| |
| |||||||
Log-Analyse und Auswertung: Windows 8: Backdoorfund von Avira-EchtzeitscannerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.06.2015, 11:58
| #1 |
| |  Windows 8: Backdoorfund von Avira-Echtzeitscanner Hallo, der Echtzeitscanner von Avira hat vor gut 2 Wochen den Fund des Backdoorprogrammes BDS/KillWin.DG gemeldet. Code:
ATTFilter Typ: Datei
Quelle: C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360
Status: Infiziert
Quarantäne-Objekt: 507eb79f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.03.30.36
Virendefinitionsdatei: 8.11.234.68
Gefunden: BDS/KillWin.DG
Datum/Uhrzeit: 25.05.2015, 21:06
Als ich dann allerdings auf die Ereignisanzeige gegangen bin, musste ich feststellen, dass der gleiche Fund schon mehrmals über den Tag verteilt festgestellt wurde, mir jedoch nicht angezeigt wurde. Ich weiß nicht genau, was die Aktion 'Zugriff verweigern' konkret bedeutet. Nach der Avira Hilfe sollte es eigentlich nur die Möglichkeit des Löschens und Übergebens an Scanner geben, der die Datei dann in die Quarantäne verschiebt. Erst am Abend als ich meinen Laptop gerade aufgeklappt habe, ist unten dann ein Pop-Up-Fenster aufgetaucht, mit dem ich den Fund an den System-Scanner übergeben habe. Code:
ATTFilter Exportierte Ereignisse:
21.05.2015 19:20 [System-Scanner] Malware gefunden
Die Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
enthielt einen Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '507eb79f.qua'
verschoben!
21.05.2015 13:50 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
wurde ein Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2015 13:42 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
wurde ein Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2015 13:20 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
wurde ein Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2015 13:20 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
wurde ein Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2015 12:36 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
wurde ein Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2015 11:35 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
wurde ein Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
21.05.2015 11:35 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
wurde ein Virus oder unerwünschtes Programm 'BDS/KillWin.DG' [backdoor]
gefunden.
Ausgeführte Aktion: Übergeben an Scanner
Code:
ATTFilter Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 21. Mai 2015 19:19
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.3.9600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LUKAS-PC
Versionsinformationen:
BUILD.DAT : 15.0.10.434 109882 Bytes 16.04.2015 15:24:00
AVSCAN.EXE : 15.0.10.430 1028856 Bytes 05.05.2015 09:09:26
AVSCANRC.DLL : 15.0.10.236 64760 Bytes 05.05.2015 09:09:26
LUKE.DLL : 15.0.10.414 59696 Bytes 05.05.2015 09:09:34
AVSCPLR.DLL : 15.0.10.414 97736 Bytes 05.05.2015 09:09:26
REPAIR.DLL : 15.0.10.414 375088 Bytes 05.05.2015 09:09:26
REPAIR.RDF : 1.0.7.96 892927 Bytes 20.05.2015 18:32:37
AVREG.DLL : 15.0.10.414 275248 Bytes 05.05.2015 09:09:26
AVLODE.DLL : 15.0.10.414 597240 Bytes 05.05.2015 09:09:25
AVLODE.RDF : 14.0.4.70 79227 Bytes 07.05.2015 20:45:45
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00108.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:28
XBV00109.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:28
XBV00110.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:28
XBV00111.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:28
XBV00112.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00113.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00114.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00115.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00116.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00117.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00118.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00119.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00120.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00121.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00122.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00123.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:29
XBV00124.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:30
XBV00125.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:30
XBV00126.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:30
XBV00127.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:30
XBV00128.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00129.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00130.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00131.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00132.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00133.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00134.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00135.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00136.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00137.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00138.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00139.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00140.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00141.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00142.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00143.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00144.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00145.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00146.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:31
XBV00147.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00148.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00149.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00150.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00151.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00152.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00153.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00154.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00155.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00156.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00157.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00158.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00159.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00160.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00161.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00162.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00163.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00164.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00165.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00166.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00167.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:32
XBV00168.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00169.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00170.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00171.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00172.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00173.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00174.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00175.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00176.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00177.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00178.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00179.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00180.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00181.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00182.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00183.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00184.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00185.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00186.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:33
XBV00187.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:34
XBV00188.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:34
XBV00189.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:34
XBV00190.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00191.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00192.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00193.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00194.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00195.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00196.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00197.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00198.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00199.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00200.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00201.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00202.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00203.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00204.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00205.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00206.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00207.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00208.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00209.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00210.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00211.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00212.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00213.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00214.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00215.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00216.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00217.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00218.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00219.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00220.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00221.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00222.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00223.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00224.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00225.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00226.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00227.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00228.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00229.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00230.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00231.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00232.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00233.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:37
XBV00234.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:37
XBV00235.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00236.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00237.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00238.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00239.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00240.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00241.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00242.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00243.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00244.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00245.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00246.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00247.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00248.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00249.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00250.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00251.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00252.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00253.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00254.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00255.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:44:30
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:44:30
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:44:30
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:44:30
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:44:30
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:44:30
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 10:44:30
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:44:30
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 10:44:30
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 10:44:30
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 16:35:50
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 11:22:14
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:48:19
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 16:41:41
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 15:18:14
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 10:32:48
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 21:48:08
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 09:47:55
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 19:05:53
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 18:55:24
XBV00042.VDF : 8.11.230.210 93184 Bytes 13.05.2015 20:55:17
XBV00043.VDF : 8.11.230.212 2048 Bytes 13.05.2015 20:55:17
XBV00044.VDF : 8.11.230.254 3072 Bytes 13.05.2015 20:55:17
XBV00045.VDF : 8.11.231.22 39936 Bytes 13.05.2015 20:55:17
XBV00046.VDF : 8.11.231.44 8192 Bytes 13.05.2015 10:50:13
XBV00047.VDF : 8.11.231.46 2048 Bytes 13.05.2015 10:50:13
XBV00048.VDF : 8.11.231.66 10240 Bytes 13.05.2015 10:50:13
XBV00049.VDF : 8.11.231.88 43520 Bytes 14.05.2015 10:50:13
XBV00050.VDF : 8.11.231.108 18432 Bytes 14.05.2015 10:50:13
XBV00051.VDF : 8.11.231.128 2048 Bytes 14.05.2015 10:50:13
XBV00052.VDF : 8.11.231.150 30208 Bytes 14.05.2015 12:50:08
XBV00053.VDF : 8.11.231.188 23552 Bytes 14.05.2015 17:12:02
XBV00054.VDF : 8.11.231.206 10240 Bytes 14.05.2015 17:12:02
XBV00055.VDF : 8.11.231.224 11776 Bytes 14.05.2015 17:12:03
XBV00056.VDF : 8.11.231.244 98304 Bytes 14.05.2015 17:25:03
XBV00057.VDF : 8.11.231.246 2048 Bytes 14.05.2015 17:25:03
XBV00058.VDF : 8.11.231.250 91136 Bytes 15.05.2015 17:25:13
XBV00059.VDF : 8.11.232.34 2048 Bytes 15.05.2015 17:25:14
XBV00060.VDF : 8.11.232.52 70656 Bytes 15.05.2015 17:25:22
XBV00061.VDF : 8.11.232.72 9216 Bytes 15.05.2015 17:25:27
XBV00062.VDF : 8.11.232.90 2048 Bytes 15.05.2015 17:25:27
XBV00063.VDF : 8.11.232.108 52224 Bytes 15.05.2015 23:04:54
XBV00064.VDF : 8.11.232.126 2048 Bytes 15.05.2015 23:04:54
XBV00065.VDF : 8.11.232.144 8704 Bytes 15.05.2015 23:04:54
XBV00066.VDF : 8.11.232.162 18944 Bytes 15.05.2015 23:04:55
XBV00067.VDF : 8.11.232.178 2048 Bytes 15.05.2015 23:04:55
XBV00068.VDF : 8.11.232.210 97280 Bytes 16.05.2015 13:53:05
XBV00069.VDF : 8.11.232.224 33280 Bytes 16.05.2015 19:06:49
XBV00070.VDF : 8.11.232.238 2048 Bytes 16.05.2015 19:06:49
XBV00071.VDF : 8.11.232.252 106496 Bytes 17.05.2015 12:59:06
XBV00072.VDF : 8.11.233.10 22016 Bytes 17.05.2015 15:31:53
XBV00073.VDF : 8.11.233.24 108544 Bytes 18.05.2015 08:51:10
XBV00074.VDF : 8.11.233.38 11776 Bytes 18.05.2015 08:51:10
XBV00075.VDF : 8.11.233.52 7168 Bytes 18.05.2015 08:51:10
XBV00076.VDF : 8.11.233.66 12800 Bytes 18.05.2015 17:05:05
XBV00077.VDF : 8.11.233.68 11264 Bytes 18.05.2015 17:05:05
XBV00078.VDF : 8.11.233.70 10752 Bytes 18.05.2015 17:05:05
XBV00079.VDF : 8.11.233.72 8704 Bytes 18.05.2015 17:05:05
XBV00080.VDF : 8.11.233.74 13824 Bytes 18.05.2015 17:05:05
XBV00081.VDF : 8.11.233.76 2048 Bytes 18.05.2015 17:05:05
XBV00082.VDF : 8.11.233.78 12800 Bytes 18.05.2015 17:05:05
XBV00083.VDF : 8.11.233.84 34816 Bytes 18.05.2015 17:43:57
XBV00084.VDF : 8.11.233.86 4096 Bytes 19.05.2015 17:43:57
XBV00085.VDF : 8.11.233.100 208384 Bytes 19.05.2015 17:43:58
XBV00086.VDF : 8.11.233.112 20480 Bytes 19.05.2015 17:43:58
XBV00087.VDF : 8.11.233.126 60928 Bytes 19.05.2015 17:43:58
XBV00088.VDF : 8.11.233.138 13312 Bytes 19.05.2015 17:43:58
XBV00089.VDF : 8.11.233.140 48128 Bytes 19.05.2015 19:43:59
XBV00090.VDF : 8.11.233.142 2048 Bytes 19.05.2015 19:43:59
XBV00091.VDF : 8.11.233.144 2048 Bytes 19.05.2015 19:43:59
XBV00092.VDF : 8.11.233.158 51712 Bytes 19.05.2015 18:32:35
XBV00093.VDF : 8.11.233.170 17920 Bytes 20.05.2015 18:32:35
XBV00094.VDF : 8.11.233.182 24064 Bytes 20.05.2015 18:32:35
XBV00095.VDF : 8.11.233.184 68096 Bytes 20.05.2015 18:32:35
XBV00096.VDF : 8.11.233.196 2048 Bytes 20.05.2015 18:32:35
XBV00097.VDF : 8.11.233.208 36352 Bytes 20.05.2015 18:32:35
XBV00098.VDF : 8.11.233.220 2048 Bytes 20.05.2015 18:32:35
XBV00099.VDF : 8.11.233.232 92672 Bytes 20.05.2015 07:45:46
XBV00100.VDF : 8.11.233.242 14336 Bytes 20.05.2015 07:45:46
XBV00101.VDF : 8.11.233.252 8704 Bytes 20.05.2015 07:45:46
XBV00102.VDF : 8.11.234.6 33792 Bytes 20.05.2015 07:45:46
XBV00103.VDF : 8.11.234.16 14336 Bytes 20.05.2015 07:45:46
XBV00104.VDF : 8.11.234.18 2048 Bytes 21.05.2015 07:45:47
XBV00105.VDF : 8.11.234.38 38912 Bytes 21.05.2015 07:45:47
XBV00106.VDF : 8.11.234.58 3584 Bytes 21.05.2015 07:45:47
XBV00107.VDF : 8.11.234.68 4096 Bytes 21.05.2015 10:46:33
LOCAL001.VDF : 8.11.234.68 130980864 Bytes 21.05.2015 10:46:56
Engineversion : 8.3.30.36
AEVDF.DLL : 8.3.1.6 133992 Bytes 24.09.2014 10:44:20
AESCRIPT.DLL : 8.2.2.64 571304 Bytes 12.05.2015 21:36:58
AESCN.DLL : 8.3.2.10 142456 Bytes 12.05.2015 21:36:58
AESBX.DLL : 8.2.20.34 1615784 Bytes 04.03.2015 20:58:59
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 23:57:53
AEPACK.DLL : 8.4.0.78 792488 Bytes 20.05.2015 18:32:35
AEOFFICE.DLL : 8.3.1.22 363376 Bytes 24.04.2015 15:09:42
AEMOBILE.DLL : 8.1.7.2 281720 Bytes 24.04.2015 15:09:47
AEHEUR.DLL : 8.1.4.1684 8353704 Bytes 12.05.2015 21:36:57
AEHELP.DLL : 8.3.2.0 281456 Bytes 19.03.2015 19:45:28
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 14:39:49
AEEXP.DLL : 8.4.2.88 266296 Bytes 12.05.2015 21:36:58
AEEMU.DLL : 8.1.3.4 399264 Bytes 24.09.2014 10:44:20
AEDROID.DLL : 8.4.3.116 1050536 Bytes 10.03.2015 19:02:24
AECORE.DLL : 8.3.4.0 243624 Bytes 18.12.2014 17:40:46
AEBB.DLL : 8.1.2.0 60448 Bytes 24.09.2014 10:44:20
AVWINLL.DLL : 15.0.10.236 25904 Bytes 05.05.2015 09:09:22
AVPREF.DLL : 15.0.10.236 52984 Bytes 05.05.2015 09:09:26
AVREP.DLL : 15.0.10.236 220464 Bytes 05.05.2015 09:09:26
AVARKT.DLL : 15.0.10.296 228088 Bytes 05.05.2015 09:09:23
AVEVTLOG.DLL : 15.0.10.296 194296 Bytes 05.05.2015 09:09:24
SQLITE3.DLL : 15.0.10.236 456440 Bytes 05.05.2015 09:09:36
AVSMTP.DLL : 15.0.10.236 78128 Bytes 05.05.2015 09:09:27
NETNT.DLL : 15.0.10.236 16120 Bytes 05.05.2015 09:09:34
CommonImageRc.dll: 15.0.10.236 4355376 Bytes 05.05.2015 09:09:22
CommonTextRc.DLL: 15.0.10.270 70904 Bytes 05.05.2015 09:09:22
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\Antivirus\TEMP\AVGUARD_55547b99\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Abweichende Gefahrenkategorien........: +JOKE,+SPR,
Beginn des Suchlaufs: Donnerstag, 21. Mai 2015 19:19
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '204' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'AssistantServices.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUSSoundProxy.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'esrv_svc.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCPerfService.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'vuagent.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'vim.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCAgent.exe' - '182' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'dashost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '222' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '142' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkClient.EXE' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBVolumeWatcher.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'UIExec.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.EXE' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIO Clip.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'esrv.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'SoundRec.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'RuntimeBroker.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'vim.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSystemTray.exe' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_17_0_0_169.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_17_0_0_169.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '10' Modul(e) wurden durchsucht
Durchsuche Prozess 'vds.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinLogon.exe' - '28' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360'
C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/KillWin.DG
Beginne mit der Desinfektion:
C:\Windows\System32\LogFiles\Scm\cfd7c21a-808b-487b-a6ec-8a10e44e8360
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/KillWin.DG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '507eb79f.qua' verschoben!
Ende des Suchlaufs: Donnerstag, 21. Mai 2015 19:20
Benötigte Zeit: 00:13 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1154 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1153 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
Bzw. in der Virenbeschreibung steht ja Betriebssystem Win XP/Vista/7, heißt das, das der Virus nur dadrauf läuft und ich eigentlich gar nichts zu befürchten brauche, wenn ich Win8 habe? Ich war dann erstmal nicht mehr wirklich im Internet, nur kurz 1-2 mal, um Avira upzudaten und war manchmal offline dran und hab verschiedene Scans mit Avira durchgeführt, die aber allesamt negativ waren. Nur für kurze Zeit, waren auf einmal 2 versteckte Objekte im Scan zu finden, die dann nach einem Neustart aber nicht mehr gefunden wurde. Code:
ATTFilter
Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 1. Juni 2015 21:26
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.3.9600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LUKAS-PC
Versionsinformationen:
BUILD.DAT : 15.0.10.434 109882 Bytes 16.04.2015 15:24:00
AVSCAN.EXE : 15.0.10.430 1028856 Bytes 05.05.2015 09:09:26
AVSCANRC.DLL : 15.0.10.236 64760 Bytes 05.05.2015 09:09:26
LUKE.DLL : 15.0.10.414 59696 Bytes 05.05.2015 09:09:34
AVSCPLR.DLL : 15.0.10.414 97736 Bytes 05.05.2015 09:09:26
REPAIR.DLL : 15.0.10.414 375088 Bytes 05.05.2015 09:09:26
REPAIR.RDF : 1.0.8.8 897113 Bytes 29.05.2015 11:45:39
AVREG.DLL : 15.0.10.414 275248 Bytes 05.05.2015 09:09:26
AVLODE.DLL : 15.0.10.414 597240 Bytes 05.05.2015 09:09:25
AVLODE.RDF : 14.0.4.70 79227 Bytes 07.05.2015 20:45:45
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 10:44:31
XBV00197.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00198.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00199.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00200.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00201.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00202.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00203.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00204.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00205.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00206.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00207.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00208.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00209.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00210.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:35
XBV00211.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00212.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00213.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00214.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00215.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00216.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00217.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00218.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00219.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00220.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00221.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00222.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00223.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00224.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00225.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00226.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00227.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00228.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00229.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00230.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00231.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00232.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:36
XBV00233.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:37
XBV00234.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:37
XBV00235.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00236.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00237.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00238.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00239.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00240.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00241.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00242.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00243.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00244.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00245.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00246.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00247.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00248.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00249.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:38
XBV00250.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00251.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00252.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00253.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00254.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00255.VDF : 8.11.230.186 2048 Bytes 13.05.2015 18:55:39
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:44:30
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 10:44:30
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 10:44:30
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 10:44:30
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 10:44:30
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 10:44:30
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 10:44:30
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 10:44:30
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 10:44:30
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 10:44:30
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 16:35:50
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 11:22:14
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:48:19
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 16:41:41
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 15:18:14
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 10:32:48
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 21:48:08
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 09:47:55
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 19:05:53
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 18:55:24
XBV00042.VDF : 8.11.230.210 93184 Bytes 13.05.2015 20:55:17
XBV00043.VDF : 8.11.230.212 2048 Bytes 13.05.2015 20:55:17
XBV00044.VDF : 8.11.230.254 3072 Bytes 13.05.2015 20:55:17
XBV00045.VDF : 8.11.231.22 39936 Bytes 13.05.2015 20:55:17
XBV00046.VDF : 8.11.231.44 8192 Bytes 13.05.2015 10:50:13
XBV00047.VDF : 8.11.231.46 2048 Bytes 13.05.2015 10:50:13
XBV00048.VDF : 8.11.231.66 10240 Bytes 13.05.2015 10:50:13
XBV00049.VDF : 8.11.231.88 43520 Bytes 14.05.2015 10:50:13
