf das ESET Log.
__________________ Führe den Scan vollständig durch.
__________________ |
|
17.10.2015, 23:59
| #4 |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, hier ist das ESET Log FIle. Am Ende waren es dann 10 Bedrohungen. Herzlicher Gruss Ralf Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2265811ac34160429d02a9995baf6d1c
# end=init
# utc_time=2015-10-17 08:15:13
# local_time=2015-10-17 10:15:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26285
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2265811ac34160429d02a9995baf6d1c
# end=updated
# utc_time=2015-10-17 08:19:52
# local_time=2015-10-17 10:19:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2265811ac34160429d02a9995baf6d1c
# engine=26285
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-10-17 10:49:01
# local_time=2015-10-18 12:49:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 71558713 196751991 0 0
# scanned=1269024
# found=10
# cleaned=0
# scan_time=8948
sh=5DD6B962AB3920F2D39088C8B8C3F39D6504DAB2 ft=1 fh=053a9fa1dfec318f vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0000\file0000\tsk0000.dta"
sh=16969AA2221E8C24C08A984CD4C5311A5E975942 ft=1 fh=39e96940a1f2df1e vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0001\file0000\tsk0000.dta"
sh=5DD6B962AB3920F2D39088C8B8C3F39D6504DAB2 ft=1 fh=053a9fa1dfec318f vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0002\file0000\tsk0000.dta"
sh=16969AA2221E8C24C08A984CD4C5311A5E975942 ft=1 fh=39e96940a1f2df1e vn="Win32/Trustezeb.K Trojaner" ac=I fn="C:\TDSSKiller_Quarantine\17.10.2015_15.27.24\zbot0003\file0000\tsk0000.dta"
sh=44E4D7AEDCA905466F69913241BCDC7A753213E1 ft=1 fh=930c7438f78acb51 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\from_winxp2\___download\zaZA_Setup_de_xp.exe"
sh=44E4D7AEDCA905466F69913241BCDC7A753213E1 ft=1 fh=930c7438f78acb51 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\von_winxp3_d\from_winxp2\___download\zaZA_Setup_de_xp.exe"
sh=4A5DEE4A5B1AEB00E5807AF3EE16DA7CCBE5521F ft=1 fh=0d8b6b0d107f5c19 vn="Variante von Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="D:\von_winxp3_d\___installation\audiograbber\agsetup183se.exe"
sh=44E4D7AEDCA905466F69913241BCDC7A753213E1 ft=1 fh=930c7438f78acb51 vn="Variante von Win32/AdInstaller evtl. unerwünschte Anwendung" ac=I fn="D:\winxp2_download\___download\zaZA_Setup_de_xp.exe"
sh=994F86E28C39280086B61C2A549252549BABD46A ft=1 fh=40b5aa8f3d6d4063 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="D:\_download - Kopie\cpu-z_1.62-setup-en.exe"
sh=DE4B6F04F6B0C9338D3F191B3E08A70A689E5D5B ft=1 fh=f13d621671c8cd1c vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="D:\_download - Kopie\_von_winxp3_e\eac-0.99pb5.exe"
|
|
18.10.2015, 10:30
| #5 |
| /// TB-Ausbilder /// Anleitungs-Guru | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Morgen Ralf, aktive Malware wurde da keine mehr gefunden. Wann genau hast Du denn den Anhang geöffnet? Kannst Du bitte mal versuchen mir diesen Ordner hochzuladen: C:\TDSSKiller_Quarantine Schritt 1  Upload:
Bitte um Rückmeldung ob es geklappt hat!  Danke für Deine Hilfe!
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
18.10.2015, 11:18
| #6 | |
| | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Hallo Juergen, Zitat:
Den gezippte TDSSKiller Quarantäne Ordner habe ich hochgeladen Herzlicher Gruss Ralf |
|
18.10.2015, 11:57
| #7 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 Danke Dir. Mach mal bitte noch folgendes: Schritt 1 Echtzeitschutz des Virenscanners abschalten.  Schritt 2 Download von  ZOEK (by Smeenk)
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Win7: AVIRA findet TR/Vundo.Gen, TR/Trustezeb.235520 und TR/Crypt.ZPACK.188761 |
| antivir, avira, canon, computer, converter, desktop, dnsapi.dll, email, firefox, homepage, internet, mozilla, netgear, problem, prozesse, realtek, registry, rundll, scan, services.exe, software, svchost.exe, synology, system, tr/vundo.gen, usb, virus, windows |
und lade die Datei hoch. 
Hybrid-Darstellung