XBV00050.VDF : 8.11.231.108 18432 Bytes 14.05.2015 10:50:13
XBV00051.VDF : 8.11.231.128 2048 Bytes 14.05.2015 10:50:13
XBV00052.VDF : 8.11.231.150 30208 Bytes 14.05.2015 12:50:08
XBV00053.VDF : 8.11.231.188 23552 Bytes 14.05.2015 17:12:02
XBV00054.VDF : 8.11.231.206 10240 Bytes 14.05.2015 17:12:02
XBV00055.VDF : 8.11.231.224 11776 Bytes 14.05.2015 17:12:03
XBV00056.VDF : 8.11.231.244 98304 Bytes 14.05.2015 17:25:03
XBV00057.VDF : 8.11.231.246 2048 Bytes 14.05.2015 17:25:03
XBV00058.VDF : 8.11.231.250 91136 Bytes 15.05.2015 17:25:13
XBV00059.VDF : 8.11.232.34 2048 Bytes 15.05.2015 17:25:14
XBV00060.VDF : 8.11.232.52 70656 Bytes 15.05.2015 17:25:22
XBV00061.VDF : 8.11.232.72 9216 Bytes 15.05.2015 17:25:27
XBV00062.VDF : 8.11.232.90 2048 Bytes 15.05.2015 17:25:27
XBV00063.VDF : 8.11.232.108 52224 Bytes 15.05.2015 23:04:54
XBV00064.VDF : 8.11.232.126 2048 Bytes 15.05.2015 23:04:54
XBV00065.VDF : 8.11.232.144 8704 Bytes 15.05.2015 23:04:54
XBV00066.VDF : 8.11.232.162 18944 Bytes 15.05.2015 23:04:55
XBV00067.VDF : 8.11.232.178 2048 Bytes 15.05.2015 23:04:55
XBV00068.VDF : 8.11.232.210 97280 Bytes 16.05.2015 13:53:05
XBV00069.VDF : 8.11.232.224 33280 Bytes 16.05.2015 19:06:49
XBV00070.VDF : 8.11.232.238 2048 Bytes 16.05.2015 19:06:49
XBV00071.VDF : 8.11.232.252 106496 Bytes 17.05.2015 12:59:06
XBV00072.VDF : 8.11.233.10 22016 Bytes 17.05.2015 15:31:53
XBV00073.VDF : 8.11.233.24 108544 Bytes 18.05.2015 08:51:10
XBV00074.VDF : 8.11.233.38 11776 Bytes 18.05.2015 08:51:10
XBV00075.VDF : 8.11.233.52 7168 Bytes 18.05.2015 08:51:10
XBV00076.VDF : 8.11.233.66 12800 Bytes 18.05.2015 17:05:05
XBV00077.VDF : 8.11.233.68 11264 Bytes 18.05.2015 17:05:05
XBV00078.VDF : 8.11.233.70 10752 Bytes 18.05.2015 17:05:05
XBV00079.VDF : 8.11.233.72 8704 Bytes 18.05.2015 17:05:05
XBV00080.VDF : 8.11.233.74 13824 Bytes 18.05.2015 17:05:05
XBV00081.VDF : 8.11.233.76 2048 Bytes 18.05.2015 17:05:05
XBV00082.VDF : 8.11.233.78 12800 Bytes 18.05.2015 17:05:05
XBV00083.VDF : 8.11.233.84 34816 Bytes 18.05.2015 17:43:57
XBV00084.VDF : 8.11.233.86 4096 Bytes 19.05.2015 17:43:57
XBV00085.VDF : 8.11.233.100 208384 Bytes 19.05.2015 17:43:58
XBV00086.VDF : 8.11.233.112 20480 Bytes 19.05.2015 17:43:58
XBV00087.VDF : 8.11.233.126 60928 Bytes 19.05.2015 17:43:58
XBV00088.VDF : 8.11.233.138 13312 Bytes 19.05.2015 17:43:58
XBV00089.VDF : 8.11.233.140 48128 Bytes 19.05.2015 19:43:59
XBV00090.VDF : 8.11.233.142 2048 Bytes 19.05.2015 19:43:59
XBV00091.VDF : 8.11.233.144 2048 Bytes 19.05.2015 19:43:59
XBV00092.VDF : 8.11.233.158 51712 Bytes 19.05.2015 18:32:35
XBV00093.VDF : 8.11.233.170 17920 Bytes 20.05.2015 18:32:35
XBV00094.VDF : 8.11.233.182 24064 Bytes 20.05.2015 18:32:35
XBV00095.VDF : 8.11.233.184 68096 Bytes 20.05.2015 18:32:35
XBV00096.VDF : 8.11.233.196 2048 Bytes 20.05.2015 18:32:35
XBV00097.VDF : 8.11.233.208 36352 Bytes 20.05.2015 18:32:35
XBV00098.VDF : 8.11.233.220 2048 Bytes 20.05.2015 18:32:35
XBV00099.VDF : 8.11.233.232 92672 Bytes 20.05.2015 07:45:46
XBV00100.VDF : 8.11.233.242 14336 Bytes 20.05.2015 07:45:46
XBV00101.VDF : 8.11.233.252 8704 Bytes 20.05.2015 07:45:46
XBV00102.VDF : 8.11.234.6 33792 Bytes 20.05.2015 07:45:46
XBV00103.VDF : 8.11.234.16 14336 Bytes 20.05.2015 07:45:46
XBV00104.VDF : 8.11.234.18 2048 Bytes 21.05.2015 07:45:47
XBV00105.VDF : 8.11.234.38 38912 Bytes 21.05.2015 07:45:47
XBV00106.VDF : 8.11.234.58 3584 Bytes 21.05.2015 07:45:47
XBV00107.VDF : 8.11.234.68 4096 Bytes 21.05.2015 10:46:33
XBV00108.VDF : 8.11.234.76 34304 Bytes 21.05.2015 15:04:33
XBV00109.VDF : 8.11.234.78 11264 Bytes 21.05.2015 15:04:33
XBV00110.VDF : 8.11.234.84 44032 Bytes 21.05.2015 15:04:33
XBV00111.VDF : 8.11.234.86 2048 Bytes 21.05.2015 15:04:33
XBV00112.VDF : 8.11.234.88 29184 Bytes 21.05.2015 15:04:33
XBV00113.VDF : 8.11.234.90 16896 Bytes 21.05.2015 15:04:33
XBV00114.VDF : 8.11.234.92 21504 Bytes 22.05.2015 15:04:33
XBV00115.VDF : 8.11.234.94 32768 Bytes 22.05.2015 15:04:33
XBV00116.VDF : 8.11.234.96 2048 Bytes 22.05.2015 15:04:33
XBV00117.VDF : 8.11.234.104 10240 Bytes 22.05.2015 15:04:33
XBV00118.VDF : 8.11.234.112 30208 Bytes 22.05.2015 15:04:33
XBV00119.VDF : 8.11.234.120 13824 Bytes 22.05.2015 15:04:33
XBV00120.VDF : 8.11.234.128 11264 Bytes 22.05.2015 15:04:33
XBV00121.VDF : 8.11.234.130 2048 Bytes 22.05.2015 15:04:33
XBV00122.VDF : 8.11.234.138 2048 Bytes 22.05.2015 15:04:33
XBV00123.VDF : 8.11.234.146 14848 Bytes 22.05.2015 15:04:33
XBV00124.VDF : 8.11.234.154 15872 Bytes 22.05.2015 15:04:33
XBV00125.VDF : 8.11.234.164 27136 Bytes 22.05.2015 15:04:33
XBV00126.VDF : 8.11.234.166 2048 Bytes 22.05.2015 15:04:33
XBV00127.VDF : 8.11.234.168 10240 Bytes 22.05.2015 15:04:33
XBV00128.VDF : 8.11.234.170 2048 Bytes 22.05.2015 15:04:33
XBV00129.VDF : 8.11.234.172 13312 Bytes 22.05.2015 15:04:33
XBV00130.VDF : 8.11.234.174 15872 Bytes 22.05.2015 15:04:34
XBV00131.VDF : 8.11.234.184 68096 Bytes 23.05.2015 15:04:34
XBV00132.VDF : 8.11.234.186 2048 Bytes 23.05.2015 15:04:34
XBV00133.VDF : 8.11.234.196 2048 Bytes 23.05.2015 15:04:34
XBV00134.VDF : 8.11.234.206 12800 Bytes 23.05.2015 15:04:34
XBV00135.VDF : 8.11.234.216 70144 Bytes 24.05.2015 15:04:34
XBV00136.VDF : 8.11.234.226 2560 Bytes 24.05.2015 15:04:34
XBV00137.VDF : 8.11.234.228 79360 Bytes 25.05.2015 15:04:34
XBV00138.VDF : 8.11.234.238 6656 Bytes 25.05.2015 15:04:34
XBV00139.VDF : 8.11.234.248 7168 Bytes 25.05.2015 15:04:34
XBV00140.VDF : 8.11.235.2 6144 Bytes 25.05.2015 15:04:34
XBV00141.VDF : 8.11.235.4 6656 Bytes 25.05.2015 15:04:34
XBV00142.VDF : 8.11.235.14 5632 Bytes 25.05.2015 15:04:34
XBV00143.VDF : 8.11.235.16 4608 Bytes 25.05.2015 15:04:34
XBV00144.VDF : 8.11.235.18 3072 Bytes 25.05.2015 15:04:34
XBV00145.VDF : 8.11.235.20 3584 Bytes 25.05.2015 15:04:34
XBV00146.VDF : 8.11.235.22 3584 Bytes 25.05.2015 15:04:34
XBV00147.VDF : 8.11.235.24 5120 Bytes 25.05.2015 15:04:34
XBV00148.VDF : 8.11.235.26 6144 Bytes 25.05.2015 15:04:34
XBV00149.VDF : 8.11.235.28 8704 Bytes 25.05.2015 15:04:34
XBV00150.VDF : 8.11.235.30 15872 Bytes 25.05.2015 15:04:34
XBV00151.VDF : 8.11.235.32 15360 Bytes 25.05.2015 15:04:34
XBV00152.VDF : 8.11.235.34 7168 Bytes 25.05.2015 15:04:35
XBV00153.VDF : 8.11.235.36 4608 Bytes 25.05.2015 15:04:35
XBV00154.VDF : 8.11.235.38 13312 Bytes 25.05.2015 15:04:35
XBV00155.VDF : 8.11.235.40 7680 Bytes 26.05.2015 15:04:35
XBV00156.VDF : 8.11.235.42 29696 Bytes 26.05.2015 15:04:35
XBV00157.VDF : 8.11.235.44 8704 Bytes 26.05.2015 15:04:35
XBV00158.VDF : 8.11.235.46 9728 Bytes 26.05.2015 15:04:35
XBV00159.VDF : 8.11.235.48 6656 Bytes 26.05.2015 15:04:35
XBV00160.VDF : 8.11.235.50 5632 Bytes 26.05.2015 15:04:35
XBV00161.VDF : 8.11.235.52 15360 Bytes 26.05.2015 15:04:35
XBV00162.VDF : 8.11.235.54 5632 Bytes 26.05.2015 15:04:35
XBV00163.VDF : 8.11.235.58 26624 Bytes 26.05.2015 11:45:27
XBV00164.VDF : 8.11.235.60 2048 Bytes 26.05.2015 11:45:27
XBV00165.VDF : 8.11.235.70 2048 Bytes 26.05.2015 11:45:27
XBV00166.VDF : 8.11.235.78 4608 Bytes 26.05.2015 11:45:28
XBV00167.VDF : 8.11.235.80 2560 Bytes 26.05.2015 11:45:28
XBV00168.VDF : 8.11.235.88 39936 Bytes 26.05.2015 11:45:28
XBV00169.VDF : 8.11.235.96 9728 Bytes 27.05.2015 11:45:28
XBV00170.VDF : 8.11.235.104 31232 Bytes 27.05.2015 11:45:28
XBV00171.VDF : 8.11.235.106 46592 Bytes 27.05.2015 11:45:28
XBV00172.VDF : 8.11.235.108 2048 Bytes 27.05.2015 11:45:28
XBV00173.VDF : 8.11.235.110 2048 Bytes 27.05.2015 11:45:28
XBV00174.VDF : 8.11.235.112 18432 Bytes 27.05.2015 11:45:28
XBV00175.VDF : 8.11.235.114 18944 Bytes 27.05.2015 11:45:28
XBV00176.VDF : 8.11.235.116 6656 Bytes 27.05.2015 11:45:28
XBV00177.VDF : 8.11.235.118 9216 Bytes 27.05.2015 11:45:28
XBV00178.VDF : 8.11.235.120 6656 Bytes 27.05.2015 11:45:28
XBV00179.VDF : 8.11.235.130 34304 Bytes 27.05.2015 11:45:28
XBV00180.VDF : 8.11.235.132 2048 Bytes 27.05.2015 11:45:28
XBV00181.VDF : 8.11.235.140 12288 Bytes 27.05.2015 11:45:28
XBV00182.VDF : 8.11.235.148 4096 Bytes 27.05.2015 11:45:28
XBV00183.VDF : 8.11.235.160 15872 Bytes 28.05.2015 11:45:28
XBV00184.VDF : 8.11.235.162 5120 Bytes 28.05.2015 11:45:28
XBV00185.VDF : 8.11.235.168 2048 Bytes 28.05.2015 11:45:28
XBV00186.VDF : 8.11.235.170 10752 Bytes 28.05.2015 11:45:28
XBV00187.VDF : 8.11.235.172 2048 Bytes 28.05.2015 11:45:28
XBV00188.VDF : 8.11.235.176 7168 Bytes 28.05.2015 11:45:28
XBV00189.VDF : 8.11.235.178 14336 Bytes 28.05.2015 11:45:28
XBV00190.VDF : 8.11.235.182 51200 Bytes 28.05.2015 11:45:28
XBV00191.VDF : 8.11.235.184 40448 Bytes 28.05.2015 11:45:28
XBV00192.VDF : 8.11.235.186 2048 Bytes 28.05.2015 11:45:29
XBV00193.VDF : 8.11.235.190 141824 Bytes 29.05.2015 11:45:29
XBV00194.VDF : 8.11.235.192 4096 Bytes 29.05.2015 11:45:29
XBV00195.VDF : 8.11.235.200 48128 Bytes 29.05.2015 11:45:29
XBV00196.VDF : 8.11.235.206 2048 Bytes 29.05.2015 11:45:29
LOCAL001.VDF : 8.11.235.206 132153344 Bytes 29.05.2015 11:46:04
Engineversion : 8.3.30.38
AEVDF.DLL : 8.3.1.6 133992 Bytes 24.09.2014 10:44:20
AESCRIPT.DLL : 8.2.2.66 572272 Bytes 26.05.2015 15:04:32
AESCN.DLL : 8.3.2.10 142456 Bytes 12.05.2015 21:36:58
AESBX.DLL : 8.2.21.0 1622072 Bytes 26.05.2015 15:04:32
AERDL.DLL : 8.2.1.20 731040 Bytes 11.02.2015 23:57:53
AEPACK.DLL : 8.4.0.80 793728 Bytes 26.05.2015 15:04:32
AEOFFICE.DLL : 8.3.1.22 363376 Bytes 24.04.2015 15:09:42
AEMOBILE.DLL : 8.1.7.2 281720 Bytes 24.04.2015 15:09:47
AEHEUR.DLL : 8.1.4.1702 8398760 Bytes 26.05.2015 15:04:32
AEHELP.DLL : 8.3.2.0 281456 Bytes 19.03.2015 19:45:28
AEGEN.DLL : 8.1.7.40 456608 Bytes 19.12.2014 14:39:49
AEEXP.DLL : 8.4.2.88 266296 Bytes 12.05.2015 21:36:58
AEEMU.DLL : 8.1.3.4 399264 Bytes 24.09.2014 10:44:20
AEDROID.DLL : 8.4.3.116 1050536 Bytes 10.03.2015 19:02:24
AECORE.DLL : 8.3.6.2 243624 Bytes 26.05.2015 15:04:30
AEBB.DLL : 8.1.2.0 60448 Bytes 24.09.2014 10:44:20
AVWINLL.DLL : 15.0.10.236 25904 Bytes 05.05.2015 09:09:22
AVPREF.DLL : 15.0.10.236 52984 Bytes 05.05.2015 09:09:26
AVREP.DLL : 15.0.10.236 220464 Bytes 05.05.2015 09:09:26
AVARKT.DLL : 15.0.10.296 228088 Bytes 05.05.2015 09:09:23
AVEVTLOG.DLL : 15.0.10.296 194296 Bytes 05.05.2015 09:09:24
SQLITE3.DLL : 15.0.10.236 456440 Bytes 05.05.2015 09:09:36
AVSMTP.DLL : 15.0.10.236 78128 Bytes 05.05.2015 09:09:27
NETNT.DLL : 15.0.10.236 16120 Bytes 05.05.2015 09:09:34
CommonImageRc.dll: 15.0.10.236 4355376 Bytes 05.05.2015 09:09:22
CommonTextRc.DLL: 15.0.10.270 70904 Bytes 05.05.2015 09:09:22
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 1. Juni 2015 21:26
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Versteckter Thread
\Device\HarddiskV
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '177' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '12' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'OfficeClickToRun.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SUSSoundProxy.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhostex.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '207' Modul(e) wurden durchsucht
Durchsuche Prozess 'NetworkClient.EXE' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVD10Serv.EXE' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIO Clip.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'esrv.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBVolumeWatcher.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'vuagent.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhotoshopElementsFileAgent.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'esrv_svc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCPerfService.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vim.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'vim.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSystemTray.exe' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCAgent.exe' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2355' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\swapfile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Ende des Suchlaufs: Montag, 1. Juni 2015 23:48
Benötigte Zeit: 2:22:42 Stunde(n)
Der Suchlauf wurde abgebrochen!
19467 Verzeichnisse wurden überprüft
434466 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
434465 Dateien ohne Befall
5669 Archive wurden durchsucht
1 Warnungen
0 Hinweise
996 Objekte wurden beim Rootkitscan durchsucht
2 Versteckte Objekte wurden gefunden
Eine andere Sache, die ich nicht wirklich einschätzen kann, ist, dass bei der vorinstallierten App des Audiorecorders im Task-Manager bei den Eigenschaften unter Sicherheit zwei Unbekannte Konten mit einer langen Zahlenfolge hintendran gelistet sind. Das habe ich sonst bei keinem anderen Prozess gefunden. Ich weiß auch nicht wirklich wie der Virus auf meinen Laptop kommen konnte, da ich zu der Zeit des Fundes nur den Google Übersetzer und Youtube verwendet habe (man braucht doch schon eine große Sicherheitslücke, damit einfach so ein Virus auf den PC landen kann oder?) und der Echtzeitscanner doch nicht aufeinmal ein Virus findet, das schon länger aktiv ist oder? Ich wollte einfach mal eine fachkundige Meinung einholen, ob mein PC nun sauber und insbesondere sicher ist oder ob noch etwas zu machen wäre, insbesondere weil ich in einem anderen Thread gelesen habe, dass man bei einem Backdoorbefall eigentlich direkt Neuaufsetzen sollte. Vielen Dank schon einmal im Voraus! |
|
05.06.2015, 11:59
| #2 |
| | Windows 8: Backdoorfund von Avira-Echtzeitscanner Hier sind noch die Scans von GMER und FRST.
__________________FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Lukas (administrator) on LUKAS-PC on 05-06-2015 11:32:00
Running from C:\Users\Lukas\Desktop
Loaded Profiles: UpdatusUser & Lukas (Available Profiles: UpdatusUser & Lukas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2346008 2013-10-01] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
URLSearchHook: [S-1-5-21-2200920533-3107399475-823698359-1001] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2200920533-3107399475-823698359-1002 -> {7E31E309-3083-4067-A35A-3482255781B5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default
FF Homepage: uni-bamberg.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-06-25] (Sony Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default\Extensions\abs@avira.com [2015-05-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor12.0; c:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-03] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 11:32 - 2015-06-05 11:32 - 00017740 _____ C:\Users\Lukas\Desktop\FRST.txt
2015-06-05 11:31 - 2015-06-05 11:32 - 00000000 ____D C:\FRST
2015-06-05 11:31 - 2015-06-05 11:31 - 02108928 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-06-05 11:17 - 2015-06-05 11:17 - 00000000 ____D C:\Users\Lukas\AppData\Local\GWX
2015-05-27 11:13 - 2015-05-27 11:13 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00626888 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-05-27 11:13 - 2015-05-27 11:13 - 00419528 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00267976 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00249032 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo27.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00042696 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-05-24 23:49 - 2015-05-24 23:49 - 00007597 _____ C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2015-05-16 15:54 - 2015-05-16 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-13 23:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 23:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:02 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 22:02 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 22:02 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 22:02 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 21:56 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:56 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:56 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 21:56 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 21:56 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 21:56 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 21:56 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 21:56 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 21:56 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 21:56 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 21:56 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 21:56 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 21:56 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 21:55 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:55 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:55 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:55 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:55 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:55 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:55 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:55 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:55 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 21:55 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:55 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:55 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 21:55 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:55 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:55 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 21:55 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:55 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:55 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 21:55 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:55 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 21:55 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:55 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:55 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:55 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:55 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:55 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:55 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:55 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:55 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 21:55 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 21:55 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 21:55 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:55 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:55 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:55 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 21:55 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 21:55 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 21:55 - 2015-03-13 02:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-12 21:55 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:55 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:55 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:55 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 21:55 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:55 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 21:38 - 2015-05-12 21:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-05 11:24 - 2014-01-26 15:49 - 01176624 _____ C:\Windows\WindowsUpdate.log
2015-06-05 11:22 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-05 11:18 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-05 11:11 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-04 14:51 - 2014-10-11 14:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-04 13:44 - 2014-10-05 23:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2200920533-3107399475-823698359-1002
2015-06-04 13:25 - 2014-10-11 13:45 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\vlc
2015-06-01 23:58 - 2013-08-22 16:46 - 00028898 _____ C:\Windows\setupact.log
2015-06-01 23:58 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-01 23:52 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-01 21:17 - 2014-11-04 23:00 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\dvdcss
2015-06-01 21:15 - 2014-01-26 15:44 - 00020526 _____ C:\Windows\DPINST.LOG
2015-06-01 21:14 - 2013-08-22 16:44 - 00686496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 21:13 - 2015-03-25 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-01 21:13 - 2013-09-13 23:00 - 00396896 _____ C:\Windows\PFRO.log
2015-06-01 18:49 - 2014-10-15 11:32 - 00000000 ____D C:\Users\Lukas\Downloads\VC
2015-06-01 18:43 - 2015-03-05 17:09 - 00000000 ____D C:\ProgramData\Synaptics
2015-05-27 11:13 - 2013-10-29 05:31 - 00764104 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-05-26 00:01 - 2014-10-15 11:33 - 00000000 ____D C:\Users\Lukas\Downloads\Sonstiges
2015-05-25 23:39 - 2014-10-19 14:30 - 00000000 ____D C:\Users\Lukas\Documents\Bafög
2015-05-25 21:54 - 2014-01-27 00:26 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-05-25 21:54 - 2014-01-27 00:26 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-05-25 21:54 - 2013-09-13 23:06 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-25 19:44 - 2014-10-23 18:36 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2015-05-25 19:44 - 2014-01-26 15:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 18:47 - 2014-10-09 16:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-16 15:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-05-14 01:27 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-13 21:49 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 00:45 - 2014-10-19 19:47 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 00:42 - 2014-10-19 19:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 00:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-05-13 00:38 - 2015-01-25 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:05 - 2013-08-22 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-12 21:38 - 2014-01-26 16:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2015-05-24 23:49 - 2015-05-24 23:49 - 0007597 _____ () C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2014-01-26 15:45 - 2014-01-26 15:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\avgnt.exe
C:\Users\Lukas\AppData\Local\Temp\COMAP.EXE
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-17 16:15
==================== End of log ============================
Addition.txt [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Lukas at 2015-06-05 11:32:54
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2200920533-3107399475-823698359-500 - Administrator - Disabled)
Gast (S-1-5-21-2200920533-3107399475-823698359-501 - Limited - Disabled)
Lukas (S-1-5-21-2200920533-3107399475-823698359-1002 - Administrator - Enabled) => C:\Users\Lukas
UpdatusUser (S-1-5-21-2200920533-3107399475-823698359-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acoustica SE 4.1 (HKLM-x32\...\Acoustica SE_is1) (Version: 4.1 - Acon Digital Media GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3202 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5804.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.2.0.10110 - Sony Corporation)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{4065415E-A05E-4555-B527-CEF9F165B8BC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.153 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.153 - MAGIX Software GmbH) Hidden
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 327.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.39 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.5.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PlayMemories Home (HKLM-x32\...\{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}) (Version: 8.0.02.10010 - Sony Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
Recorder-Studio SE 1.0 (HKLM-x32\...\Recorder-Studio SE_is1) (Version: 1.0 - BHV Software GmbH & Co. KG)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.1.0.09260 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{7BF64721-B4E0-4CBC-8D4B-E9E6A8590521}) (Version: 1.1.3.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.0.09260 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.4.1.13060 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.12.0.07300 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.5.0.09250 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.5.0.09250 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.3.00.10220 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 3.0.0.08080 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.00.10240 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.3.00.10240 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{E54A5A2B-E06C-41A6-A0DE-04C5AA4B415C}) (Version: 1.0.1.10240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x64 (Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E2DE56-6195-4219-97FA-C02DB560B2DF} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {03CB2651-7B56-4475-AC70-F3456D9EE678} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {06AE4280-390E-4D41-B421-097EE5192256} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {211C0199-F456-42F3-82BD-1B971E5C432B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-08-14] (Sony Corporation)
Task: {291763B2-BB16-4667-9FAA-8350B93A117A} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2D1E425F-7D3E-4B21-A676-3775B76485F5} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {30CAF148-43B4-48C0-A784-AA497FD40ECE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-07-05] (Sony Corporation)
Task: {353297FB-B5BA-4320-A202-818227306558} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {375A5AAB-64B4-4378-95CC-51CAD5A86FF4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3EE9E4F6-FE5E-43AF-B733-59265B9D5B7B} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4EA139A3-52C8-485A-AAD2-ACC92E97D882} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {527175CC-7D76-431B-803F-622F38833063} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {597C0513-1CE4-4DAE-9145-C3C7938A101D} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserConected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {5C5DFD80-2EFB-4D21-81C6-EC7A711E3973} - System32\Tasks\PDVDServ Task => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.EXE [2013-03-19] (CyberLink Corp.)
Task: {5E56C47A-7F6C-422A-83C3-D0D78ED7D9EE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5E81E348-9850-4D69-8DE4-8B4DD966A474} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {61379401-D2D2-409A-89BA-ED1EAFB4A3F9} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {7308AA49-AD51-460B-A128-7DC5C96533C3} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserDisconected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {74A87D5C-4A13-4B73-89C0-07F1EF8454E9} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {8D8D6B91-3297-4C25-829B-D4F1FEA8CA3C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {9309103C-41C0-4C9E-BC1A-FF1DA085C568} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {995FD0C4-4B92-4BE5-A323-4EA532D769E9} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9ADDCB66-46AB-4F9C-AA53-381B18D689AB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {A1E48529-6AC6-40CD-9782-6DFE07AAAABA} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A6933DF9-81D2-42E2-9B3F-A45268AAA2F5} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {A91A03C9-22B3-4609-B0E5-D809A7DE84BB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {BAD95FB4-AB1A-4F99-B236-5FB96CEDC5E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {BB668D66-4C7E-4D07-B590-8E6CC6003BE3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C2C4D164-ED37-4F33-BC9E-8FC2DA21FFCA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C6E1C42F-8112-497F-97B5-F7C47CB777D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {C7633A92-09AE-43DA-8B63-3F5B8A311D37} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {C85A2D48-F2AE-42F4-AB63-E1A763420AEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C9012A95-8E78-46DF-8A88-550E9BB1F42D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {D339AD84-73E7-4662-B42B-A70577E5FC51} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-04-25] (CyberLink Corp.)
Task: {D3F1B05A-5EC3-49A9-A6BE-A1F7B46799E5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {DC1F8240-23B1-40E2-AB19-7F8EB3038958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E27666EA-543E-49A7-8CFA-024B9058B9C9} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E2977F39-332C-4B77-A032-FA697E7203B5} - System32\Tasks\Sony Corporation\VAIO Care\DeployVAIOManual => %ProgramData%\Sony Corporation\VAIO Care\VAIOUserGuideUpdate.exe
Task: {EEC8D213-B8C3-4F97-B0BD-3F0B83F33F0B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {F08A71E5-3F8A-4D79-B7B1-EED6257CC771} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {FB993DA0-820A-41B1-A7A2-A6184DDA44AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2013-09-25 15:20 - 2013-09-25 15:20 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-11-05 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-26 15:49 - 2013-10-30 04:18 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-19 11:21 - 2013-11-19 11:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-01-26 15:43 - 2013-09-18 04:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Bluetooth"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B9218B80-AD4F-475D-A463-C4C1F49B79C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{32844DDA-B49A-424B-99F0-BDAEFCD47D01}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{564A4495-198F-49A1-8DF4-775C99374901}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6C092FD2-8F10-47DD-AC94-985A5B5B0DFB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{67DD2A88-3679-48E2-A4C8-B99CCCB3E803}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B75CC025-1550-4578-8185-770F27B01BE8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D0824176-837A-4A14-B83B-6B76C2C125BE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F6027EAC-0F61-40CE-836B-8FB0D72625B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9B9A5E79-6565-4D68-AC59-127FFAC0A1F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB93AF72-0D6B-4B9C-ADFE-74FECB4EA655}] => (Allow) LPort=2869
FirewallRules: [{7AB19AFC-8C6D-4580-A46B-5B3100261584}] => (Allow) LPort=1900
FirewallRules: [{3737352A-868A-4A3C-9377-D0B4B964E1DE}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015\Videodeluxe.exe
FirewallRules: [{2A431B48-FF61-403F-9E94-5F7159E43361}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EC994205-45FE-41B5-AA58-0542C9C7374C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{68B879E3-FD87-4CDC-A4C1-C0F68615CEB5}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{A58FF69F-03E6-45B0-BDDA-EC86F5EE8996}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{DC787676-6CFF-4CA2-9947-FAFEAF334ECC}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{C3AC2A96-0F48-4CF2-8100-42F9EF076282}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1553058-B131-4682-BB6C-369BBD9AD98D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D47F3AA0-E43A-4184-8C63-751C24486B69}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{81500139-6DD1-4049-8A04-AB77384F5F7C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{10A30411-A2AB-4DF6-9B22-EB500571E6C5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2015 11:16:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/04/2015 03:00:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 03:00:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:59:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:59:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:58:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:58:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:57:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:57:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:56:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
System errors:
=============
Error: (06/01/2015 11:57:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062
Error: (06/01/2015 11:57:36 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {B3E53F1A-1C31-4A43-A66D-321FA322BCE7}
Error: (06/01/2015 11:52:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {B3E53F1A-1C31-4A43-A66D-321FA322BCE7}
Error: (06/01/2015 07:02:20 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {B3E53F1A-1C31-4A43-A66D-321FA322BCE7}
Error: (05/25/2015 11:59:51 PM) (Source: DCOM) (EventID: 10010) (User: Lukas-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/23/2015 07:22:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Erkennung interaktiver Dienste" wurde mit folgendem Fehler beendet:
%%1
Error: (05/18/2015 08:30:16 PM) (Source: DCOM) (EventID: 10010) (User: Lukas-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (05/17/2015 11:34:25 PM) (Source: DCOM) (EventID: 10010) (User: Lukas-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/17/2015 09:54:02 PM) (Source: DCOM) (EventID: 10010) (User: Lukas-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (05/17/2015 08:19:27 PM) (Source: DCOM) (EventID: 10010) (User: Lukas-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Microsoft Office:
=========================
Error: (06/05/2015 11:16:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/04/2015 03:00:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 03:00:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:59:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:59:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:58:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:58:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:57:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:57:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/04/2015 02:56:08 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 27%
Total physical RAM: 8103.8 MB
Available physical RAM: 5839.21 MB
Total Pagefile: 9383.8 MB
Available Pagefile: 7188.27 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:904.44 GB) (Free:833.98 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A582497)
Partition: GPT Partition Type.
==================== End of log ============================
GMER.txt Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-06-05 11:44:21
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000029 WDC_WD10JPVX-55JC3T3 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Lukas\AppData\Local\Temp\kglcapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffc409e3e10 7 bytes JMP 00007ffd404e02d0
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 00007ffc409e3e20 7 bytes JMP 00007ffd404e0308
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 00007ffc40a939b0 7 bytes JMP 00007ffd404e03b0
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 00007ffc40a93ef0 7 bytes JMP 00007ffd404e0340
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 00007ffc40a93fe0 7 bytes JMP 00007ffd404e0378
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffc40ac06c0 7 bytes JMP 00007ffd404e0228
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffc40ac0730 7 bytes JMP 00007ffd404e0298
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007ffc40ac0760 7 bytes JMP 00007ffd404e0260
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 00007ffc405421d0 5 bytes JMP 00007ffd404e0180
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 00007ffc405429d0 7 bytes JMP 00007ffd404e00d8
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffc40544310 5 bytes JMP 00007ffd404e0110
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 00007ffc40548d80 5 bytes JMP 00007ffd404e0148
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\USER32.dll!CreateWindowExW 00007ffc42b06d90 10 bytes JMP 00007ffd404e0490
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 00007ffc42b174a0 5 bytes JMP 00007ffd404e0458
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffc42b17560 1 byte JMP 00007ffd404e03e8
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 00007ffc42b17562 7 bytes {JMP 0xfffffffffd9c8e88}
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 00007ffc42b26b10 5 bytes JMP 00007ffd404e0420
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffc40881500 8 bytes JMP 00007ffd404e01b8
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffc40881750 8 bytes JMP 00007ffd404e01f0
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\System32\dxgi.dll!CreateDXGIFactory 00007ffc3e207750 5 bytes JMP 00007ffd3e1f00d8
.text C:\Windows\System32\dwm.exe[3040] C:\Windows\System32\dxgi.dll!CreateDXGIFactory1 00007ffc3e208ee0 5 bytes JMP 00007ffd3e1f0110
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [2780:2320] fffff9600086c2d0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
05.06.2015, 12:15
| #3 |
| /// the machine /// TB-Ausbilder    | Windows 8: Backdoorfund von Avira-Echtzeitscanner hi,
__________________Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
05.06.2015, 13:10
| #4 |
| | Windows 8: Backdoorfund von Avira-Echtzeitscanner Nach dem Entpacken von Malwarebytes Anti-Rootkit kommt folgendes Fenster: "Probable rootkit activity detected: Rootkit value "AppInit_Dlls" has been found, which may be cuased by rootkit activity. Note: Rpess "No" button if you're not sure. If the tool chrashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appear again. Do you want to remove this value and restart the tool?" Beide Scans sind negativ ausgefallen. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.06.05.02
rootkit: v2015.06.02.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17801
Lukas :: LUKAS-PC [administrator]
05.06.2015 13:34:47
mbar-log-2015-06-05 (13-34-47).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 431396
Time elapsed: 24 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
TDSSKiller: Code:
ATTFilter 14:04:41.0269 0x169c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:04:41.0269 0x169c UEFI system
14:04:45.0141 0x169c ============================================================
14:04:45.0141 0x169c Current date / time: 2015/06/05 14:04:45.0141
14:04:45.0141 0x169c SystemInfo:
14:04:45.0141 0x169c
14:04:45.0141 0x169c OS Version: 6.3.9600 ServicePack: 0.0
14:04:45.0141 0x169c Product type: Workstation
14:04:45.0141 0x169c ComputerName: LUKAS-PC
14:04:45.0141 0x169c UserName: Lukas
14:04:45.0141 0x169c Windows directory: C:\Windows
14:04:45.0141 0x169c System windows directory: C:\Windows
14:04:45.0141 0x169c Running under WOW64
14:04:45.0141 0x169c Processor architecture: Intel x64
14:04:45.0141 0x169c Number of processors: 4
14:04:45.0141 0x169c Page size: 0x1000
14:04:45.0141 0x169c Boot type: Normal boot
14:04:45.0141 0x169c ============================================================
14:04:45.0737 0x169c KLMD registered as C:\Windows\system32\drivers\14319028.sys
14:04:46.0619 0x169c System UUID: {BD2D7522-210C-B3D0-614A-30C426497CAA}
14:04:47.0309 0x169c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:04:47.0314 0x169c ============================================================
14:04:47.0314 0x169c \Device\Harddisk0\DR0:
14:04:47.0315 0x169c GPT partitions:
14:04:47.0316 0x169c \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {F4019732-066E-4E12-8273-346C5641494F}, UniqueGUID: {2A01616C-32B3-46AD-A05B-8BF5DA1B3F39}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x1E5000
14:04:47.0316 0x169c \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C95F10B8-B12A-424A-A198-4E60AF6EE2D0}, Name: Basic data partition, StartLBA 0x1E5800, BlocksNum 0x1A4000
14:04:47.0316 0x169c \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BA8483E4-16E0-4A8C-AE88-F1F4BE7755E6}, Name: EFI system partition, StartLBA 0x389800, BlocksNum 0x82000
14:04:47.0316 0x169c \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AB45A862-11F3-4DE6-AFAE-B6172A7BA34C}, Name: Microsoft reserved partition, StartLBA 0x40B800, BlocksNum 0x40000
14:04:47.0316 0x169c \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {4C5A2987-1C95-4416-A8C0-0E13C6B6BC9E}, Name: Basic data partition, StartLBA 0x44B800, BlocksNum 0x710E0000
14:04:47.0316 0x169c \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {F0C314AF-3358-4B08-B1FF-084D8E620E13}, Name: Basic data partition, StartLBA 0x7152B800, BlocksNum 0x31DB000
14:04:47.0316 0x169c MBR partitions:
14:04:47.0316 0x169c ============================================================
14:04:47.0332 0x169c C: <-> \Device\Harddisk0\DR0\Partition5
14:04:47.0332 0x169c ============================================================
14:04:47.0332 0x169c Initialize success
14:04:47.0332 0x169c ============================================================
14:05:39.0807 0x1768 ============================================================
14:05:39.0807 0x1768 Scan started
14:05:39.0807 0x1768 Mode: Manual; SigCheck; TDLFS;
14:05:39.0807 0x1768 ============================================================
14:05:39.0807 0x1768 KSN ping started
14:05:42.0197 0x1768 KSN ping finished: true
14:05:43.0325 0x1768 ================ Scan system memory ========================
14:05:43.0325 0x1768 System memory - ok
14:05:43.0325 0x1768 ================ Scan services =============================
14:05:43.0497 0x1768 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
14:05:43.0669 0x1768 1394ohci - ok
14:05:43.0716 0x1768 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
14:05:43.0731 0x1768 3ware - ok
14:05:43.0778 0x1768 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:05:43.0825 0x1768 ACPI - ok
14:05:43.0825 0x1768 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
14:05:43.0841 0x1768 acpiex - ok
14:05:43.0856 0x1768 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
14:05:43.0887 0x1768 acpipagr - ok
14:05:43.0887 0x1768 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
14:05:43.0950 0x1768 AcpiPmi - ok
14:05:43.0950 0x1768 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
14:05:43.0981 0x1768 acpitime - ok
14:05:44.0106 0x1768 [ 430C19CB511FD6E0DDCD44B42B1810DA, 2EE9FFB0B6DEC653327D8932EC731D81FF86C64A67CD37AABD2022CF04AA487C ] AdobeActiveFileMonitor12.0 c:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
14:05:44.0122 0x1768 AdobeActiveFileMonitor12.0 - ok
14:05:44.0184 0x1768 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:05:44.0200 0x1768 AdobeARMservice - ok
14:05:44.0278 0x1768 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:05:44.0309 0x1768 AdobeFlashPlayerUpdateSvc - ok
14:05:44.0356 0x1768 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
14:05:44.0403 0x1768 ADP80XX - ok
14:05:44.0450 0x1768 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:05:44.0481 0x1768 AeLookupSvc - ok
14:05:44.0528 0x1768 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\Windows\system32\drivers\afd.sys
14:05:44.0591 0x1768 AFD - ok
14:05:44.0622 0x1768 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:05:44.0637 0x1768 agp440 - ok
14:05:44.0669 0x1768 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
14:05:44.0716 0x1768 ahcache - ok
14:05:44.0731 0x1768 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
14:05:44.0778 0x1768 ALG - ok
14:05:44.0809 0x1768 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
14:05:44.0856 0x1768 AmdK8 - ok
14:05:44.0888 0x1768 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
14:05:44.0919 0x1768 AmdPPM - ok
14:05:44.0934 0x1768 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:05:44.0950 0x1768 amdsata - ok
14:05:44.0981 0x1768 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:05:45.0012 0x1768 amdsbs - ok
14:05:45.0012 0x1768 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:05:45.0028 0x1768 amdxata - ok
14:05:45.0122 0x1768 [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
14:05:45.0153 0x1768 AntiVirMailService - ok
14:05:45.0200 0x1768 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:05:45.0216 0x1768 AntiVirSchedulerService - ok
14:05:45.0262 0x1768 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:05:45.0278 0x1768 AntiVirService - ok
14:05:45.0325 0x1768 [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
14:05:45.0372 0x1768 AntiVirWebService - ok
14:05:45.0388 0x1768 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
14:05:45.0466 0x1768 AppID - ok
14:05:45.0513 0x1768 [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:05:45.0559 0x1768 AppIDSvc - ok
14:05:45.0591 0x1768 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll
14:05:45.0653 0x1768 Appinfo - ok
14:05:45.0700 0x1768 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
14:05:45.0794 0x1768 AppReadiness - ok
14:05:45.0903 0x1768 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
14:05:46.0028 0x1768 AppXSvc - ok
14:05:46.0091 0x1768 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:05:46.0106 0x1768 arcsas - ok
14:05:46.0122 0x1768 [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:05:46.0153 0x1768 AsyncMac - ok
14:05:46.0169 0x1768 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
14:05:46.0184 0x1768 atapi - ok
14:05:46.0325 0x1768 [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr C:\Windows\system32\DRIVERS\athw8x.sys
14:05:46.0512 0x1768 athr - ok
14:05:46.0544 0x1768 [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
14:05:46.0606 0x1768 AudioEndpointBuilder - ok
14:05:46.0669 0x1768 [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:05:46.0747 0x1768 Audiosrv - ok
14:05:46.0778 0x1768 [ 43B6D229C7DBA9F0FC0FC0C318DB5350, F5A525DBD71FC4A323E92839C6D27F323FB304B7E9FFA35E89E9B419570AA4C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:05:46.0825 0x1768 avgntflt - ok
14:05:46.0856 0x1768 [ 626D1BAD7A1975A8FEE8876A8AD0EEA7, 59772746A2DF3B7E8D021756B8A64569AC8468CA1C802EB594494224354F1E60 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:05:46.0872 0x1768 avipbb - ok
14:05:46.0887 0x1768 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:05:46.0887 0x1768 avkmgr - ok
14:05:46.0919 0x1768 [ 83586138F23A4C284EB68AFC852D7AFA, 9ADE8924B4518ED0A8E3FC4CC3F9964BC05B5FF67F230A7FD0BDABCFFA0BB0C8 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
14:05:46.0934 0x1768 avnetflt - ok
14:05:46.0966 0x1768 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:05:47.0028 0x1768 AxInstSV - ok
14:05:47.0075 0x1768 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:05:47.0106 0x1768 b06bdrv - ok
14:05:47.0138 0x1768 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
14:05:47.0184 0x1768 BasicDisplay - ok
14:05:47.0216 0x1768 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
14:05:47.0309 0x1768 BasicRender - ok
14:05:47.0341 0x1768 [ 70433F7A216BD0B5EC7DA1202EE53E65, 12F3210EC5546714B34225770242F5CF4AC36032BB49A8E8989620BA274AC505 ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
14:05:47.0372 0x1768 bcbtums - ok
14:05:47.0653 0x1768 [ 07D70212F6D84D8ADC351AB13C860673, 525DC6139BE6D682762228D383FD1CABDA2B423574226E5F44897B7FBBF8D1DB ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl63a.sys
14:05:47.0950 0x1768 BCM43XX - ok
14:05:48.0059 0x1768 [ 18B186BCC56EC611DE519CBA7D4F65B0, 6F2520AAFDAA4208717DCD121527911D580727C5A6B8C4C7F07C4155C4D8662D ] BcmBtRSupport C:\Windows\system32\BtwRSupportService.exe
14:05:48.0137 0x1768 BcmBtRSupport - ok
14:05:48.0169 0x1768 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
14:05:48.0184 0x1768 bcmfn2 - ok
14:05:48.0231 0x1768 [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC C:\Windows\System32\bdesvc.dll
14:05:48.0309 0x1768 BDESVC - ok
14:05:48.0341 0x1768 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
14:05:48.0388 0x1768 Beep - ok
14:05:48.0450 0x1768 [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE C:\Windows\System32\bfe.dll
14:05:48.0528 0x1768 BFE - ok
14:05:48.0606 0x1768 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
14:05:48.0684 0x1768 BITS - ok
14:05:48.0700 0x1768 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:05:48.0747 0x1768 bowser - ok
14:05:48.0794 0x1768 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
14:05:48.0888 0x1768 BrokerInfrastructure - ok
14:05:48.0919 0x1768 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
14:05:48.0997 0x1768 Browser - ok
14:05:49.0028 0x1768 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
14:05:49.0059 0x1768 BthAvrcpTg - ok
14:05:49.0091 0x1768 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
14:05:49.0153 0x1768 BthEnum - ok
14:05:49.0184 0x1768 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
14:05:49.0216 0x1768 BthHFEnum - ok
14:05:49.0247 0x1768 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
14:05:49.0263 0x1768 bthhfhid - ok
14:05:49.0309 0x1768 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
14:05:49.0372 0x1768 BthHFSrv - ok
14:05:49.0419 0x1768 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\Windows\System32\drivers\BthLEEnum.sys
14:05:49.0481 0x1768 BthLEEnum - ok
14:05:49.0513 0x1768 [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
14:05:49.0544 0x1768 BTHMODEM - ok
14:05:49.0575 0x1768 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\Windows\System32\drivers\bthpan.sys
14:05:49.0638 0x1768 BthPan - ok
14:05:49.0716 0x1768 [ C37F4930795B771400C63C3C87E7A6C2, 0D0F54184B2DAA45F646E4F69B85C4411E8DFA88EB4763BB0F386055A420F217 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:05:49.0794 0x1768 BTHPORT - ok
14:05:49.0809 0x1768 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
14:05:49.0872 0x1768 bthserv - ok
14:05:49.0903 0x1768 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:05:49.0919 0x1768 BTHUSB - ok
14:05:49.0950 0x1768 [ 20C8EB70C0B179DF06A01CA503F4A824, 1C2DADCBC5D85C1D4F6A28B7F374C829E6DCE0EB720EBDA43CF6AC0AC934AA5E ] btwampfl C:\Windows\system32\DRIVERS\btwampfl.sys
14:05:49.0966 0x1768 btwampfl - ok
14:05:49.0997 0x1768 [ 49665DD72F8DB515AB51D04984DB1D38, 8ABE06213D11309E6A2A6C21223852C33E28B4C9A5E9E6CAE20D4F6142F153F2 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:05:50.0075 0x1768 btwaudio - ok
14:05:50.0106 0x1768 [ 1611FFAFBB372A3BDA5ABDA3F9202882, D491A4F0F59B5C8779169C853F6CF27D13B59135335CCE243D3A54052B7B97A8 ] btwavdt C:\Windows\System32\drivers\btwavdt.sys
14:05:50.0122 0x1768 btwavdt - ok
14:05:50.0216 0x1768 [ D90264CCC8D627F5ADD89C8565331A19, A9597DA9B6C89F8CE2CF7C3F69365074045B9D9422F29BBB7A4AF7EA93DECFE3 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:05:50.0263 0x1768 btwdins - ok
14:05:50.0309 0x1768 [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:05:50.0325 0x1768 btwl2cap - ok
14:05:50.0356 0x1768 [ BF79442906F4BB3DC4A81EA6B82EAD60, 2B67731D1C43C83A19CDC4ACE9605C9F3DA7347CC64C420DD00F8828227E939F ] btwrchid C:\Windows\System32\drivers\btwrchid.sys
14:05:50.0356 0x1768 btwrchid - ok
14:05:50.0372 0x1768 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:05:50.0403 0x1768 cdfs - ok
14:05:50.0434 0x1768 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
14:05:50.0466 0x1768 cdrom - ok
14:05:50.0497 0x1768 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
14:05:50.0575 0x1768 CertPropSvc - ok
14:05:50.0591 0x1768 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
14:05:50.0606 0x1768 circlass - ok
14:05:50.0653 0x1768 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys
14:05:50.0700 0x1768 CLFS - ok
14:05:51.0153 0x1768 [ 42C5B8010D47EF3F4BAE6D1B427E80F4, 721C24522C43D50081EA01FD521D68EB365B91561CCF2E7AD1F091FBD61E67FB ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
14:05:51.0247 0x1768 ClickToRunSvc - ok
14:05:51.0294 0x1768 [ 3E76A1547F2448BCEE3D2F4AE3931AB5, 31B41723FAA4210A86B1AE02D6C052BD8B738C4B89FB0177C1AE997D24BA5B8C ] CLVirtualDrive C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
14:05:51.0325 0x1768 CLVirtualDrive - ok
14:05:51.0341 0x1768 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
14:05:51.0372 0x1768 CmBatt - ok
14:05:51.0481 0x1768 [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG C:\Windows\system32\Drivers\cng.sys
14:05:51.0513 0x1768 CNG - ok
14:05:51.0528 0x1768 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
14:05:51.0559 0x1768 CompositeBus - ok
14:05:51.0559 0x1768 COMSysApp - ok
14:05:51.0575 0x1768 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
14:05:51.0606 0x1768 condrv - ok
14:05:51.0747 0x1768 [ 83F11F478C44A6617EA4661824920E62, 19EE2C93907299D0584164403E344D519083EB4D7B5FFAFF980A8F0421B188D2 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
14:05:51.0794 0x1768 cphs - ok
14:05:51.0825 0x1768 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:05:51.0919 0x1768 CryptSvc - ok
14:05:51.0950 0x1768 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
14:05:51.0966 0x1768 dam - ok
14:05:52.0028 0x1768 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:05:52.0106 0x1768 DcomLaunch - ok
14:05:52.0169 0x1768 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
14:05:52.0263 0x1768 defragsvc - ok
14:05:52.0309 0x1768 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
14:05:52.0356 0x1768 DeviceAssociationService - ok
14:05:52.0388 0x1768 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
14:05:52.0450 0x1768 DeviceInstall - ok
14:05:52.0497 0x1768 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
14:05:52.0559 0x1768 Dfsc - ok
14:05:52.0606 0x1768 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
14:05:52.0700 0x1768 Dhcp - ok
14:05:52.0778 0x1768 [ 9703EC57F5BBB94F89CA80A5D0C12221, 29639F73AA86AA42401A1DB0AF4E76012E617879EC03AD7591210164BA105EBF ] DiagTrack C:\Windows\system32\diagtrack.dll
14:05:52.0841 0x1768 DiagTrack - ok
14:05:52.0872 0x1768 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
14:05:52.0888 0x1768 disk - ok
14:05:52.0888 0x1768 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
14:05:52.0966 0x1768 dmvsc - ok
14:05:52.0997 0x1768 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:05:53.0044 0x1768 Dnscache - ok
14:05:53.0075 0x1768 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
14:05:53.0122 0x1768 dot3svc - ok
14:05:53.0169 0x1768 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS C:\Windows\system32\dps.dll
14:05:53.0200 0x1768 DPS - ok
14:05:53.0216 0x1768 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:05:53.0247 0x1768 drmkaud - ok
14:05:53.0294 0x1768 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
14:05:53.0341 0x1768 DsmSvc - ok
14:05:53.0419 0x1768 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:05:53.0497 0x1768 DXGKrnl - ok
14:05:53.0528 0x1768 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
14:05:53.0575 0x1768 Eaphost - ok
14:05:53.0716 0x1768 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:05:53.0888 0x1768 ebdrv - ok
14:05:53.0934 0x1768 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
14:05:53.0966 0x1768 EFS - ok
14:05:53.0966 0x1768 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
14:05:53.0981 0x1768 EhStorClass - ok
14:05:53.0997 0x1768 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
14:05:54.0028 0x1768 EhStorTcgDrv - ok
14:05:54.0028 0x1768 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
14:05:54.0059 0x1768 ErrDev - ok
14:05:54.0122 0x1768 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
14:05:54.0216 0x1768 EventSystem - ok
14:05:54.0247 0x1768 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
14:05:54.0325 0x1768 exfat - ok
14:05:54.0356 0x1768 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:05:54.0372 0x1768 fastfat - ok
14:05:54.0419 0x1768 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
14:05:54.0513 0x1768 Fax - ok
14:05:54.0544 0x1768 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
14:05:54.0575 0x1768 fdc - ok
14:05:54.0606 0x1768 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
14:05:54.0653 0x1768 fdPHost - ok
14:05:54.0684 0x1768 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
14:05:54.0716 0x1768 FDResPub - ok
14:05:54.0747 0x1768 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
14:05:54.0809 0x1768 fhsvc - ok
14:05:54.0841 0x1768 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:05:54.0856 0x1768 FileInfo - ok
14:05:54.0888 0x1768 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:05:54.0919 0x1768 Filetrace - ok
14:05:54.0934 0x1768 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
14:05:54.0966 0x1768 flpydisk - ok
14:05:55.0028 0x1768 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:05:55.0059 0x1768 FltMgr - ok
14:05:55.0200 0x1768 [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache C:\Windows\system32\FntCache.dll
14:05:55.0309 0x1768 FontCache - ok
14:05:55.0372 0x1768 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:05:55.0388 0x1768 FontCache3.0.0.0 - ok
14:05:55.0419 0x1768 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:05:55.0434 0x1768 FsDepends - ok
14:05:55.0450 0x1768 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:05:55.0466 0x1768 Fs_Rec - ok
14:05:55.0513 0x1768 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:05:55.0559 0x1768 fvevol - ok
14:05:55.0559 0x1768 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
14:05:55.0575 0x1768 FxPPM - ok
14:05:55.0591 0x1768 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:05:55.0606 0x1768 gagp30kx - ok
14:05:55.0622 0x1768 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
14:05:55.0638 0x1768 gencounter - ok
14:05:55.0669 0x1768 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
14:05:55.0684 0x1768 GPIOClx0101 - ok
14:05:55.0763 0x1768 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll
14:05:55.0825 0x1768 gpsvc - ok
14:05:55.0888 0x1768 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:05:55.0919 0x1768 HdAudAddService - ok
14:05:55.0950 0x1768 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
14:05:55.0997 0x1768 HDAudBus - ok
14:05:56.0013 0x1768 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
14:05:56.0044 0x1768 HidBatt - ok
14:05:56.0091 0x1768 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
14:05:56.0122 0x1768 HidBth - ok
14:05:56.0153 0x1768 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
14:05:56.0184 0x1768 hidi2c - ok
14:05:56.0184 0x1768 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
14:05:56.0200 0x1768 HidIr - ok
14:05:56.0231 0x1768 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
14:05:56.0263 0x1768 hidserv - ok
14:05:56.0294 0x1768 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
14:05:56.0310 0x1768 HidUsb - ok
14:05:56.0341 0x1768 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
14:05:56.0403 0x1768 hkmsvc - ok
14:05:56.0435 0x1768 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:05:56.0497 0x1768 HomeGroupListener - ok
14:05:56.0559 0x1768 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:05:56.0591 0x1768 HomeGroupProvider - ok
14:05:56.0606 0x1768 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:05:56.0622 0x1768 HpSAMD - ok
14:05:56.0731 0x1768 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:05:56.0778 0x1768 HTTP - ok
14:05:56.0810 0x1768 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:05:56.0825 0x1768 hwpolicy - ok
14:05:56.0841 0x1768 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
14:05:56.0872 0x1768 hyperkbd - ok
14:05:56.0872 0x1768 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
14:05:56.0888 0x1768 HyperVideo - ok
14:05:56.0919 0x1768 [ D887446F3F6051C60C26F4FD1FC8D43F, A3235C64E9D5378E3409FA7CDD9DB0DD1B3CE6A6EB018F2C40558EB9C427A498 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
14:05:56.0981 0x1768 i8042prt - ok
14:05:56.0997 0x1768 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
14:05:57.0013 0x1768 iaLPSSi_GPIO - ok
14:05:57.0013 0x1768 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
14:05:57.0028 0x1768 iaLPSSi_I2C - ok
14:05:57.0059 0x1768 [ 71341219FBB4BAB7F2462C4267DAB594, 0C6B684781D27F423D20186A40D7513DD6ABC38AD286D013791B37CBF5477A55 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
14:05:57.0091 0x1768 iaStorA - ok
14:05:57.0122 0x1768 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
14:05:57.0153 0x1768 iaStorAV - ok
14:05:57.0184 0x1768 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:05:57.0200 0x1768 iaStorV - ok
14:05:57.0216 0x1768 IEEtwCollectorService - ok
14:05:57.0388 0x1768 [ 7A5A61997B5404C8EDDFCC62378164DC, C2BCA8A2AA2DFCCF3489FC7F0F366ABBDC8606CFC6397CD7B17C8CD4A28DD17F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:05:57.0638 0x1768 igfx - ok
14:05:57.0716 0x1768 [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT C:\Windows\System32\ikeext.dll
14:05:57.0778 0x1768 IKEEXT - ok
14:05:57.0794 0x1768 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC09385B6DDEAB58 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
14:05:57.0825 0x1768 intaud_WaveExtensible - ok
14:05:57.0981 0x1768 [ A189C5F684DE5D1A0084138ADB383DDD, E351C730AAEE606F0AE86545998AD6323BDFA66CEAD0CA9F3931FFA8465406F6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:05:58.0153 0x1768 IntcAzAudAddService - ok
14:05:58.0247 0x1768 [ D6A22510D795928E8840619900D672B4, 296F232B0A6D42840A745E4706D2815F6D2E4279DBD90112CBFBFF8833B724AF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:05:58.0278 0x1768 IntcDAud - ok
14:05:58.0356 0x1768 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
14:05:58.0419 0x1768 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
14:06:00.0903 0x1768 Detect skipped due to KSN trusted
14:06:00.0903 0x1768 Intel(R) Capability Licensing Service Interface - ok
14:06:01.0075 0x1768 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
14:06:01.0106 0x1768 Intel(R) Capability Licensing Service TCP IP Interface - ok
14:06:01.0185 0x1768 [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
14:06:01.0216 0x1768 Intel(R) ME Service - ok
14:06:01.0231 0x1768 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
14:06:01.0247 0x1768 intelide - ok
14:06:01.0278 0x1768 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
14:06:01.0294 0x1768 intelpep - ok
14:06:01.0294 0x1768 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
14:06:01.0325 0x1768 intelppm - ok
14:06:01.0341 0x1768 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:06:01.0388 0x1768 IpFilterDriver - ok
14:06:01.0466 0x1768 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:06:01.0528 0x1768 iphlpsvc - ok
14:06:01.0560 0x1768 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
14:06:01.0669 0x1768 IPMIDRV - ok
14:06:01.0685 0x1768 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:06:01.0778 0x1768 IPNAT - ok
14:06:01.0810 0x1768 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:06:01.0841 0x1768 IRENUM - ok
14:06:01.0856 0x1768 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:06:01.0872 0x1768 isapnp - ok
14:06:01.0903 0x1768 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
14:06:01.0935 0x1768 iScsiPrt - ok
14:06:01.0966 0x1768 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus C:\Windows\System32\drivers\iwdbus.sys
14:06:01.0966 0x1768 iwdbus - ok
14:06:01.0997 0x1768 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
14:06:02.0013 0x1768 jhi_service - ok
14:06:02.0044 0x1768 [ A1D4D34A56DF1D5122CDB265038A2E72, AE061BA1A65C98AF875FA18878B014B57E33594D4AC4C39B050AA532E2220F83 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
14:06:02.0060 0x1768 kbdclass - ok
14:06:02.0075 0x1768 [ 4A34D7084B862A92F3ABC4969166B3D3, 87B2635873DA4DD06D9E3B8E4313CBDBDC1488E4E340EC2101393EC65823771F ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
14:06:02.0106 0x1768 kbdhid - ok
14:06:02.0122 0x1768 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
14:06:02.0185 0x1768 kdnic - ok
14:06:02.0200 0x1768 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
14:06:02.0216 0x1768 KeyIso - ok
14:06:02.0247 0x1768 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:06:02.0263 0x1768 KSecDD - ok
14:06:02.0310 0x1768 [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:06:02.0325 0x1768 KSecPkg - ok
14:06:02.0341 0x1768 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:06:02.0372 0x1768 ksthunk - ok
14:06:02.0403 0x1768 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:06:02.0419 0x1768 KtmRm - ok
14:06:02.0466 0x1768 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
14:06:02.0528 0x1768 LanmanServer - ok
14:06:02.0560 0x1768 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:06:02.0591 0x1768 LanmanWorkstation - ok
14:06:02.0638 0x1768 [ 2B7479EB47731A8ACBA28AF4C4BDA32D, 67AEB98E7B41337FEFD92CC81BFAD25FBB679998B318C110A4873B1AD8927A97 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
14:06:02.0716 0x1768 lfsvc - ok
14:06:02.0747 0x1768 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:06:02.0778 0x1768 lltdio - ok
14:06:02.0841 0x1768 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:06:02.0872 0x1768 lltdsvc - ok
14:06:02.0903 0x1768 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:06:02.0950 0x1768 lmhosts - ok
14:06:03.0013 0x1768 [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:06:03.0028 0x1768 LMS - ok
14:06:03.0060 0x1768 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:06:03.0075 0x1768 LSI_SAS - ok
14:06:03.0075 0x1768 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:06:03.0091 0x1768 LSI_SAS2 - ok
14:06:03.0091 0x1768 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
14:06:03.0106 0x1768 LSI_SAS3 - ok
14:06:03.0122 0x1768 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
14:06:03.0138 0x1768 LSI_SSS - ok
14:06:03.0185 0x1768 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
14:06:03.0247 0x1768 LSM - ok
14:06:03.0278 0x1768 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
14:06:03.0310 0x1768 luafv - ok
14:06:03.0325 0x1768 massfilter - ok
14:06:03.0372 0x1768 [ 77AB66599EAFF797744D17C502FECDB9, E3A356AC3D6958B08C126D2C4231F2F7A655348606AE53FB95C6DA17908B32D1 ] McComponentHostServiceSony C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe
14:06:03.0388 0x1768 McComponentHostServiceSony - ok
14:06:03.0403 0x1768 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
14:06:03.0419 0x1768 megasas - ok
14:06:03.0435 0x1768 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
14:06:03.0481 0x1768 megasr - ok
14:06:03.0497 0x1768 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
14:06:03.0513 0x1768 MEIx64 - ok
14:06:03.0544 0x1768 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
14:06:03.0606 0x1768 MMCSS - ok
14:06:03.0622 0x1768 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
14:06:03.0638 0x1768 Modem - ok
14:06:03.0669 0x1768 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
14:06:03.0700 0x1768 monitor - ok
14:06:03.0731 0x1768 [ 2A2F8D5284E59815169A88F1FC9CEE28, 58EFBCF3C849FD088CFB7FE287FC7D9DD7E03D4E6AA98F0497C09E4596E42538 ] mouclass C:\Windows\System32\drivers\mouclass.sys
14:06:03.0747 0x1768 mouclass - ok
14:06:03.0747 0x1768 [ 91223A2AE2955B3E0DA3DB79C3A897A6, 32B59CF1586C2300D60AF8A1D819515033ACC7F7A1F3523FC4AC7725E29B5A90 ] mouhid C:\Windows\System32\drivers\mouhid.sys
14:06:03.0794 0x1768 mouhid - ok
14:06:03.0825 0x1768 [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:06:03.0841 0x1768 mountmgr - ok
14:06:03.0888 0x1768 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:06:03.0903 0x1768 MozillaMaintenance - ok
14:06:03.0935 0x1768 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:06:03.0981 0x1768 mpsdrv - ok
14:06:04.0044 0x1768 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:06:04.0091 0x1768 MpsSvc - ok
14:06:04.0106 0x1768 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:06:04.0153 0x1768 MRxDAV - ok
14:06:04.0200 0x1768 [ 31233271EDE50D1BBB220F78AFA60486, 2122FAB5BD353DF63CF0FE9CEDBD5DFD1F26F2DE04303E1B3FFB03AA02AECED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:06:04.0278 0x1768 mrxsmb - ok
14:06:04.0325 0x1768 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:06:04.0388 0x1768 mrxsmb10 - ok
14:06:04.0419 0x1768 [ 6276AC2AA203CF47811F6EFBBD214FBF, AE55D87D863A626347B0074F4E962080F1989A94153DAF8475593249F616DA2F ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:06:04.0450 0x1768 mrxsmb20 - ok
14:06:04.0497 0x1768 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
14:06:04.0528 0x1768 MsBridge - ok
14:06:04.0575 0x1768 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
14:06:04.0606 0x1768 MSDTC - ok
14:06:04.0638 0x1768 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:06:04.0653 0x1768 Msfs - ok
14:06:04.0685 0x1768 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
14:06:04.0700 0x1768 msgpiowin32 - ok
14:06:04.0716 0x1768 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:06:04.0731 0x1768 mshidkmdf - ok
14:06:04.0747 0x1768 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
14:06:04.0763 0x1768 mshidumdf - ok
14:06:04.0794 0x1768 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:06:04.0810 0x1768 msisadrv - ok
14:06:04.0841 0x1768 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:06:04.0872 0x1768 MSiSCSI - ok
14:06:04.0872 0x1768 msiserver - ok
14:06:04.0903 0x1768 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:06:04.0919 0x1768 MSKSSRV - ok
14:06:04.0950 0x1768 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
14:06:05.0013 0x1768 MsLldp - ok
14:06:05.0028 0x1768 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:06:05.0060 0x1768 MSPCLOCK - ok
14:06:05.0060 0x1768 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:06:05.0091 0x1768 MSPQM - ok
14:06:05.0122 0x1768 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:06:05.0153 0x1768 MsRPC - ok
14:06:05.0169 0x1768 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
14:06:05.0169 0x1768 mssmbios - ok
14:06:05.0185 0x1768 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:06:05.0216 0x1768 MSTEE - ok
14:06:05.0216 0x1768 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
14:06:05.0247 0x1768 MTConfig - ok
14:06:05.0263 0x1768 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
14:06:05.0278 0x1768 Mup - ok
14:06:05.0294 0x1768 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
14:06:05.0310 0x1768 mvumis - ok
14:06:05.0356 0x1768 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
14:06:05.0403 0x1768 napagent - ok
14:06:05.0435 0x1768 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:06:05.0481 0x1768 NativeWifiP - ok
14:06:05.0513 0x1768 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
14:06:05.0544 0x1768 NcaSvc - ok
14:06:05.0575 0x1768 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
14:06:05.0669 0x1768 NcbService - ok
14:06:05.0700 0x1768 [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
14:06:05.0763 0x1768 NcdAutoSetup - ok
14:06:05.0825 0x1768 [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:06:05.0888 0x1768 NDIS - ok
14:06:05.0935 0x1768 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:06:05.0950 0x1768 NdisCap - ok
14:06:05.0981 0x1768 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
14:06:06.0075 0x1768 NdisImPlatform - ok
14:06:06.0106 0x1768 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:06:06.0153 0x1768 NdisTapi - ok
14:06:06.0169 0x1768 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:06:06.0216 0x1768 Ndisuio - ok
14:06:06.0231 0x1768 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
14:06:06.0247 0x1768 NdisVirtualBus - ok
14:06:06.0263 0x1768 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:06:06.0294 0x1768 NdisWan - ok
14:06:06.0325 0x1768 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
14:06:06.0341 0x1768 NdisWanLegacy - ok
14:06:06.0388 0x1768 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:06:06.0403 0x1768 NDProxy - ok
14:06:06.0435 0x1768 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
14:06:06.0481 0x1768 Ndu - ok
14:06:06.0513 0x1768 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:06:06.0544 0x1768 NetBIOS - ok
14:06:06.0575 0x1768 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:06:06.0653 0x1768 NetBT - ok
14:06:06.0669 0x1768 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
14:06:06.0700 0x1768 Netlogon - ok
14:06:06.0731 0x1768 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
14:06:06.0747 0x1768 Netman - ok
14:06:06.0794 0x1768 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
14:06:06.0841 0x1768 netprofm - ok
14:06:06.0888 0x1768 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:06:06.0903 0x1768 NetTcpPortSharing - ok
14:06:06.0935 0x1768 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
14:06:07.0013 0x1768 netvsc - ok
14:06:07.0091 0x1768 [ 86D1BF1CC79121BA5A515DB3EC626C92, 6F29E31D08AAE4F183A50FE1EAAACCF3037E5091256D77CBF31134CD01C8EC3C ] NetworkSupport C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
14:06:07.0122 0x1768 NetworkSupport - ok
14:06:07.0169 0x1768 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
14:06:07.0231 0x1768 NlaSvc - ok
14:06:07.0247 0x1768 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:06:07.0278 0x1768 Npfs - ok
14:06:07.0310 0x1768 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
14:06:07.0403 0x1768 npsvctrig - ok
14:06:07.0435 0x1768 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
14:06:07.0497 0x1768 nsi - ok
14:06:07.0513 0x1768 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:06:07.0544 0x1768 nsiproxy - ok
14:06:07.0653 0x1768 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:06:07.0763 0x1768 Ntfs - ok
14:06:07.0778 0x1768 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
14:06:07.0794 0x1768 Null - ok
14:06:08.0185 0x1768 [ EBDFD7A965CA6DC99CA5A745F31C3224, 349F23B7B803D627DF278B9041163D215594E7B3B2D13123E6265AE92FBD7223 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:06:08.0638 0x1768 nvlddmkm - ok
14:06:08.0700 0x1768 [ CC477334F03DFCB5D42DEEDE6E9E72BE, F1225043B9C62B38B58A442679BDB67C03E86550C42DFE4610580C2B13C8DAFF ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
14:06:08.0716 0x1768 nvpciflt - ok
14:06:08.0763 0x1768 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:06:08.0794 0x1768 nvraid - ok
14:06:08.0794 0x1768 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:06:08.0810 0x1768 nvstor - ok
14:06:08.0872 0x1768 [ A51AA034C0995F3FC52F062A5BA53FDE, 421048381352EDB24480AC6E18F9DF419D1D0756F55EA2DBB8110CD53D190A34 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:06:08.0903 0x1768 nvsvc - ok
14:06:08.0997 0x1768 [ C74D6BCF9A8F83A9DAF7B3C2F0466638, 37787323A73D03F93346EC866948CFD34A31906623EF85EC3F826F4DCE056DEB ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:06:09.0044 0x1768 nvUpdatusService - ok
14:06:09.0060 0x1768 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:06:09.0122 0x1768 nv_agp - ok
14:06:09.0169 0x1768 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:06:09.0200 0x1768 ose - ok
14:06:09.0247 0x1768 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:06:09.0325 0x1768 p2pimsvc - ok
14:06:09.0388 0x1768 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
14:06:09.0435 0x1768 p2psvc - ok
14:06:09.0466 0x1768 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
14:06:09.0481 0x1768 Parport - ok
14:06:09.0513 0x1768 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:06:09.0528 0x1768 partmgr - ok
14:06:09.0575 0x1768 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:06:09.0606 0x1768 PcaSvc - ok
14:06:09.0653 0x1768 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
14:06:09.0669 0x1768 pci - ok
14:06:09.0685 0x1768 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
14:06:09.0700 0x1768 pciide - ok
14:06:09.0732 0x1768 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:06:09.0747 0x1768 pcmcia - ok
14:06:09.0763 0x1768 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
14:06:09.0778 0x1768 pcw - ok
14:06:09.0794 0x1768 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
14:06:09.0810 0x1768 pdc - ok
14:06:09.0872 0x1768 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:06:09.0919 0x1768 PEAUTH - ok
14:06:09.0997 0x1768 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:06:10.0091 0x1768 PerfHost - ok
14:06:10.0169 0x1768 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla C:\Windows\system32\pla.dll
14:06:10.0232 0x1768 pla - ok
14:06:10.0263 0x1768 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:06:10.0278 0x1768 PlugPlay - ok
14:06:10.0372 0x1768 [ 78CEC2F64577FEF62F9A9AFE2F312578, 22A0439381032A4AC5DC76151982C094AA4376D3038752266A673B80603AAE26 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
14:06:10.0403 0x1768 PMBDeviceInfoProvider - ok
14:06:10.0435 0x1768 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:06:10.0450 0x1768 PNRPAutoReg - ok
14:06:10.0481 0x1768 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:06:10.0513 0x1768 PNRPsvc - ok
14:06:10.0560 0x1768 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:06:10.0575 0x1768 PolicyAgent - ok
14:06:10.0607 0x1768 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
14:06:10.0669 0x1768 Power - ok
14:06:10.0685 0x1768 [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:06:10.0716 0x1768 PptpMiniport - ok
14:06:10.0872 0x1768 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
14:06:11.0028 0x1768 PrintNotify - ok
14:06:11.0075 0x1768 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
14:06:11.0122 0x1768 Processor - ok
14:06:11.0153 0x1768 [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc C:\Windows\system32\profsvc.dll
14:06:11.0232 0x1768 ProfSvc - ok
14:06:11.0263 0x1768 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:06:11.0294 0x1768 Psched - ok
14:06:11.0325 0x1768 [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64 C:\Windows\system32\drivers\PxHlpa64.sys
14:06:11.0356 0x1768 PxHlpa64 - ok
14:06:11.0388 0x1768 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
14:06:11.0435 0x1768 QWAVE - ok
14:06:11.0466 0x1768 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:06:11.0497 0x1768 QWAVEdrv - ok
14:06:11.0513 0x1768 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:06:11.0544 0x1768 RasAcd - ok
14:06:11.0575 0x1768 [ E8FFD8BE3C50E7A71C5FBB87BDD1128E, 3E3EB906CC9A1CCA09580DA9F94DD0E1162CABD343874B76718DC4F2E9069C4E ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:06:11.0591 0x1768 RasAgileVpn - ok
14:06:11.0638 0x1768 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
14:06:11.0653 0x1768 RasAuto - ok
14:06:11.0685 0x1768 [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:06:11.0700 0x1768 Rasl2tp - ok
14:06:11.0763 0x1768 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll
14:06:11.0794 0x1768 RasMan - ok
14:06:11.0810 0x1768 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:06:11.0825 0x1768 RasPppoe - ok
14:06:11.0857 0x1768 [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:06:11.0872 0x1768 RasSstp - ok
14:06:11.0903 0x1768 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:06:12.0013 0x1768 rdbss - ok
14:06:12.0044 0x1768 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
14:06:12.0091 0x1768 rdpbus - ok
14:06:12.0122 0x1768 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:06:12.0216 0x1768 RDPDR - ok
14:06:12.0247 0x1768 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:06:12.0263 0x1768 RdpVideoMiniport - ok
14:06:12.0294 0x1768 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:06:12.0325 0x1768 rdyboost - ok
14:06:12.0435 0x1768 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys
14:06:12.0482 0x1768 ReFS - ok
14:06:12.0528 0x1768 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:06:12.0544 0x1768 RemoteAccess - ok
14:06:12.0591 0x1768 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:06:12.0669 0x1768 RemoteRegistry - ok
14:06:12.0700 0x1768 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
14:06:12.0732 0x1768 RFCOMM - ok
14:06:12.0763 0x1768 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:06:12.0794 0x1768 RpcEptMapper - ok
14:06:12.0825 0x1768 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
14:06:12.0872 0x1768 RpcLocator - ok
14:06:12.0950 0x1768 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll
14:06:12.0997 0x1768 RpcSs - ok
14:06:13.0013 0x1768 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:06:13.0044 0x1768 rspndr - ok
14:06:13.0106 0x1768 [ CFE738C524F35B6E523A4D0F54840C30, 73E051DEA744EEC5202693C11EDABB36DE2D086160648D4E41F1F299CBAD8409 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
14:06:13.0138 0x1768 RTL8168 - ok
14:06:13.0169 0x1768 [ 78CA6B333D92B3344AE6DC54013203A6, 368647BD2A737ECF079D8D1BEF3FFC379A563136FCCB0880861333B9EF150283 ] RTSPER C:\Windows\system32\DRIVERS\RtsPer.sys
14:06:13.0200 0x1768 RTSPER - ok
14:06:13.0232 0x1768 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
14:06:13.0263 0x1768 s3cap - ok
14:06:13.0278 0x1768 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
14:06:13.0294 0x1768 SamSs - ok
14:06:13.0310 0x1768 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:06:13.0325 0x1768 sbp2port - ok
14:06:13.0357 0x1768 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:06:13.0388 0x1768 SCardSvr - ok
14:06:13.0403 0x1768 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
14:06:13.0435 0x1768 ScDeviceEnum - ok
14:06:13.0450 0x1768 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:06:13.0466 0x1768 scfilter - ok
14:06:13.0528 0x1768 [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule C:\Windows\system32\schedsvc.dll
14:06:13.0591 0x1768 Schedule - ok
14:06:13.0622 0x1768 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:06:13.0638 0x1768 SCPolicySvc - ok
14:06:13.0669 0x1768 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
14:06:13.0700 0x1768 sdbus - ok
14:06:13.0716 0x1768 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
14:06:13.0732 0x1768 sdstor - ok
14:06:13.0778 0x1768 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:06:13.0810 0x1768 secdrv - ok
14:06:13.0841 0x1768 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll
14:06:13.0872 0x1768 seclogon - ok
14:06:13.0888 0x1768 [ 1ED7A8574A28357097A5CB4063C96B00, 4E248CA66B7DE930AEC501A85F507AB813FC3CEBCBA347DFF3B05CE6CB8E496B ] semav6thermal64ro C:\Windows\system32\drivers\semav6thermal64ro.sys
14:06:13.0903 0x1768 semav6thermal64ro - ok
14:06:13.0950 0x1768 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
14:06:13.0982 0x1768 SENS - ok
14:06:14.0028 0x1768 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:06:14.0091 0x1768 SensrSvc - ok
14:06:14.0107 0x1768 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
14:06:14.0122 0x1768 SerCx - ok
14:06:14.0169 0x1768 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
14:06:14.0185 0x1768 SerCx2 - ok
14:06:14.0185 0x1768 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
14:06:14.0200 0x1768 Serenum - ok
14:06:14.0216 0x1768 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
14:06:14.0263 0x1768 Serial - ok
14:06:14.0278 0x1768 [ 96B01F117057FB4DAE0FF919ACB55770, D0F58F1CAE4F81D60FCE60BB0065A34B4F897E8105DF17B6DAA334938CD25A56 ] sermouse C:\Windows\System32\drivers\sermouse.sys
14:06:14.0325 0x1768 sermouse - ok
14:06:14.0388 0x1768 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll
14:06:14.0450 0x1768 SessionEnv - ok
14:06:14.0466 0x1768 [ 11DB2C54BBCE4E1C5152999612C219D5, 1DC22AA4AB900AD19D156F093C865DBD8EBECBF0ACEF32A1DACAA8EE1A1A5543 ] SFEP C:\Windows\System32\drivers\SFEP.sys
14:06:14.0482 0x1768 SFEP - ok
14:06:14.0497 0x1768 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
14:06:14.0513 0x1768 sfloppy - ok
14:06:14.0560 0x1768 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:06:14.0575 0x1768 SharedAccess - ok
14:06:14.0638 0x1768 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:06:14.0732 0x1768 ShellHWDetection - ok
14:06:14.0763 0x1768 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:06:14.0763 0x1768 SiSRaid2 - ok
14:06:14.0778 0x1768 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:06:14.0794 0x1768 SiSRaid4 - ok
14:06:14.0825 0x1768 [ 651BE03BCD0EEA41765D453DEB6050BC, D8A8132AF78E2E8BA3BCF6EE4D1C8BB4C6F2224765E04F0254B592BCB4C3CDF1 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
14:06:14.0841 0x1768 SmbDrvI - ok
14:06:14.0857 0x1768 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
14:06:14.0872 0x1768 smphost - ok
14:06:14.0919 0x1768 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:06:14.0966 0x1768 SNMPTRAP - ok
14:06:15.0060 0x1768 [ 2E666DFD667265AD716422884A3335FF, 137A80514C24F912413547ED0E0E8785374F29242D5CE148142355BE52F5EB2B ] SOHCImp c:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
14:06:15.0091 0x1768 SOHCImp - ok
14:06:15.0138 0x1768 [ DDB5C6B79347EB303F245535C49C6D44, CCB245D827A944EA8B0E992B4641992F945B1A6F556B437BE0B767D1C9E6CA30 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
14:06:15.0153 0x1768 SOHDms - ok
14:06:15.0185 0x1768 [ FA4AC5624B245FA03D4CCBA9C48D385E, 3125359763D34EE51EB1125217050DB29045154E76673F7CFED25B6301C7EEBE ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
14:06:15.0185 0x1768 SOHDs - ok
14:06:15.0216 0x1768 [ 3BB48F7E33C2B76184DDF233000C09CD, D1AAE5B0425047CA0C2D376D3E59324D35A90DF9074CD442DFD0ED6E434D3C84 ] Sony SCSI Helper Service C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
14:06:15.0247 0x1768 Sony SCSI Helper Service - detected UnsignedFile.Multi.Generic ( 1 )
14:06:17.0700 0x1768 Detect skipped due to KSN trusted
14:06:17.0700 0x1768 Sony SCSI Helper Service - ok
14:06:17.0747 0x1768 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys
14:06:17.0794 0x1768 spaceport - ok
14:06:17.0810 0x1768 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
14:06:17.0810 0x1768 SpbCx - ok
14:06:17.0903 0x1768 [ C03E480E63A80D73FABE28D24D3B6B47, F8C68DC63A5492587F9343158348ADD99A99AF34DC7ED29E5562EE90C0AB8F25 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
14:06:17.0935 0x1768 SpfService - ok
14:06:17.0982 0x1768 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe
14:06:18.0060 0x1768 Spooler - ok
14:06:18.0325 0x1768 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
14:06:18.0560 0x1768 sppsvc - ok
14:06:18.0685 0x1768 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:06:18.0794 0x1768 srv - ok
14:06:18.0841 0x1768 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:06:18.0888 0x1768 srv2 - ok
14:06:18.0919 0x1768 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:06:18.0966 0x1768 srvnet - ok
14:06:18.0997 0x1768 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:06:19.0044 0x1768 SSDPSRV - ok
14:06:19.0060 0x1768 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:06:19.0107 0x1768 SstpSvc - ok
14:06:19.0138 0x1768 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:06:19.0153 0x1768 stexstor - ok
14:06:19.0200 0x1768 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
14:06:19.0278 0x1768 stisvc - ok
14:06:19.0294 0x1768 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
14:06:19.0310 0x1768 storahci - ok
14:06:19.0341 0x1768 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:06:19.0357 0x1768 storflt - ok
14:06:19.0388 0x1768 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
14:06:19.0403 0x1768 stornvme - ok
14:06:19.0419 0x1768 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
14:06:19.0482 0x1768 StorSvc - ok
14:06:19.0497 0x1768 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:06:19.0513 0x1768 storvsc - ok
14:06:19.0528 0x1768 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
14:06:19.0575 0x1768 svsvc - ok
14:06:19.0591 0x1768 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
14:06:19.0607 0x1768 swenum - ok
14:06:19.0653 0x1768 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
14:06:19.0700 0x1768 swprv - ok
14:06:19.0763 0x1768 [ C54F86A754D7EA388ABD817D7A9B712C, EC2E365EE165393543A0661783410C91D32FF4413866DC0875D67FFA7DF4F763 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:06:19.0794 0x1768 SynTP - ok
14:06:19.0872 0x1768 [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain C:\Windows\system32\sysmain.dll
14:06:19.0950 0x1768 SysMain - ok
14:06:19.0982 0x1768 [ 23BECB70654B192A7E378DEE3DBD8D42, 7596174AE7508B62C40A429645198F6A420D0CD5B62A10AB78516113584E7EDB ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
14:06:20.0028 0x1768 SystemEventsBroker - ok
14:06:20.0044 0x1768 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:06:20.0091 0x1768 TabletInputService - ok
14:06:20.0138 0x1768 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
14:06:20.0185 0x1768 TapiSrv - ok
14:06:20.0310 0x1768 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:06:20.0435 0x1768 Tcpip - ok
14:06:20.0544 0x1768 [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:06:20.0638 0x1768 TCPIP6 - ok
14:06:20.0669 0x1768 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:06:20.0700 0x1768 tcpipreg - ok
14:06:20.0747 0x1768 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:06:20.0778 0x1768 tdx - ok
14:06:20.0794 0x1768 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
14:06:20.0825 0x1768 terminpt - ok
14:06:20.0888 0x1768 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
14:06:20.0950 0x1768 TermService - ok
14:06:20.0982 0x1768 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
14:06:21.0013 0x1768 Themes - ok
14:06:21.0044 0x1768 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
14:06:21.0060 0x1768 THREADORDER - ok
14:06:21.0075 0x1768 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
14:06:21.0138 0x1768 TimeBroker - ok
14:06:21.0154 0x1768 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\Windows\system32\drivers\tpm.sys
14:06:21.0169 0x1768 TPM - ok
14:06:21.0216 0x1768 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
14:06:21.0232 0x1768 TrkWks - ok
14:06:21.0294 0x1768 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:06:21.0357 0x1768 TrustedInstaller - ok
14:06:21.0357 0x1768 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:06:21.0435 0x1768 TsUsbFlt - ok
14:06:21.0466 0x1768 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
14:06:21.0528 0x1768 TsUsbGD - ok
14:06:21.0560 0x1768 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:06:21.0607 0x1768 tunnel - ok
14:06:21.0622 0x1768 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:06:21.0638 0x1768 uagp35 - ok
14:06:21.0654 0x1768 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
14:06:21.0669 0x1768 UASPStor - ok
14:06:21.0700 0x1768 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
14:06:21.0732 0x1768 UCX01000 - ok
14:06:21.0763 0x1768 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:06:21.0794 0x1768 udfs - ok
14:06:21.0825 0x1768 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
14:06:21.0841 0x1768 UEFI - ok
14:06:21.0872 0x1768 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:06:21.0888 0x1768 UI0Detect - ok
14:06:21.0903 0x1768 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:06:21.0919 0x1768 uliagpkx - ok
14:06:21.0935 0x1768 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
14:06:21.0950 0x1768 umbus - ok
14:06:21.0966 0x1768 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
14:06:21.0982 0x1768 UmPass - ok
14:06:22.0013 0x1768 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
14:06:22.0075 0x1768 UmRdpService - ok
14:06:22.0122 0x1768 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
14:06:22.0153 0x1768 upnphost - ok
14:06:22.0185 0x1768 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
14:06:22.0200 0x1768 usbccgp - ok
14:06:22.0232 0x1768 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
14:06:22.0247 0x1768 usbcir - ok
14:06:22.0279 0x1768 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\Windows\System32\drivers\usbehci.sys
14:06:22.0294 0x1768 usbehci - ok
14:06:22.0325 0x1768 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\Windows\System32\drivers\usbhub.sys
14:06:22.0372 0x1768 usbhub - ok
14:06:22.0419 0x1768 [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
14:06:22.0466 0x1768 USBHUB3 - ok
14:06:22.0513 0x1768 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\Windows\System32\drivers\usbohci.sys
14:06:22.0669 0x1768 usbohci - ok
14:06:22.0685 0x1768 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
14:06:22.0732 0x1768 usbprint - ok
14:06:22.0763 0x1768 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan C:\Windows\System32\drivers\usbscan.sys
14:06:22.0841 0x1768 usbscan - ok
14:06:22.0872 0x1768 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
14:06:22.0888 0x1768 USBSTOR - ok
14:06:22.0919 0x1768 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
14:06:22.0966 0x1768 usbuhci - ok
14:06:22.0997 0x1768 [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:06:23.0028 0x1768 usbvideo - ok
14:06:23.0060 0x1768 [ 1A20F03700D2B2ED775E38D751EF2F63, 76F8BE9F412D4397437E60A7E6231C80EA9B4F5436C9A8FAB967C78604994AE9 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
14:06:23.0091 0x1768 USBXHCI - ok
14:06:23.0185 0x1768 [ 34349E7B488FA61B639117F6BF1EBF99, A7A7E60511F7D6370473D41867F5323695308CC27D3EEB0286687D3A9E0084E9 ] USER_ESRV_SVC C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
14:06:23.0216 0x1768 USER_ESRV_SVC - ok
14:06:23.0279 0x1768 [ ECEBE4C39060D8A968B11F03AC0EA522, 84F67863042FCE9A15F3C132B8741004346C7B372FE6C92AA28F6D708C5ABFA4 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
14:06:23.0294 0x1768 VAIO Event Service - ok
14:06:23.0310 0x1768 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
14:06:23.0325 0x1768 VaultSvc - ok
14:06:23.0419 0x1768 [ DEBA4273293DAE85EE4BE3F433C903D7, 62254F305DDE2D14CE3ABD1FA7B2B1F1FAC3925926D73A217EF863F6D4B25FBF ] VCFw c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:06:23.0466 0x1768 VCFw - ok
14:06:23.0497 0x1768 [ 0D53D30C8473EEDC1757FDA3C511103B, 54E1AE2CCD71AD446F373DD8E19382D81CA2BC9AEEE326CF5BF020AD3C5F58AB ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
14:06:23.0497 0x1768 VCService - ok
14:06:23.0529 0x1768 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:06:23.0544 0x1768 vdrvroot - ok
14:06:23.0607 0x1768 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds C:\Windows\System32\vds.exe
14:06:23.0669 0x1768 vds - ok
14:06:23.0716 0x1768 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
14:06:23.0732 0x1768 VerifierExt - ok
14:06:23.0794 0x1768 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
14:06:23.0825 0x1768 vhdmp - ok
14:06:23.0857 0x1768 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
14:06:23.0872 0x1768 viaide - ok
14:06:23.0888 0x1768 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:06:23.0919 0x1768 vmbus - ok
14:06:23.0950 0x1768 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
14:06:23.0982 0x1768 VMBusHID - ok
14:06:24.0013 0x1768 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
14:06:24.0029 0x1768 vmicguestinterface - ok
14:06:24.0060 0x1768 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
14:06:24.0091 0x1768 vmicheartbeat - ok
14:06:24.0107 0x1768 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
14:06:24.0138 0x1768 vmickvpexchange - ok
14:06:24.0153 0x1768 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
14:06:24.0185 0x1768 vmicrdv - ok
14:06:24.0200 0x1768 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
14:06:24.0232 0x1768 vmicshutdown - ok
14:06:24.0247 0x1768 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
14:06:24.0263 0x1768 vmictimesync - ok
14:06:24.0294 0x1768 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
14:06:24.0310 0x1768 vmicvss - ok
14:06:24.0325 0x1768 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:06:24.0341 0x1768 volmgr - ok
14:06:24.0372 0x1768 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:06:24.0404 0x1768 volmgrx - ok
14:06:24.0435 0x1768 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:06:24.0466 0x1768 volsnap - ok
14:06:24.0482 0x1768 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys
14:06:24.0497 0x1768 vpci - ok
14:06:24.0513 0x1768 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:06:24.0544 0x1768 vsmraid - ok
14:06:24.0607 0x1768 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS C:\Windows\system32\vssvc.exe
14:06:24.0669 0x1768 VSS - ok
14:06:24.0700 0x1768 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
14:06:24.0747 0x1768 VSTXRAID - ok
14:06:24.0872 0x1768 [ C1FAE2E81955DCCD79034A23EC4F3F37, 61B6477C6068B5542D3EE9C6336FBD7589F1CFFD3E850473A539619033533286 ] VUAgent C:\Program Files\Sony\VAIO Update\vuagent.exe
14:06:24.0919 0x1768 VUAgent - ok
14:06:24.0982 0x1768 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:06:25.0060 0x1768 vwifibus - ok
14:06:25.0091 0x1768 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:06:25.0107 0x1768 vwififlt - ok
14:06:25.0138 0x1768 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:06:25.0154 0x1768 vwifimp - ok
14:06:25.0200 0x1768 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
14:06:25.0279 0x1768 W32Time - ok
14:06:25.0310 0x1768 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
14:06:25.0357 0x1768 WacomPen - ok
14:06:25.0372 0x1768 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:06:25.0388 0x1768 Wanarp - ok
14:06:25.0388 0x1768 [ 6505C9E72910F91D4C317EECF22D1DE6, 838BAEA6F0BBA916B3291EB165F65DA2F4EC35395678D450EEEB1E540A123FC4 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:06:25.0403 0x1768 Wanarpv6 - ok
14:06:25.0482 0x1768 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe
14:06:25.0607 0x1768 wbengine - ok
14:06:25.0669 0x1768 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:06:25.0763 0x1768 WbioSrvc - ok
14:06:25.0810 0x1768 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
14:06:25.0825 0x1768 Wcmsvc - ok
14:06:25.0872 0x1768 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:06:25.0904 0x1768 wcncsvc - ok
14:06:25.0935 0x1768 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:06:26.0013 0x1768 WcsPlugInService - ok
14:06:26.0044 0x1768 [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
14:06:26.0075 0x1768 WdBoot - ok
14:06:26.0154 0x1768 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:06:26.0200 0x1768 Wdf01000 - ok
14:06:26.0232 0x1768 [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
14:06:26.0247 0x1768 WdFilter - ok
14:06:26.0279 0x1768 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:06:26.0310 0x1768 WdiServiceHost - ok
14:06:26.0310 0x1768 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:06:26.0325 0x1768 WdiSystemHost - ok
14:06:26.0357 0x1768 [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
14:06:26.0372 0x1768 WdNisDrv - ok
14:06:26.0419 0x1768 WdNisSvc - ok
14:06:26.0450 0x1768 [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient C:\Windows\System32\webclnt.dll
14:06:26.0513 0x1768 WebClient - ok
14:06:26.0544 0x1768 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:06:26.0575 0x1768 Wecsvc - ok
14:06:26.0591 0x1768 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
14:06:26.0622 0x1768 WEPHOSTSVC - ok
14:06:26.0654 0x1768 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:06:26.0716 0x1768 wercplsupport - ok
14:06:26.0763 0x1768 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
14:06:26.0779 0x1768 WerSvc - ok
14:06:26.0825 0x1768 [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
14:06:26.0888 0x1768 WFPLWFS - ok
14:06:26.0919 0x1768 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
14:06:26.0950 0x1768 WiaRpc - ok
14:06:26.0966 0x1768 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:06:26.0982 0x1768 WIMMount - ok
14:06:26.0982 0x1768 WinDefend - ok
14:06:27.0044 0x1768 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
14:06:27.0091 0x1768 WinHttpAutoProxySvc - ok
14:06:27.0138 0x1768 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:06:27.0216 0x1768 Winmgmt - ok
14:06:27.0357 0x1768 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll
14:06:27.0466 0x1768 WinRM - ok
14:06:27.0497 0x1768 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb C:\Windows\System32\drivers\WinUsb.sys
14:06:27.0529 0x1768 WinUsb - ok
14:06:27.0622 0x1768 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
14:06:27.0685 0x1768 WlanSvc - ok
14:06:27.0794 0x1768 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
14:06:27.0857 0x1768 wlidsvc - ok
14:06:27.0872 0x1768 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
14:06:27.0904 0x1768 WmiAcpi - ok
14:06:27.0935 0x1768 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:06:27.0950 0x1768 wmiApSrv - ok
14:06:27.0966 0x1768 WMPNetworkSvc - ok
14:06:28.0013 0x1768 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
14:06:28.0091 0x1768 Wof - ok
14:06:28.0200 0x1768 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
14:06:28.0325 0x1768 workfolderssvc - ok
14:06:28.0372 0x1768 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
14:06:28.0404 0x1768 wpcfltr - ok
14:06:28.0419 0x1768 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:06:28.0450 0x1768 WPCSvc - ok
14:06:28.0497 0x1768 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:06:28.0544 0x1768 WPDBusEnum - ok
14:06:28.0575 0x1768 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
14:06:28.0575 0x1768 WpdUpFltr - ok
14:06:28.0591 0x1768 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:06:28.0622 0x1768 ws2ifsl - ok
14:06:28.0638 0x1768 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll
14:06:28.0700 0x1768 wscsvc - ok
14:06:28.0700 0x1768 WSearch - ok
14:06:28.0857 0x1768 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
14:06:28.0997 0x1768 WSService - ok
14:06:29.0154 0x1768 [ 5F3D70B19BCAC985DA90F22CA2FF45E4, BBD82BAEF0DCA2C6361F8D1ADF5BED36D0F1AB1A2AEADB0E4526B917F40C2E52 ] wuauserv C:\Windows\system32\wuaueng.dll
14:06:29.0294 0x1768 wuauserv - ok
14:06:29.0357 0x1768 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:06:29.0388 0x1768 WudfPf - ok
14:06:29.0419 0x1768 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
14:06:29.0450 0x1768 WUDFRd - ok
14:06:29.0482 0x1768 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:06:29.0513 0x1768 wudfsvc - ok
14:06:29.0529 0x1768 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
14:06:29.0544 0x1768 WUDFWpdFs - ok
14:06:29.0560 0x1768 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp C:\Windows\System32\drivers\WUDFRd.sys
14:06:29.0575 0x1768 WUDFWpdMtp - ok
14:06:29.0622 0x1768 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:06:29.0669 0x1768 WwanSvc - ok
14:06:29.0669 0x1768 ZTEusbmdm6k - ok
14:06:29.0685 0x1768 ZTEusbnmea - ok
14:06:29.0685 0x1768 ZTEusbser6k - ok
14:06:29.0685 0x1768 ================ Scan global ===============================
14:06:29.0732 0x1768 [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\Windows\system32\basesrv.dll
14:06:29.0763 0x1768 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
14:06:29.0794 0x1768 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
14:06:29.0857 0x1768 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
14:06:29.0872 0x1768 [ Global ] - ok
14:06:29.0872 0x1768 ================ Scan MBR ==================================
14:06:29.0904 0x1768 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:06:29.0997 0x1768 \Device\Harddisk0\DR0 - ok
14:06:29.0997 0x1768 ================ Scan VBR ==================================
14:06:29.0997 0x1768 [ E148A819B5F6E54DA86486C1A646E513 ] \Device\Harddisk0\DR0\Partition1
14:06:30.0029 0x1768 \Device\Harddisk0\DR0\Partition1 - ok
14:06:30.0044 0x1768 [ 96782C1246BE111247B6C7A0047B5AF7 ] \Device\Harddisk0\DR0\Partition2
14:06:30.0122 0x1768 \Device\Harddisk0\DR0\Partition2 - ok
14:06:30.0138 0x1768 [ DEF040415BDF35A256A6122D5F135C4B ] \Device\Harddisk0\DR0\Partition3
14:06:30.0200 0x1768 \Device\Harddisk0\DR0\Partition3 - ok
14:06:30.0216 0x1768 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
14:06:30.0216 0x1768 \Device\Harddisk0\DR0\Partition4 - ok
14:06:30.0216 0x1768 [ 5204D8AE065BE36457DED68B9B9F92D8 ] \Device\Harddisk0\DR0\Partition5
14:06:30.0294 0x1768 \Device\Harddisk0\DR0\Partition5 - ok
14:06:30.0325 0x1768 [ 8615747BE02258E36F451D7FFD2126DC ] \Device\Harddisk0\DR0\Partition6
14:06:30.0341 0x1768 \Device\Harddisk0\DR0\Partition6 - ok
14:06:30.0357 0x1768 ================ Scan generic autorun ======================
14:06:30.0450 0x1768 [ 2BFBD5FB7B6EFFF59AD79BB8A8796926, BBD0BC11B9BAA0691BAAE7C7960F51183A6D5ACD322B7092E436900FA495FBDB ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
14:06:30.0497 0x1768 RtHDVBg - ok
14:06:30.0575 0x1768 [ AB758AF3BD65A42AB837ABE463E7B066, F89A703224818D48A3CBEA8A807534A92EF57E205CD919452DA9E998569697DD ] c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe
14:06:30.0607 0x1768 Bluetooth - ok
14:06:30.0638 0x1768 [ 3847AD700BFAB313D85664E8A36E5114, 0E5AC3AB8E8ECAB9312B6A39013537804FE580F4B27F9EBC802732EC6409728D ] C:\Windows\system32\igfxtray.exe
14:06:30.0654 0x1768 IgfxTray - ok
14:06:30.0685 0x1768 [ E7766E31C1E3B12C85AE78757AD4DE34, 5ED9453A7E9EF04952C33CA011E61327DD17B5F8C4F9820FEBA845375C9CD2C8 ] C:\Windows\system32\hkcmd.exe
14:06:30.0716 0x1768 HotKeysCmds - ok
14:06:30.0763 0x1768 [ 6B00734445DF2C0AF9D0CA52B3F02839, 4437C5A92BCB87DA368422A47AF0D872885179A42BE73D3701DDEFF91DD0EE1E ] C:\Windows\system32\igfxpers.exe
14:06:30.0794 0x1768 Persistence - ok
14:06:30.0904 0x1768 [ 79C9B6A7836DC358216036A1EBA31B62, 9E3987ED10C5CFCD06A2DCBC4E0838004F97A1527527749EF3CC7C5EC5AC2597 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
14:06:30.0966 0x1768 AdobeAAMUpdater-1.0 - ok
14:06:30.0966 0x1768 SynTPEnh - ok
14:06:31.0091 0x1768 [ 3A608A79BBAD5F22BEA3C21BF829F2E1, DA85834740EEBD27BE2B28F20A4AEAAF15E62E4380CE47FC3B9037A60314E561 ] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
14:06:31.0169 0x1768 PMBVolumeWatcher - ok
14:06:31.0169 0x1768 Waiting for KSN requests completion. In queue: 157
14:06:32.0185 0x1768 Waiting for KSN requests completion. In queue: 157
14:06:33.0201 0x1768 Waiting for KSN requests completion. In queue: 157
14:06:34.0372 0x1768 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
14:06:34.0388 0x1768 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
14:06:34.0388 0x1768 Win FW state via NFP2: enabled
14:06:36.0810 0x1768 ============================================================
14:06:36.0810 0x1768 Scan finished
14:06:36.0810 0x1768 ============================================================
14:06:36.0825 0x1128 Detected object count: 0
14:06:36.0825 0x1128 Actual detected object count: 0
|
|
06.06.2015, 07:46
| #5 |
| /// the machine /// TB-Ausbilder | Windows 8: Backdoorfund von Avira-Echtzeitscanner hi, Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.06.2015, 18:49
| #6 |
| | Windows 8: Backdoorfund von Avira-Echtzeitscanner Guten Abend, hier die Logfiles: mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 06.06.2015 Suchlauf-Zeit: 18:40:21 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.06.04 Rootkit Datenbank: v2015.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Lukas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 431214 Verstrichene Zeit: 22 Min, 39 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) AdwCleaner Kleine Frage, was wurde da eigentlich genau aus der Registrierungsdatenbank gelöscht, weil mir eigentlich keine Funde angezeigt wurden? Code:
ATTFilter # AdwCleaner v4.206 - Bericht erstellt 06/06/2015 um 19:15:19
# Aktualisiert 01/06/2015 von Xplode
# Datenbank : 2015-06-05.1 [Server]
# Betriebssystem : Windows 8.1 (x64)
# Benutzername : Lukas - LUKAS-PC
# Gestarted von : C:\Users\Lukas\Desktop\AdwCleaner_4.206.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Lukas\Desktop\eBay.lnk
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v38.0.1 (x86 de)
*************************
AdwCleaner[R0].txt - [1093 Bytes] - [06/06/2015 19:14:23]
AdwCleaner[S0].txt - [1014 Bytes] - [06/06/2015 19:15:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1073 Bytes] ##########
JRT.txt Auch hier die kleine Frage, wieso das Programm denn den Ordner in Firefox geleert hat. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.8 (06.03.2015:1)
OS: Windows 8.1 x64
Ran by Lukas on 06.06.2015 at 19:27:25,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Lukas\AppData\Roaming\mozilla\firefox\profiles\dn1xwhro.default\minidumps [9 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.06.2015 at 19:29:38,82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Lukas (administrator) on LUKAS-PC on 06-06-2015 19:32:14
Running from C:\Users\Lukas\Desktop
Loaded Profiles: Lukas (Available Profiles: Lukas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2346008 2013-10-01] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2200920533-3107399475-823698359-1002 -> {7E31E309-3083-4067-A35A-3482255781B5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default
FF Homepage: uni-bamberg.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-06-25] (Sony Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default\Extensions\abs@avira.com [2015-05-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor12.0; c:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-03] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-06 19:29 - 2015-06-06 19:29 - 00000720 _____ C:\Users\Lukas\Desktop\JRT.txt
2015-06-06 19:27 - 2015-06-06 19:27 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LUKAS-PC-Windows-8.1-(64-bit).dat
2015-06-06 19:27 - 2015-06-06 19:27 - 00000000 ____D C:\RegBackup
2015-06-06 19:18 - 2015-06-06 19:18 - 00001153 _____ C:\Users\Lukas\Desktop\AdwCleaner[S0].txt
2015-06-06 19:14 - 2015-06-06 19:15 - 00000000 ____D C:\AdwCleaner
2015-06-06 19:03 - 2015-06-06 19:03 - 00001198 _____ C:\Users\Lukas\Desktop\mbam.txt
2015-06-06 18:55 - 2015-06-06 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-06 18:38 - 2015-06-06 18:38 - 00001074 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-06 18:38 - 2015-06-06 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-06 18:38 - 2015-06-06 18:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-06 18:38 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-06 18:38 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-06 18:31 - 2015-06-06 18:31 - 02942610 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe
2015-06-06 18:30 - 2015-06-06 18:30 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-06 18:30 - 2015-06-06 18:30 - 02231296 _____ C:\Users\Lukas\Desktop\AdwCleaner_4.206.exe
2015-06-05 13:34 - 2015-06-06 18:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 13:34 - 2015-06-06 18:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-05 13:34 - 2015-06-05 13:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-05 13:32 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-05 13:25 - 2015-06-05 13:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lukas\Desktop\tdsskiller.exe
2015-06-05 13:19 - 2015-06-05 13:59 - 00000000 ____D C:\Users\Lukas\Desktop\mbar
2015-06-05 13:17 - 2015-06-05 13:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lukas\Desktop\mbar-1.09.1.1004.exe
2015-06-05 12:40 - 2015-06-05 12:40 - 00132508 _____ C:\Users\Lukas\Desktop\Neues Textdokument.txt
2015-06-05 12:07 - 2015-06-05 12:07 - 00000754 _____ C:\Users\Lukas\Desktop\quarantaene.txt
2015-06-05 11:59 - 2015-06-05 11:59 - 00004984 _____ C:\Users\Lukas\Desktop\Ereignisse.txt
2015-06-05 11:57 - 2015-06-05 11:57 - 00055770 _____ C:\Users\Lukas\Desktop\AVSCAN-20150601-212558-480F1274.LOG
2015-06-05 11:56 - 2015-06-05 11:56 - 00056954 _____ C:\Users\Lukas\Desktop\AVSCAN-20150521-191913-863EDE59.LOG
2015-06-05 11:44 - 2015-06-05 11:44 - 00003851 _____ C:\Users\Lukas\Desktop\Gmer Scan.log
2015-06-05 11:38 - 2015-06-05 11:38 - 00380416 _____ C:\Users\Lukas\Desktop\Gmer-19357.exe
2015-06-05 11:32 - 2015-06-06 19:32 - 00015881 _____ C:\Users\Lukas\Desktop\FRST.txt
2015-06-05 11:32 - 2015-06-05 11:33 - 00033597 _____ C:\Users\Lukas\Desktop\Addition.txt
2015-06-05 11:31 - 2015-06-06 19:32 - 00000000 ____D C:\FRST
2015-06-05 11:31 - 2015-06-05 11:31 - 02108928 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-06-05 11:17 - 2015-06-05 11:17 - 00000000 ____D C:\Users\Lukas\AppData\Local\GWX
2015-05-27 11:13 - 2015-05-27 11:13 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00626888 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-05-27 11:13 - 2015-05-27 11:13 - 00419528 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00267976 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00249032 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo27.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00042696 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-05-24 23:49 - 2015-05-24 23:49 - 00007597 _____ C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2015-05-13 23:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 23:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:02 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 22:02 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 22:02 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 22:02 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 21:56 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:56 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:56 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 21:56 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 21:56 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 21:56 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 21:56 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 21:56 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 21:56 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 21:56 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 21:56 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 21:56 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 21:56 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 21:55 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:55 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:55 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:55 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:55 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:55 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:55 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:55 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:55 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 21:55 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:55 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:55 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 21:55 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:55 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:55 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 21:55 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:55 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:55 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 21:55 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:55 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 21:55 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:55 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:55 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:55 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:55 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:55 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:55 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:55 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:55 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 21:55 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 21:55 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 21:55 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:55 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:55 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:55 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 21:55 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 21:55 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 21:55 - 2015-03-13 02:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-12 21:55 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:55 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:55 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:55 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 21:55 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:55 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 21:38 - 2015-05-12 21:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-06 19:30 - 2014-01-26 15:49 - 01404497 _____ C:\Windows\WindowsUpdate.log
2015-06-06 19:22 - 2014-10-05 23:05 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2200920533-3107399475-823698359-1002
2015-06-06 19:19 - 2015-03-25 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-06 19:17 - 2013-08-22 16:46 - 00029130 _____ C:\Windows\setupact.log
2015-06-06 19:17 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 19:16 - 2013-09-13 23:00 - 00397268 _____ C:\Windows\PFRO.log
2015-06-06 19:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-06 19:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-06 18:51 - 2014-10-11 14:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-05 12:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-05 11:18 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-04 13:25 - 2014-10-11 13:45 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\vlc
2015-06-01 21:17 - 2014-11-04 23:00 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\dvdcss
2015-06-01 21:15 - 2014-01-26 15:44 - 00020526 _____ C:\Windows\DPINST.LOG
2015-06-01 21:14 - 2013-08-22 16:44 - 00686496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 18:49 - 2014-10-15 11:32 - 00000000 ____D C:\Users\Lukas\Downloads\VC
2015-06-01 18:43 - 2015-03-05 17:09 - 00000000 ____D C:\ProgramData\Synaptics
2015-05-27 11:13 - 2013-10-29 05:31 - 00764104 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-05-26 00:01 - 2014-10-15 11:33 - 00000000 ____D C:\Users\Lukas\Downloads\Sonstiges
2015-05-25 23:39 - 2014-10-19 14:30 - 00000000 ____D C:\Users\Lukas\Documents\Bafög
2015-05-25 21:54 - 2014-01-27 00:26 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-05-25 21:54 - 2014-01-27 00:26 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-05-25 21:54 - 2013-09-13 23:06 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-25 19:44 - 2014-10-23 18:36 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2015-05-25 19:44 - 2014-01-26 15:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 18:47 - 2014-10-09 16:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-16 15:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-05-14 01:27 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-13 21:49 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 00:45 - 2014-10-19 19:47 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 00:42 - 2014-10-19 19:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 00:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-05-13 00:38 - 2015-01-25 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:05 - 2013-08-22 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-12 21:38 - 2014-01-26 16:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2015-05-24 23:49 - 2015-05-24 23:49 - 0007597 _____ () C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2014-01-26 15:45 - 2014-01-26 15:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\avgnt.exe
C:\Users\Lukas\AppData\Local\Temp\COMAP.EXE
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lukas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-05 16:32
==================== End of log ============================
Und Addition.txt [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Lukas at 2015-06-06 19:33:13
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2200920533-3107399475-823698359-500 - Administrator - Disabled)
Gast (S-1-5-21-2200920533-3107399475-823698359-501 - Limited - Disabled)
Lukas (S-1-5-21-2200920533-3107399475-823698359-1002 - Administrator - Enabled) => C:\Users\Lukas
UpdatusUser (S-1-5-21-2200920533-3107399475-823698359-1001 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acoustica SE 4.1 (HKLM-x32\...\Acoustica SE_is1) (Version: 4.1 - Acon Digital Media GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3202 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5804.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.2.0.10110 - Sony Corporation)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{4065415E-A05E-4555-B527-CEF9F165B8BC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.153 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.153 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 327.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.39 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.5.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PlayMemories Home (HKLM-x32\...\{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}) (Version: 8.0.02.10010 - Sony Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
Recorder-Studio SE 1.0 (HKLM-x32\...\Recorder-Studio SE_is1) (Version: 1.0 - BHV Software GmbH & Co. KG)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.1.0.09260 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{7BF64721-B4E0-4CBC-8D4B-E9E6A8590521}) (Version: 1.1.3.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.0.09260 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.4.1.13060 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.12.0.07300 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.5.0.09250 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.5.0.09250 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.3.00.10220 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 3.0.0.08080 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.00.10240 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.3.00.10240 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{E54A5A2B-E06C-41A6-A0DE-04C5AA4B415C}) (Version: 1.0.1.10240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x64 (Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E2DE56-6195-4219-97FA-C02DB560B2DF} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {03CB2651-7B56-4475-AC70-F3456D9EE678} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {06AE4280-390E-4D41-B421-097EE5192256} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {0ED160E7-C728-469B-BACC-5CFB86605E90} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {211C0199-F456-42F3-82BD-1B971E5C432B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-08-14] (Sony Corporation)
Task: {291763B2-BB16-4667-9FAA-8350B93A117A} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2D1E425F-7D3E-4B21-A676-3775B76485F5} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {30CAF148-43B4-48C0-A784-AA497FD40ECE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-07-05] (Sony Corporation)
Task: {32FA8A1C-D946-4ADC-9325-02D19FB1161F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {353297FB-B5BA-4320-A202-818227306558} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {375A5AAB-64B4-4378-95CC-51CAD5A86FF4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3EE9E4F6-FE5E-43AF-B733-59265B9D5B7B} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4EA139A3-52C8-485A-AAD2-ACC92E97D882} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {527175CC-7D76-431B-803F-622F38833063} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {597C0513-1CE4-4DAE-9145-C3C7938A101D} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserConected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {5C5DFD80-2EFB-4D21-81C6-EC7A711E3973} - System32\Tasks\PDVDServ Task => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.EXE [2013-03-19] (CyberLink Corp.)
Task: {5E56C47A-7F6C-422A-83C3-D0D78ED7D9EE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5E81E348-9850-4D69-8DE4-8B4DD966A474} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {61379401-D2D2-409A-89BA-ED1EAFB4A3F9} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {7308AA49-AD51-460B-A128-7DC5C96533C3} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserDisconected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {74A87D5C-4A13-4B73-89C0-07F1EF8454E9} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {8D8D6B91-3297-4C25-829B-D4F1FEA8CA3C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {8EA4B3F7-6ABD-4EC2-ACD1-C510919F202C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9309103C-41C0-4C9E-BC1A-FF1DA085C568} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {995FD0C4-4B92-4BE5-A323-4EA532D769E9} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9ADDCB66-46AB-4F9C-AA53-381B18D689AB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {A1E48529-6AC6-40CD-9782-6DFE07AAAABA} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A91A03C9-22B3-4609-B0E5-D809A7DE84BB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {BAD95FB4-AB1A-4F99-B236-5FB96CEDC5E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {BB668D66-4C7E-4D07-B590-8E6CC6003BE3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C2C4D164-ED37-4F33-BC9E-8FC2DA21FFCA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C6E1C42F-8112-497F-97B5-F7C47CB777D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {C85A2D48-F2AE-42F4-AB63-E1A763420AEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C9012A95-8E78-46DF-8A88-550E9BB1F42D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {D339AD84-73E7-4662-B42B-A70577E5FC51} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-04-25] (CyberLink Corp.)
Task: {DC1F8240-23B1-40E2-AB19-7F8EB3038958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {DCB1DD55-5D61-4980-B230-00850A507D85} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {E27666EA-543E-49A7-8CFA-024B9058B9C9} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E2977F39-332C-4B77-A032-FA697E7203B5} - System32\Tasks\Sony Corporation\VAIO Care\DeployVAIOManual => %ProgramData%\Sony Corporation\VAIO Care\VAIOUserGuideUpdate.exe
Task: {EEC8D213-B8C3-4F97-B0BD-3F0B83F33F0B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FB993DA0-820A-41B1-A7A2-A6184DDA44AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-26 15:49 - 2013-10-30 04:18 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-11-05 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-25 15:20 - 2013-09-25 15:20 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-01-26 15:43 - 2013-09-18 04:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Bluetooth"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B9218B80-AD4F-475D-A463-C4C1F49B79C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{32844DDA-B49A-424B-99F0-BDAEFCD47D01}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{564A4495-198F-49A1-8DF4-775C99374901}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6C092FD2-8F10-47DD-AC94-985A5B5B0DFB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{67DD2A88-3679-48E2-A4C8-B99CCCB3E803}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B75CC025-1550-4578-8185-770F27B01BE8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D0824176-837A-4A14-B83B-6B76C2C125BE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F6027EAC-0F61-40CE-836B-8FB0D72625B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9B9A5E79-6565-4D68-AC59-127FFAC0A1F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB93AF72-0D6B-4B9C-ADFE-74FECB4EA655}] => (Allow) LPort=2869
FirewallRules: [{7AB19AFC-8C6D-4580-A46B-5B3100261584}] => (Allow) LPort=1900
FirewallRules: [{3737352A-868A-4A3C-9377-D0B4B964E1DE}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015\Videodeluxe.exe
FirewallRules: [{2A431B48-FF61-403F-9E94-5F7159E43361}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EC994205-45FE-41B5-AA58-0542C9C7374C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{68B879E3-FD87-4CDC-A4C1-C0F68615CEB5}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{A58FF69F-03E6-45B0-BDDA-EC86F5EE8996}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{DC787676-6CFF-4CA2-9947-FAFEAF334ECC}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{C3AC2A96-0F48-4CF2-8100-42F9EF076282}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1553058-B131-4682-BB6C-369BBD9AD98D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D47F3AA0-E43A-4184-8C63-751C24486B69}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{81500139-6DD1-4049-8A04-AB77384F5F7C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{10A30411-A2AB-4DF6-9B22-EB500571E6C5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/06/2015 07:19:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Lukas-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Lukas-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Lukas-PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
for C:\Users\UpdatusUser\ntuser.dat
Error: (06/06/2015 06:24:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/05/2015 02:27:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/05/2015 00:33:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/05/2015 11:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ffbcf16a4f1
ID des fehlerhaften Prozesses: 0xd7c
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3
Vollständiger Name des fehlerhaften Pakets: VCAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VCAgent.exe5
Error: (06/05/2015 11:47:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run()
bei VCAgent.App.Main()
Error: (06/05/2015 11:16:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (06/06/2015 07:27:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VCService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) System Behavior Tracker Collector Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Energy Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VUAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VAIO Event Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/06/2015 07:27:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PMBDeviceInfoProvider" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/06/2015 07:27:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office:
=========================
Error: (06/06/2015 07:19:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Lukas-PC)
Description:
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Lukas-PC)
Description:
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Lukas-PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\UpdatusUser\ntuser.dat
Error: (06/06/2015 06:24:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/05/2015 02:27:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/05/2015 00:33:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/05/2015 11:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c000000500007ffbcf16a4f1d7c01d09cb67ed3c79eC:\Program Files\Sony\VAIO Care\VCAgent.exeunknowne418db09-0b67-11e5-826f-3c077165f80e
Error: (06/05/2015 11:47:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run()
bei VCAgent.App.Main()
Error: (06/05/2015 11:16:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 19%
Total physical RAM: 8103.8 MB
Available physical RAM: 6549.93 MB
Total Pagefile: 9383.8 MB
Available Pagefile: 7858.58 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:904.44 GB) (Free:833.51 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A582497)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
07.06.2015, 15:16
| #7 |
| /// the machine /// TB-Ausbilder | Windows 8: Backdoorfund von Avira-EchtzeitscannerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.06.2015, 19:39
| #8 |
| | Windows 8: Backdoorfund von Avira-Echtzeitscanner Akute Probleme gab es ja zum Glück von Anfang an keine. Die Fragen bleiben halt noch etwas bestehen  Aber trotzdem schon einmal vielen Dank Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6ae04d6ff2372d4a93f31a1a3cdbd7a0
# end=init
# utc_time=2015-06-07 04:25:20
# local_time=2015-06-07 06:25:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24212
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=6ae04d6ff2372d4a93f31a1a3cdbd7a0
# end=updated
# utc_time=2015-06-07 04:29:52
# local_time=2015-06-07 06:29:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=6ae04d6ff2372d4a93f31a1a3cdbd7a0
# engine=24212
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-07 06:04:06
# local_time=2015-06-07 08:04:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 6796206 58581539 0 0
# scanned=387775
# found=0
# cleaned=0
# scan_time=5653
Code:
ATTFilter Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 17.0.0.169
Adobe Reader XI
Mozilla Firefox (38.0.5)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Sony VAIOCA~1 Iolo IOLOTO~1.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Lukas (administrator) on LUKAS-PC on 07-06-2015 20:11:12
Running from C:\Users\Lukas\Desktop
Loaded Profiles: Lukas & (Available Profiles: Lukas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2346008 2013-10-01] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2200920533-3107399475-823698359-1002 -> {7E31E309-3083-4067-A35A-3482255781B5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7E31E309-3083-4067-A35A-3482255781B5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default
FF Homepage: uni-bamberg.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-06-25] (Sony Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default\Extensions\abs@avira.com [2015-05-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor12.0; c:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-03] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 20:11 - 2015-06-07 20:11 - 00018629 _____ C:\Users\Lukas\Desktop\FRST.txt
2015-06-07 20:10 - 2015-06-07 20:10 - 00000822 _____ C:\Users\Lukas\Desktop\checkup.txt
2015-06-07 18:25 - 2015-06-07 18:25 - 00000000 ____D C:\Program Files (x86)\ESET
2015-06-07 18:11 - 2015-06-07 18:12 - 00852639 _____ C:\Users\Lukas\Desktop\SecurityCheck.exe
2015-06-07 18:11 - 2015-06-07 18:11 - 02870984 _____ (ESET) C:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
2015-06-06 19:29 - 2015-06-06 19:29 - 00000720 _____ C:\Users\Lukas\Desktop\JRT.txt
2015-06-06 19:27 - 2015-06-06 19:27 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LUKAS-PC-Windows-8.1-(64-bit).dat
2015-06-06 19:27 - 2015-06-06 19:27 - 00000000 ____D C:\RegBackup
2015-06-06 19:18 - 2015-06-06 19:18 - 00001153 _____ C:\Users\Lukas\Desktop\AdwCleaner[S0].txt
2015-06-06 19:14 - 2015-06-06 19:15 - 00000000 ____D C:\AdwCleaner
2015-06-06 19:03 - 2015-06-06 19:03 - 00001198 _____ C:\Users\Lukas\Desktop\mbam.txt
2015-06-06 18:55 - 2015-06-06 19:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-06 18:38 - 2015-06-06 18:38 - 00001074 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-06 18:38 - 2015-06-06 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-06 18:38 - 2015-06-06 18:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-06 18:38 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-06 18:38 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-06 18:31 - 2015-06-06 18:31 - 02942610 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe
2015-06-06 18:30 - 2015-06-06 18:30 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-06 18:30 - 2015-06-06 18:30 - 02231296 _____ C:\Users\Lukas\Desktop\AdwCleaner_4.206.exe
2015-06-05 13:34 - 2015-06-06 21:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-05 13:34 - 2015-06-06 21:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 13:34 - 2015-06-06 18:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-05 13:32 - 2015-06-06 21:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-05 13:25 - 2015-06-05 13:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lukas\Desktop\tdsskiller.exe
2015-06-05 13:19 - 2015-06-06 21:28 - 00000000 ____D C:\Users\Lukas\Desktop\mbar
2015-06-05 13:17 - 2015-06-05 13:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lukas\Desktop\mbar-1.09.1.1004.exe
2015-06-05 12:40 - 2015-06-05 12:40 - 00132508 _____ C:\Users\Lukas\Desktop\Neues Textdokument.txt
2015-06-05 12:07 - 2015-06-05 12:07 - 00000754 _____ C:\Users\Lukas\Desktop\quarantaene.txt
2015-06-05 11:59 - 2015-06-05 11:59 - 00004984 _____ C:\Users\Lukas\Desktop\Ereignisse.txt
2015-06-05 11:57 - 2015-06-05 11:57 - 00055770 _____ C:\Users\Lukas\Desktop\AVSCAN-20150601-212558-480F1274.LOG
2015-06-05 11:56 - 2015-06-05 11:56 - 00056954 _____ C:\Users\Lukas\Desktop\AVSCAN-20150521-191913-863EDE59.LOG
2015-06-05 11:44 - 2015-06-05 11:44 - 00003851 _____ C:\Users\Lukas\Desktop\Gmer Scan.log
2015-06-05 11:38 - 2015-06-05 11:38 - 00380416 _____ C:\Users\Lukas\Desktop\Gmer-19357.exe
2015-06-05 11:32 - 2015-06-06 19:33 - 00039353 _____ C:\Users\Lukas\Desktop\Addition (06.06.15).txt
2015-06-05 11:32 - 2015-06-06 19:33 - 00034644 _____ C:\Users\Lukas\Desktop\FRST (06.06.15).txt
2015-06-05 11:31 - 2015-06-07 20:11 - 00000000 ____D C:\FRST
2015-06-05 11:31 - 2015-06-05 11:31 - 02108928 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-06-05 11:17 - 2015-06-05 11:17 - 00000000 ____D C:\Users\Lukas\AppData\Local\GWX
2015-05-27 11:13 - 2015-05-27 11:13 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00626888 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-05-27 11:13 - 2015-05-27 11:13 - 00419528 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00267976 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00249032 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo27.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00042696 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-05-24 23:49 - 2015-05-24 23:49 - 00007597 _____ C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2015-05-13 23:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 23:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:02 - 2015-04-10 02:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-12 22:02 - 2015-04-10 02:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-12 22:02 - 2015-03-17 19:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-12 22:02 - 2015-03-09 04:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-12 21:56 - 2015-05-01 01:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:56 - 2015-05-01 00:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 21:56 - 2015-04-14 00:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:56 - 2015-04-10 03:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:56 - 2015-04-10 02:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:56 - 2015-04-10 02:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 21:56 - 2015-04-02 00:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-12 21:56 - 2015-04-02 00:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-12 21:56 - 2015-04-01 05:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-12 21:56 - 2015-04-01 04:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-12 21:56 - 2015-03-20 03:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-12 21:56 - 2015-03-13 03:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-12 21:56 - 2015-03-13 02:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-12 21:56 - 2015-03-04 03:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-12 21:56 - 2015-03-04 03:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-12 21:56 - 2015-01-30 02:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-12 21:56 - 2014-11-14 08:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-12 21:55 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:55 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:55 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:55 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:55 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:55 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:55 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:55 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 21:55 - 2015-04-21 18:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-12 21:55 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 21:55 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 21:55 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 18:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 21:55 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 21:55 - 2015-04-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 21:55 - 2015-04-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-12 21:55 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 21:55 - 2015-04-21 17:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:55 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 21:55 - 2015-04-21 17:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-12 21:55 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 21:55 - 2015-04-21 17:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-12 21:55 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 21:55 - 2015-04-21 17:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-12 21:55 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:55 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 21:55 - 2015-04-21 17:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 21:55 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 21:55 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 21:55 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:55 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 21:55 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 21:55 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 21:55 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 21:55 - 2015-04-09 00:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:55 - 2015-04-03 02:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-12 21:55 - 2015-04-03 02:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-12 21:55 - 2015-03-30 07:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-12 21:55 - 2015-03-27 05:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:55 - 2015-03-27 04:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 21:55 - 2015-03-27 04:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:55 - 2015-03-13 06:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-12 21:55 - 2015-03-13 06:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-12 21:55 - 2015-03-13 04:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-12 21:55 - 2015-03-13 02:29 - 00410017 _____ C:\Windows\system32\ApnDatabase.xml
2015-05-12 21:55 - 2015-03-11 03:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:55 - 2015-03-11 03:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 21:55 - 2015-03-06 05:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 21:55 - 2015-03-06 04:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-12 21:55 - 2015-03-06 04:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-12 21:55 - 2015-02-18 01:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-12 21:38 - 2015-05-12 21:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-07 20:04 - 2014-10-05 23:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2200920533-3107399475-823698359-1002
2015-06-07 20:02 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-07 19:51 - 2014-10-11 14:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-07 18:09 - 2014-01-26 15:49 - 01544747 _____ C:\Windows\WindowsUpdate.log
2015-06-06 21:25 - 2014-10-11 13:45 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\vlc
2015-06-06 21:08 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-06 19:19 - 2015-03-25 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-06 19:17 - 2013-08-22 16:46 - 00029130 _____ C:\Windows\setupact.log
2015-06-06 19:17 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-06 19:16 - 2013-09-13 23:00 - 00397268 _____ C:\Windows\PFRO.log
2015-06-06 19:16 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-05 11:18 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-01 21:17 - 2014-11-04 23:00 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\dvdcss
2015-06-01 21:15 - 2014-01-26 15:44 - 00020526 _____ C:\Windows\DPINST.LOG
2015-06-01 21:14 - 2013-08-22 16:44 - 00686496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-01 18:49 - 2014-10-15 11:32 - 00000000 ____D C:\Users\Lukas\Downloads\VC
2015-06-01 18:43 - 2015-03-05 17:09 - 00000000 ____D C:\ProgramData\Synaptics
2015-05-27 11:13 - 2013-10-29 05:31 - 00764104 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-05-26 00:01 - 2014-10-15 11:33 - 00000000 ____D C:\Users\Lukas\Downloads\Sonstiges
2015-05-25 23:39 - 2014-10-19 14:30 - 00000000 ____D C:\Users\Lukas\Documents\Bafög
2015-05-25 21:54 - 2014-01-27 00:26 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-05-25 21:54 - 2014-01-27 00:26 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-05-25 21:54 - 2013-09-13 23:06 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-25 19:44 - 2014-10-23 18:36 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2015-05-25 19:44 - 2014-01-26 15:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 18:47 - 2014-10-09 16:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-16 15:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-05-14 01:27 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-13 21:49 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 00:45 - 2014-10-19 19:47 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 00:42 - 2014-10-19 19:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 00:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-05-13 00:38 - 2015-01-25 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:05 - 2013-08-22 21:12 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-12 21:38 - 2014-01-26 16:26 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
==================== Files in the root of some directories =======
2015-05-24 23:49 - 2015-05-24 23:49 - 0007597 _____ () C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2014-01-26 15:45 - 2014-01-26 15:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\avgnt.exe
C:\Users\Lukas\AppData\Local\Temp\COMAP.EXE
C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe
C:\Users\Lukas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-05 16:32
==================== End of log ============================
Addition.txt [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Lukas at 2015-06-07 20:12:11
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2200920533-3107399475-823698359-500 - Administrator - Disabled)
Gast (S-1-5-21-2200920533-3107399475-823698359-501 - Limited - Disabled)
Lukas (S-1-5-21-2200920533-3107399475-823698359-1002 - Administrator - Enabled) => C:\Users\Lukas
UpdatusUser (S-1-5-21-2200920533-3107399475-823698359-1001 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acoustica SE 4.1 (HKLM-x32\...\Acoustica SE_is1) (Version: 4.1 - Acon Digital Media GmbH)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3202 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5804.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.2.0.10110 - Sony Corporation)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{4065415E-A05E-4555-B527-CEF9F165B8BC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.153 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.153 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 327.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.39 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.5.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PlayMemories Home (HKLM-x32\...\{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}) (Version: 8.0.02.10010 - Sony Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
Recorder-Studio SE 1.0 (HKLM-x32\...\Recorder-Studio SE_is1) (Version: 1.0 - BHV Software GmbH & Co. KG)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.1.0.09260 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{7BF64721-B4E0-4CBC-8D4B-E9E6A8590521}) (Version: 1.1.3.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.0.09260 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.4.1.13060 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.12.0.07300 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.5.0.09250 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.5.0.09250 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.3.00.10220 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 3.0.0.08080 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.00.10240 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.3.00.10240 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{E54A5A2B-E06C-41A6-A0DE-04C5AA4B415C}) (Version: 1.0.1.10240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x64 (Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E2DE56-6195-4219-97FA-C02DB560B2DF} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {06AE4280-390E-4D41-B421-097EE5192256} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {211C0199-F456-42F3-82BD-1B971E5C432B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-08-14] (Sony Corporation)
Task: {291763B2-BB16-4667-9FAA-8350B93A117A} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2D1E425F-7D3E-4B21-A676-3775B76485F5} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {30CAF148-43B4-48C0-A784-AA497FD40ECE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-07-05] (Sony Corporation)
Task: {353297FB-B5BA-4320-A202-818227306558} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {375A5AAB-64B4-4378-95CC-51CAD5A86FF4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3C31DDC1-A94F-4F70-8822-5B40789C59D9} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {3EE9E4F6-FE5E-43AF-B733-59265B9D5B7B} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4EA139A3-52C8-485A-AAD2-ACC92E97D882} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {527175CC-7D76-431B-803F-622F38833063} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {52DFC392-B343-40CF-9A02-28452B160C19} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {597C0513-1CE4-4DAE-9145-C3C7938A101D} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserConected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {5C5DFD80-2EFB-4D21-81C6-EC7A711E3973} - System32\Tasks\PDVDServ Task => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.EXE [2013-03-19] (CyberLink Corp.)
Task: {5E56C47A-7F6C-422A-83C3-D0D78ED7D9EE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5E81E348-9850-4D69-8DE4-8B4DD966A474} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {61379401-D2D2-409A-89BA-ED1EAFB4A3F9} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {7308AA49-AD51-460B-A128-7DC5C96533C3} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserDisconected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {74A87D5C-4A13-4B73-89C0-07F1EF8454E9} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {8D8D6B91-3297-4C25-829B-D4F1FEA8CA3C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {9309103C-41C0-4C9E-BC1A-FF1DA085C568} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {995FD0C4-4B92-4BE5-A323-4EA532D769E9} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9ADDCB66-46AB-4F9C-AA53-381B18D689AB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {A1E48529-6AC6-40CD-9782-6DFE07AAAABA} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A543E06E-9AD9-436F-B75B-A444F79EE8FC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {A761F4E1-FE6E-4B3F-93FF-F70F00AF3662} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {A91A03C9-22B3-4609-B0E5-D809A7DE84BB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {BAD95FB4-AB1A-4F99-B236-5FB96CEDC5E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {BB668D66-4C7E-4D07-B590-8E6CC6003BE3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C2C4D164-ED37-4F33-BC9E-8FC2DA21FFCA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {C6E1C42F-8112-497F-97B5-F7C47CB777D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {C85A2D48-F2AE-42F4-AB63-E1A763420AEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C9012A95-8E78-46DF-8A88-550E9BB1F42D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {D339AD84-73E7-4662-B42B-A70577E5FC51} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-04-25] (CyberLink Corp.)
Task: {DC1F8240-23B1-40E2-AB19-7F8EB3038958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {DFC9289E-BDA6-4D25-AD9E-BA0800AD9B68} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E27666EA-543E-49A7-8CFA-024B9058B9C9} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E2977F39-332C-4B77-A032-FA697E7203B5} - System32\Tasks\Sony Corporation\VAIO Care\DeployVAIOManual => %ProgramData%\Sony Corporation\VAIO Care\VAIOUserGuideUpdate.exe
Task: {EEC8D213-B8C3-4F97-B0BD-3F0B83F33F0B} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {FB993DA0-820A-41B1-A7A2-A6184DDA44AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2014-11-05 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-25 15:20 - 2013-09-25 15:20 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-01-26 15:49 - 2013-10-30 04:18 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-26 15:43 - 2013-09-18 04:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-11-19 11:21 - 2013-11-19 11:21 - 00347136 _____ () C:\Program Files\Sony\VAIO Care\Iolo\vosges.dll
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Bluetooth"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B9218B80-AD4F-475D-A463-C4C1F49B79C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{32844DDA-B49A-424B-99F0-BDAEFCD47D01}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{564A4495-198F-49A1-8DF4-775C99374901}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6C092FD2-8F10-47DD-AC94-985A5B5B0DFB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{67DD2A88-3679-48E2-A4C8-B99CCCB3E803}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B75CC025-1550-4578-8185-770F27B01BE8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D0824176-837A-4A14-B83B-6B76C2C125BE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F6027EAC-0F61-40CE-836B-8FB0D72625B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9B9A5E79-6565-4D68-AC59-127FFAC0A1F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB93AF72-0D6B-4B9C-ADFE-74FECB4EA655}] => (Allow) LPort=2869
FirewallRules: [{7AB19AFC-8C6D-4580-A46B-5B3100261584}] => (Allow) LPort=1900
FirewallRules: [{3737352A-868A-4A3C-9377-D0B4B964E1DE}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015\Videodeluxe.exe
FirewallRules: [{2A431B48-FF61-403F-9E94-5F7159E43361}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EC994205-45FE-41B5-AA58-0542C9C7374C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{68B879E3-FD87-4CDC-A4C1-C0F68615CEB5}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{A58FF69F-03E6-45B0-BDDA-EC86F5EE8996}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{DC787676-6CFF-4CA2-9947-FAFEAF334ECC}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{C3AC2A96-0F48-4CF2-8100-42F9EF076282}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1553058-B131-4682-BB6C-369BBD9AD98D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D47F3AA0-E43A-4184-8C63-751C24486B69}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{81500139-6DD1-4049-8A04-AB77384F5F7C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{10A30411-A2AB-4DF6-9B22-EB500571E6C5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/07/2015 08:06:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (06/07/2015 06:25:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (06/07/2015 06:25:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (06/07/2015 06:25:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (06/07/2015 06:25:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (06/07/2015 06:13:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (06/07/2015 06:13:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.
Error: (06/06/2015 08:32:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/06/2015 07:19:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Lukas-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Lukas-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
System errors:
=============
Error: (06/07/2015 06:26:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/07/2015 06:26:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
Error: (06/07/2015 06:26:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/07/2015 06:26:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
Error: (06/07/2015 06:26:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275
Error: (06/07/2015 06:26:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Lukas\AppData\Local\Temp\ehdrv.sys
Error: (06/07/2015 06:06:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/06/2015 09:37:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/06/2015 09:37:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/06/2015 09:37:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Microsoft Office:
=========================
Error: (06/07/2015 08:06:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (06/07/2015 06:25:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (06/07/2015 06:25:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (06/07/2015 06:25:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (06/07/2015 06:25:09 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (06/07/2015 06:13:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
Error: (06/07/2015 06:13:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestC:\Users\Lukas\Downloads\esetsmartinstaller_deu.exe
Error: (06/06/2015 08:32:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/06/2015 07:19:59 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Lukas-PC)
Description:
Error: (06/06/2015 07:19:58 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Lukas-PC)
Description:
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 25%
Total physical RAM: 8103.8 MB
Available physical RAM: 6012.84 MB
Total Pagefile: 9383.8 MB
Available Pagefile: 7098.09 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:904.44 GB) (Free:833.35 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A582497)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
08.06.2015, 10:36
| #9 |
| /// the machine /// TB-Ausbilder | Windows 8: Backdoorfund von Avira-Echtzeitscanner Java updaten. Logs sind sauber. welche Fragen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.06.2015, 22:24
| #10 |
| | Windows 8: Backdoorfund von Avira-Echtzeitscanner Java kann ich eigentlich gleich komplett deinstallieren. Das klingt aufjedenfall schonmal gut Vielen Dank für deine Hilfe. Zu den Fragen (ich versuche, mich nur auf die wichtigsten zu reduzieren ) :1. Gibt es eine Erkärung, wieso die Erkennung durch Avira etwas merkwürdig verlaufen ist? (7mal erkannt, bevor es dem Benutzer über das standardmäßige Pop-Up-Fenster gemeldet wurde)? 2. Ist es wahrscheinlicher, dass der Virus schon längere Zeit auf dem PC war oder das der Echtzeitscanner diesen direkt erkannt hat, als er auf den Rechner kam? 3. Kann man etwas über die zwei versteckten Objekte sagen, die Avira für eine Sitzung gefunden hat? (Nach Neustart nicht mehr) Lag das möglicherweise an einer halb abgeschlossenen Systemaktualisierung? (Der Suchlauf nach versteckten Objekten wird begonnen. Fehler in der ARK Library Versteckter Thread \Device\HarddiskV) 4. Gibt es eine Erklärung dafür, dass mich mein Rechner seit noch nicht allzu langer Zeit wieder dazu auffordert, ein Wiederherstellungsmedium zu erstellen, obwohl ich das eigentlich direkt zu Beginn gemacht habe? 5. Wieso wird in den Eigenschaften des Prozesses vom Audiorekorder ein unbekanntes Konto angezeigt (s. Bild)? 6. Diese Fehlermeldung zu Beginn von Malwarebytes Anti-Rootkit ist ungefährlich? "Probable rootkit activity detected: Rootkit value "AppInit_Dlls" has been found, which may be caused by rootkit activity. Note: Press "No" button if you're not sure. If the tool chrashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appear again. Do you want to remove this value and restart the tool?" 7. Wieso hat der AdwCleaner die im Log angezeigten Registrierungsschlüssel gelöscht? 8. Wieso hat das JRT Tool den im Log angegebenen Ordner von Firefox gelöscht und sollte man das immer wieder mal tun? 9. Ist ein Rootkit eigentlich gleichzeit auch das Programm, das schädliche Prozesse ausführt oder dient es nur dazu, immer wieder schädliche Programme reinzulassen bzw. zu verstecken und sind diese versteckten Programme dann genauso schwer auffindbar wie das Rootkit? Und gibt es eigentlich irgendwelche Hinweise, die auf einen gut versteckten Rootkit hindeuten (Ich meine jezt allgemein bei der gewöhnlichen Nutzung)? 10. Mbar, Mbam, TdssKiller und Eset kann ich als Scanner nach den hier angegeben Einstellungen immer wieder mal laufen lassen oder? 11. Noch eine letzte Sicherheitsfrage: Bei Youtube ist mir aufgefallen, dass dort aktuell der HTML5-Videoplayer standardmäßig genutzt wird. Ist der sicher oder sollte ich wieder auf den Flash-Player umsteigen? Sind jezt doch einige Fragen geworden, auch wenn mir klar ist, dass die nicht alle eindeutig beantwortbar sind Das ist einfach die Neugierde Vielen Dank noch einmal, dass ich mich jezt wieder sicher fühlen kann  Malware halte ich mir zum Glück normal erfolgreich fern, aber wenn es dann doch irgendwie einmal durchkommt, wird mir dieses eigentlich viel zu unbekannte Technikzeugs immer etwas suspekt Geändert von bcko30 (09.06.2015 um 22:39 Uhr) |
|
10.06.2015, 18:40
| #11 | |||||||
| /// the machine /// TB-Ausbilder | Windows 8: Backdoorfund von Avira-EchtzeitscannerZitat:
Zitat:
Zitat:
Zitat:
Zitat:
https://blog.kaspersky.de/was-ist-ein-rootkit/853/ Zitat:
Zitat:
HTML5 und Flash im Vergleich - Das Erbe von Flash - Software - PC-WELT
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2015, 00:58
| #12 |
| | Windows 8: Backdoorfund von Avira-Echtzeitscanner 2. Ich könnte vielleicht mal dem Avira Support die Datei zu kommen lassen, damit die prüfen können, ob das evtl. ein Fehlalarm war, das müsste ja eigentlich möglich sein. 7. und 8. War das eBay.ink dann wirklich Adware? Das war eigentlich vorinstalliert auf dem System bzw. ist ja nur eine Verknüpfung oder war die Adware dann in den Registrierungsschlüsseln? ------------------------------------------------------------------------------- Jezt wollte ich mich eigentlich noch einmal für das Beantworten der Fragen bedanken und die ganze Sache abschließen, allerdings wurde gerade eben beim Mbam-Scan eine infizierte Datei gefunden. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 11.06.2015 Suchlauf-Zeit: 23:31:37 Logdatei: mbam2.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.06.11.04 Rootkit Datenbank: v2015.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Lukas Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 430827 Verstrichene Zeit: 27 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 Trojan.Agent.AI, C:\Users\Lukas\AppData\Local\Temp\Quarantine.exe, In Quarantäne, [d39d07b23e4ca492655f600d7c86748c], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Währenddessen hat sich Avira zweimal gemeldet (wobei komischerweise wieder nur einmal ein Pop-Up-Fenster erschienen ist). Das eine Mal aufjedenfall, als es um das Verschieben in die Quarantäne ging, deshalb denke ich, dass das damit zusammenhängt. Das Verschieben müsste durch den Neustart dann ja trotzdem geklappt haben. Code:
ATTFilter Exportierte Ereignisse:
12.06.2015 00:06 [Echtzeit-Scanner] Registry blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
blockiert.
12.06.2015 00:00 [Echtzeit-Scanner] Registry blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry
blockiert.
FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Lukas (administrator) on LUKAS-PC on 12-06-2015 01:09:21
Running from C:\Users\Lukas\Desktop
Loaded Profiles: UpdatusUser & Lukas & (Available Profiles: UpdatusUser & Lukas)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => c:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-25] (Broadcom Corporation.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2346008 2013-10-01] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-30] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-30] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
URLSearchHook: [S-1-5-21-2200920533-3107399475-823698359-1001] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2200920533-3107399475-823698359-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2200920533-3107399475-823698359-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-2200920533-3107399475-823698359-1001.bak-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2200920533-3107399475-823698359-1002 -> {7E31E309-3083-4067-A35A-3482255781B5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {7E31E309-3083-4067-A35A-3482255781B5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {7E31E309-3083-4067-A35A-3482255781B5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-01-26] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-01-26] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default
FF Homepage: uni-bamberg.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_160.dll [2015-06-09] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_160.dll [2015-06-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-01-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2013-06-25] (Sony Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\dn1xwhro.default\Extensions\abs@avira.com [2015-05-29]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor12.0; c:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-05] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-27] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2013-05-23] (Sony Corporation) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; c:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-05-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-04] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-01-26] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-18] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-10-09] (Realsil Semiconductor Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-01-03] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-12 01:09 - 2015-06-12 01:09 - 00021106 _____ C:\Users\Lukas\Desktop\FRST.txt
2015-06-12 00:13 - 2015-06-12 00:13 - 00000696 _____ C:\Users\Lukas\Desktop\Ereignisse2.txt
2015-06-12 00:11 - 2015-06-12 00:11 - 00001280 _____ C:\Users\Lukas\Desktop\mbam2.txt
2015-06-12 00:08 - 2015-06-12 00:08 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Vorlagen
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Startmenü
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Netzwerkumgebung
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Lokale Einstellungen
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Eigene Dateien
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Druckumgebung
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Musik
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Documents\Eigene Bilder
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Verlauf
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\AppData\Local\Anwendungsdaten
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 _SHDL C:\Users\TEMP\Anwendungsdaten
2015-06-12 00:08 - 2015-06-12 00:08 - 00000000 ____D C:\Users\TEMP
2015-06-12 00:08 - 2015-04-23 02:06 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-06-12 00:08 - 2015-04-23 02:06 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-12 00:08 - 2015-04-23 02:06 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-06-12 00:08 - 2014-02-22 06:37 - 00000369 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-12 00:08 - 2014-02-22 06:37 - 00000369 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-12 00:08 - 2014-01-26 16:59 - 00001821 _____ C:\Users\TEMP\Desktop\eBay.lnk
2015-06-12 00:08 - 2013-08-22 17:36 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-09 22:56 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 22:56 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 22:56 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 22:56 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 22:56 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 22:56 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 22:56 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 22:56 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 22:56 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 22:56 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 22:56 - 2015-05-23 04:47 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 22:56 - 2015-05-23 04:43 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 22:56 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 22:56 - 2015-05-23 04:38 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 22:56 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 22:56 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 22:56 - 2015-05-23 04:28 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 22:56 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 22:56 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 22:56 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 22:56 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 22:56 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 22:56 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 22:56 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 22:56 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 22:56 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 22:56 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 22:56 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 22:56 - 2015-05-22 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 22:56 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 22:56 - 2015-05-22 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 22:56 - 2015-05-22 20:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 22:56 - 2015-05-22 20:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 22:56 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 22:56 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 22:56 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 22:56 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 22:56 - 2015-05-22 19:49 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 22:56 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 22:56 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 22:56 - 2015-04-25 04:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 22:56 - 2015-04-25 04:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 22:55 - 2015-05-21 18:47 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-08 23:55 - 2015-06-09 23:24 - 00003074 _____ C:\Users\Lukas\Desktop\Neues Textdokument (2).txt
2015-06-07 20:12 - 2015-06-07 20:12 - 00041266 _____ C:\Users\Lukas\Desktop\Addition (07.06.15).txt
2015-06-07 20:11 - 2015-06-07 20:12 - 00037877 _____ C:\Users\Lukas\Desktop\FRST (07.06.15).txt
2015-06-07 20:10 - 2015-06-07 20:10 - 00000822 _____ C:\Users\Lukas\Desktop\checkup.txt
2015-06-07 18:11 - 2015-06-07 18:12 - 00852639 _____ C:\Users\Lukas\Desktop\SecurityCheck.exe
2015-06-07 18:11 - 2015-06-07 18:11 - 02870984 _____ (ESET) C:\Users\Lukas\Desktop\esetsmartinstaller_deu.exe
2015-06-06 19:29 - 2015-06-06 19:29 - 00000720 _____ C:\Users\Lukas\Desktop\JRT.txt
2015-06-06 19:27 - 2015-06-06 19:27 - 00000207 _____ C:\Windows\tweaking.com-regbackup-LUKAS-PC-Windows-8.1-(64-bit).dat
2015-06-06 19:27 - 2015-06-06 19:27 - 00000000 ____D C:\RegBackup
2015-06-06 19:18 - 2015-06-06 19:18 - 00001153 _____ C:\Users\Lukas\Desktop\AdwCleaner[S0].txt
2015-06-06 19:14 - 2015-06-06 19:15 - 00000000 ____D C:\AdwCleaner
2015-06-06 19:03 - 2015-06-06 19:03 - 00001198 _____ C:\Users\Lukas\Desktop\mbam.txt
2015-06-06 18:55 - 2015-06-12 00:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-06 18:38 - 2015-06-06 18:38 - 00001074 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-06-06 18:38 - 2015-06-06 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-06-06 18:38 - 2015-06-06 18:38 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-06-06 18:38 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-06 18:38 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-06 18:31 - 2015-06-06 18:31 - 02942610 _____ (Thisisu) C:\Users\Lukas\Desktop\JRT.exe
2015-06-06 18:30 - 2015-06-06 18:30 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Lukas\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-06 18:30 - 2015-06-06 18:30 - 02231296 _____ C:\Users\Lukas\Desktop\AdwCleaner_4.206.exe
2015-06-05 13:34 - 2015-06-12 00:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-05 13:34 - 2015-06-12 00:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-06-05 13:34 - 2015-06-06 18:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-05 13:32 - 2015-06-06 21:00 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-05 13:25 - 2015-06-05 13:25 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lukas\Desktop\tdsskiller.exe
2015-06-05 13:19 - 2015-06-06 21:28 - 00000000 ____D C:\Users\Lukas\Desktop\mbar
2015-06-05 13:17 - 2015-06-05 13:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lukas\Desktop\mbar-1.09.1.1004.exe
2015-06-05 12:40 - 2015-06-05 12:40 - 00132508 _____ C:\Users\Lukas\Desktop\Neues Textdokument.txt
2015-06-05 12:07 - 2015-06-05 12:07 - 00000754 _____ C:\Users\Lukas\Desktop\quarantaene.txt
2015-06-05 11:59 - 2015-06-05 11:59 - 00004984 _____ C:\Users\Lukas\Desktop\Ereignisse.txt
2015-06-05 11:57 - 2015-06-05 11:57 - 00055770 _____ C:\Users\Lukas\Desktop\AVSCAN-20150601-212558-480F1274.LOG
2015-06-05 11:56 - 2015-06-05 11:56 - 00056954 _____ C:\Users\Lukas\Desktop\AVSCAN-20150521-191913-863EDE59.LOG
2015-06-05 11:44 - 2015-06-05 11:44 - 00003851 _____ C:\Users\Lukas\Desktop\Gmer Scan.log
2015-06-05 11:38 - 2015-06-05 11:38 - 00380416 _____ C:\Users\Lukas\Desktop\Gmer-19357.exe
2015-06-05 11:32 - 2015-06-06 19:33 - 00039353 _____ C:\Users\Lukas\Desktop\Addition (06.06.15).txt
2015-06-05 11:32 - 2015-06-06 19:33 - 00034644 _____ C:\Users\Lukas\Desktop\FRST (06.06.15).txt
2015-06-05 11:31 - 2015-06-12 01:09 - 00000000 ____D C:\FRST
2015-06-05 11:31 - 2015-06-05 11:31 - 02108928 _____ (Farbar) C:\Users\Lukas\Desktop\FRST64.exe
2015-06-05 11:17 - 2015-06-05 11:17 - 00000000 ____D C:\Users\Lukas\AppData\Local\GWX
2015-05-27 11:13 - 2015-05-27 11:13 - 01804696 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00626888 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2015-05-27 11:13 - 2015-05-27 11:13 - 00419528 _____ (Synaptics Incorporated) C:\Windows\SysWOW64\SynCom.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00267976 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00249032 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCo27.dll
2015-05-27 11:13 - 2015-05-27 11:13 - 00042696 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_Intel.sys
2015-05-24 23:49 - 2015-05-24 23:49 - 00007597 _____ C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2015-05-13 23:49 - 2015-04-24 23:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 23:49 - 2015-03-05 01:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:50 - 2015-04-30 22:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-12 01:09 - 2014-01-26 15:49 - 02026285 _____ C:\Windows\WindowsUpdate.log
2015-06-12 01:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-12 00:56 - 2014-10-11 13:45 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\vlc
2015-06-12 00:51 - 2014-10-11 14:47 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-12 00:05 - 2013-08-22 16:46 - 00029246 _____ C:\Windows\setupact.log
2015-06-12 00:05 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-12 00:05 - 2013-08-22 16:44 - 00686496 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-12 00:03 - 2015-03-25 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-12 00:03 - 2014-10-05 23:01 - 00000000 ____D C:\Windows\pss
2015-06-12 00:03 - 2013-09-13 23:00 - 00398582 _____ C:\Windows\PFRO.log
2015-06-12 00:03 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-06-12 00:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-11 23:29 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-09 22:40 - 2014-10-15 11:33 - 00000000 ____D C:\Users\Lukas\Downloads\Sonstiges
2015-06-09 22:40 - 2014-10-11 14:47 - 00003772 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-09 22:40 - 2014-10-05 23:01 - 00000000 ____D C:\Users\Lukas\AppData\Local\Adobe
2015-06-09 22:38 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-07 20:04 - 2014-10-05 23:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2200920533-3107399475-823698359-1002
2015-06-03 18:18 - 2013-08-22 17:38 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-03 18:18 - 2013-08-22 17:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-01 21:17 - 2014-11-04 23:00 - 00000000 ____D C:\Users\Lukas\AppData\Roaming\dvdcss
2015-06-01 21:15 - 2014-01-26 15:44 - 00020526 _____ C:\Windows\DPINST.LOG
2015-06-01 18:49 - 2014-10-15 11:32 - 00000000 ____D C:\Users\Lukas\Downloads\VC
2015-06-01 18:43 - 2015-03-05 17:09 - 00000000 ____D C:\ProgramData\Synaptics
2015-05-27 11:13 - 2013-10-29 05:31 - 00764104 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2015-05-25 23:39 - 2014-10-19 14:30 - 00000000 ____D C:\Users\Lukas\Documents\Bafög
2015-05-25 21:54 - 2014-01-27 00:26 - 00765582 _____ C:\Windows\system32\perfh007.dat
2015-05-25 21:54 - 2014-01-27 00:26 - 00159366 _____ C:\Windows\system32\perfc007.dat
2015-05-25 21:54 - 2013-09-13 23:06 - 01776918 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-25 19:44 - 2014-10-23 18:36 - 00000000 ____D C:\Windows\SysWOW64\SupportAppCB
2015-05-25 19:44 - 2014-01-26 15:45 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-22 20:59 - 2015-04-04 20:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-20 18:47 - 2014-10-09 16:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-16 15:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-05-14 01:27 - 2013-08-22 17:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-13 21:49 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 10:24 - 2015-01-25 22:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 00:45 - 2014-10-19 19:47 - 00000000 ____D C:\Windows\system32\MRT
2015-05-13 00:42 - 2014-10-19 19:47 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 00:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-05-13 00:38 - 2015-01-25 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
==================== Files in the root of some directories =======
2015-05-24 23:49 - 2015-05-24 23:49 - 0007597 _____ () C:\Users\Lukas\AppData\Local\Resmon.ResmonCfg
2014-01-26 15:45 - 2014-01-26 15:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Lukas\AppData\Local\Temp\avgnt.exe
C:\Users\Lukas\AppData\Local\Temp\COMAP.EXE
C:\Users\Lukas\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-12 01:01
==================== End of log ============================
Addition.txt [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Lukas at 2015-06-12 01:10:16
Running from C:\Users\Lukas\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2200920533-3107399475-823698359-500 - Administrator - Disabled)
Gast (S-1-5-21-2200920533-3107399475-823698359-501 - Limited - Disabled)
Lukas (S-1-5-21-2200920533-3107399475-823698359-1002 - Administrator - Enabled) => C:\Users\Lukas
UpdatusUser (S-1-5-21-2200920533-3107399475-823698359-1001 - Limited - Enabled) => C:\Users\TEMP
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acoustica SE 4.1 (HKLM-x32\...\Acoustica SE_is1) (Version: 4.1 - Acon Digital Media GmbH)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.3202 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5804.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.2.0.10110 - Sony Corporation)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{4065415E-A05E-4555-B527-CEF9F165B8BC}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video deluxe 2015 (HKLM\...\MX.{FFDC29E6-5C7C-4AA8-AF5A-99E015165382}) (Version: 14.0.0.153 - MAGIX Software GmbH)
MAGIX Video deluxe 2015 (Version: 14.0.0.153 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{B55B7EAE-C58C-496E-A383-3A6ABDD83A62}) (Version: 2.5.290 - Sony)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 327.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.39 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.5.0 - NXP Semiconductors)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PlayMemories Home (HKLM-x32\...\{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}) (Version: 8.0.02.10010 - Sony Corporation)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.16.2.15545 - Sony Computer Entertainment Inc.)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7054 - Realtek Semiconductor Corp.)
Recorder-Studio SE 1.0 (HKLM-x32\...\Recorder-Studio SE_is1) (Version: 1.0 - BHV Software GmbH & Co. KG)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.1.0.09260 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{7BF64721-B4E0-4CBC-8D4B-E9E6A8590521}) (Version: 1.1.3.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.0.09260 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.4.1.13060 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.12.0.07300 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.5.0.09250 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.5.0.09250 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.3.00.10220 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 3.0.0.08080 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.00.10240 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.3.00.10240 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{E54A5A2B-E06C-41A6-A0DE-04C5AA4B415C}) (Version: 1.0.1.10240 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x64 (Version: 1.0.0 - Sony Corporation) Hidden
VI3.0x86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VirtualDJ Home FREE (HKLM-x32\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.8030 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
11-06-2015 23:26:51 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E2DE56-6195-4219-97FA-C02DB560B2DF} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {06AE4280-390E-4D41-B421-097EE5192256} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {1B41E805-D940-4893-9576-FB206346AB80} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {211C0199-F456-42F3-82BD-1B971E5C432B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-08-14] (Sony Corporation)
Task: {291763B2-BB16-4667-9FAA-8350B93A117A} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {2D1E425F-7D3E-4B21-A676-3775B76485F5} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {30CAF148-43B4-48C0-A784-AA497FD40ECE} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-07-05] (Sony Corporation)
Task: {353297FB-B5BA-4320-A202-818227306558} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {375A5AAB-64B4-4378-95CC-51CAD5A86FF4} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3E00096C-1C22-49A8-A4F5-82A81A4E3AC3} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {3EE9E4F6-FE5E-43AF-B733-59265B9D5B7B} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4EA139A3-52C8-485A-AAD2-ACC92E97D882} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {527175CC-7D76-431B-803F-622F38833063} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {52DFC392-B343-40CF-9A02-28452B160C19} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-05-13] (Microsoft Corporation)
Task: {590E2275-71B8-4455-AB08-62883FE6D352} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {597C0513-1CE4-4DAE-9145-C3C7938A101D} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserConected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {5C5DFD80-2EFB-4D21-81C6-EC7A711E3973} - System32\Tasks\PDVDServ Task => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.EXE [2013-03-19] (CyberLink Corp.)
Task: {5E56C47A-7F6C-422A-83C3-D0D78ED7D9EE} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5E81E348-9850-4D69-8DE4-8B4DD966A474} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {61379401-D2D2-409A-89BA-ED1EAFB4A3F9} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {7308AA49-AD51-460B-A128-7DC5C96533C3} - System32\Tasks\Sony Corporation\VAIO Improvement\v3\VAIOImprovementUploaderUserDisconected => C:\Program Files\Sony\VAIO Improvement\v3\Sony.VAIO.VAIOImprovement.Uploader.exe [2013-08-09] (Sony Corporation)
Task: {74A87D5C-4A13-4B73-89C0-07F1EF8454E9} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {8D8D6B91-3297-4C25-829B-D4F1FEA8CA3C} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-08-14] (Sony Corporation)
Task: {9309103C-41C0-4C9E-BC1A-FF1DA085C568} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {995FD0C4-4B92-4BE5-A323-4EA532D769E9} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9ADDCB66-46AB-4F9C-AA53-381B18D689AB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {A1E48529-6AC6-40CD-9782-6DFE07AAAABA} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A91A03C9-22B3-4609-B0E5-D809A7DE84BB} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-09-24] (Sony Corporation)
Task: {B7EEA861-EA1E-492C-A876-044CE8E451D0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {BAD95FB4-AB1A-4F99-B236-5FB96CEDC5E5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {BB668D66-4C7E-4D07-B590-8E6CC6003BE3} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {C2C4D164-ED37-4F33-BC9E-8FC2DA21FFCA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {C6E1C42F-8112-497F-97B5-F7C47CB777D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {C85A2D48-F2AE-42F4-AB63-E1A763420AEE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {C9012A95-8E78-46DF-8A88-550E9BB1F42D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {D339AD84-73E7-4662-B42B-A70577E5FC51} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-04-25] (CyberLink Corp.)
Task: {DC1F8240-23B1-40E2-AB19-7F8EB3038958} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {E27666EA-543E-49A7-8CFA-024B9058B9C9} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E2977F39-332C-4B77-A032-FA697E7203B5} - System32\Tasks\Sony Corporation\VAIO Care\DeployVAIOManual => %ProgramData%\Sony Corporation\VAIO Care\VAIOUserGuideUpdate.exe
Task: {EE1DC044-BE74-4E29-831A-7A737FBC6A8A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {FB993DA0-820A-41B1-A7A2-A6184DDA44AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (Whitelisted) ==============
2014-01-26 15:49 - 2013-10-30 04:18 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-09-25 15:20 - 2013-09-25 15:20 - 00049368 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-11-05 16:24 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-11-19 11:21 - 2013-11-19 11:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-01-26 15:43 - 2013-09-18 04:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2200920533-3107399475-823698359-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
HKU\S-1-5-21-2200920533-3107399475-823698359-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
HKU\S-1-5-21-2200920533-3107399475-823698359-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
HKU\S-1-5-21-2200920533-3107399475-823698359-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
HKU\S-1-5-21-2200920533-3107399475-823698359-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Bluetooth"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B9218B80-AD4F-475D-A463-C4C1F49B79C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{32844DDA-B49A-424B-99F0-BDAEFCD47D01}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{564A4495-198F-49A1-8DF4-775C99374901}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{6C092FD2-8F10-47DD-AC94-985A5B5B0DFB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{67DD2A88-3679-48E2-A4C8-B99CCCB3E803}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{B75CC025-1550-4578-8185-770F27B01BE8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D0824176-837A-4A14-B83B-6B76C2C125BE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F6027EAC-0F61-40CE-836B-8FB0D72625B2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9B9A5E79-6565-4D68-AC59-127FFAC0A1F3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB93AF72-0D6B-4B9C-ADFE-74FECB4EA655}] => (Allow) LPort=2869
FirewallRules: [{7AB19AFC-8C6D-4580-A46B-5B3100261584}] => (Allow) LPort=1900
FirewallRules: [{3737352A-868A-4A3C-9377-D0B4B964E1DE}] => (Allow) C:\Program Files\MAGIX\Video deluxe 2015\Videodeluxe.exe
FirewallRules: [{2A431B48-FF61-403F-9E94-5F7159E43361}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{EC994205-45FE-41B5-AA58-0542C9C7374C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{68B879E3-FD87-4CDC-A4C1-C0F68615CEB5}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{A58FF69F-03E6-45B0-BDDA-EC86F5EE8996}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{DC787676-6CFF-4CA2-9947-FAFEAF334ECC}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{C3AC2A96-0F48-4CF2-8100-42F9EF076282}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F1553058-B131-4682-BB6C-369BBD9AD98D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{D47F3AA0-E43A-4184-8C63-751C24486B69}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{81500139-6DD1-4049-8A04-AB77384F5F7C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{10A30411-A2AB-4DF6-9B22-EB500571E6C5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/12/2015 01:02:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1". Fehler in Manifest- oder Richtliniendatei "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" in Zeile UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (06/12/2015 00:58:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Lukas-PC)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Lukas-PC)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Lukas-PC)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht.
Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
for C:\Users\UpdatusUser\ntuser.dat
Error: (06/12/2015 00:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ffe2889b261
ID des fehlerhaften Prozesses: 0x32c
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3
Vollständiger Name des fehlerhaften Pakets: VCAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VCAgent.exe5
Error: (06/12/2015 00:02:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run()
bei VCAgent.App.Main()
Error: (06/11/2015 11:26:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2200920533-3107399475-823698359-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {12923ad5-68f4-4557-ba18-e310f4d0e146}
Error: (06/09/2015 02:29:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927148. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
System errors:
=============
Error: (06/12/2015 00:03:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/12/2015 00:03:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/12/2015 00:01:05 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/11/2015 11:27:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/09/2015 11:56:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/09/2015 11:56:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/09/2015 11:56:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/09/2015 11:56:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/09/2015 11:56:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Error: (06/09/2015 10:38:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Microsoft Office:
=========================
Error: (06/12/2015 01:02:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
Error: (06/12/2015 00:58:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Lukas-PC)
Description:
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Lukas-PC)
Description:
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Lukas-PC)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (06/12/2015 00:08:11 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
C:\Users\UpdatusUser\ntuser.dat
Error: (06/12/2015 00:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c000000500007ffe2889b26132c01d0a07eb63637ffC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown9aecc61d-1085-11e5-8271-3c077165f80e
Error: (06/12/2015 00:02:52 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
bei System.Windows.Application.RunInternal(System.Windows.Window)
bei System.Windows.Application.Run()
bei VCAgent.App.Main()
Error: (06/11/2015 11:26:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-2200920533-3107399475-823698359-1001.bak)0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {12923ad5-68f4-4557-ba18-e310f4d0e146}
Error: (06/09/2015 02:29:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Lukas-PC)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927148
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 21%
Total physical RAM: 8103.8 MB
Available physical RAM: 6348.94 MB
Total Pagefile: 9383.8 MB
Available Pagefile: 7502.61 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:904.44 GB) (Free:831.87 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7A582497)
Partition: GPT Partition Type.
==================== End of log ============================
|
|
12.06.2015, 17:53
| #13 |
| /// the machine /// TB-Ausbilder | Windows 8: Backdoorfund von Avira-Echtzeitscanner die Quarantine.exe gehört zu AdwCleaner oder JRT, also Fehlalarm. Avira ist witzig, immer wenn wir mit unsern Tools arbeiten wollen wird der Zugriff auf die Registry gesperrt, auch wenn Avira aus ist. Aber Malware darf auf den Rechner......
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.06.2015, 18:30
| #14 |
| | Windows 8: Backdoorfund von Avira-Echtzeitscanner Ok, alles klar. Ich hatte schon gehofft, dass das etwas in der Art ist. Dann hoffe ich, dass es jezt erstmal wieder eine lange Zeit ruhig ist Vielen Dank noch einmal für die Hilfe!  |
|
13.06.2015, 13:47
| #15 |
| /// the machine /// TB-Ausbilder | Windows 8: Backdoorfund von Avira-Echtzeitscanner Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 8: Backdoorfund von Avira-Echtzeitscanner |
| avira, desktop, dllhost.exe, explorer.exe, festgestellt, google, hdd0(c:), internet, logfiles, lsass.exe, malware, modul, namen, neustart, prozesse, registry, rundll, scan, services.exe, sicherheit, svchost.exe, system, task-manager, temp, virus, windows, winlogon.exe |
Linear-Darstellung
