Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8: DirektPay Trojaner; nur abgesichter Modus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 22.08.2015, 10:41   #1
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hallo Liebes Trojaner-Board Team,
Ich habe mir einen DirektPay Trojaner eingefangen. Es werden ganz viele Programme
gestartet und windows läuft nicht mehr richtig. Alle Scans wurden daher imabgesicherten Modus erstellt. Ich habe versucht den Trojaner mit Windows Defender zu entfernen, aber das Problem besteht immer noch. Gmer lässt sich nicht durchführen, da scrss.exe es nicht zulässt.

Hier sind die Scans:

defogger_disable
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:07 on 13/06/2015 (Tobi)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Gmer:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-22 11:01:36
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000004b TOSHIBA_MQ01ABF050 rev.AM002H 465,76GB
Running: zy0tbtzd.exe; Driver: C:\Users\Tobi\AppData\Local\Temp\uwloipod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [424:456]  fffff960008075e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                    unknown MBR code

---- EOF - GMER 2.1 ----
         
frst.exe
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Tobi (administrator) on TOBIAS on 22-08-2015 10:54:14
Running from C:\Users\Tobi\Desktop
Loaded Profiles: Tobi (Available Profiles: UpdatusUser & Tobi & Tobias & Polina & Andere & Musik)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> dwm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-02] (Broadcom Corporation.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File not found
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File not found
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-14]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-11-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> {710EB415-0FEB-4072-A071-2EBF67913B6D} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> {83500C12-F30C-4853-B3FC-855714F941F1} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> {9F24448A-79C7-4C35-9C15-B0E17ED97E93} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-12] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-24] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: delta-homes
FF Homepage: www.google.de
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-05-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-02-19] (Intel)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-02-19] (Intel)
FF user.js: detected! => C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\user.js [2015-06-20]
FF SearchPlugin: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\searchplugins\delta-homes.xml [2015-06-20]
FF Extension: QuickSearch - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\Extensions\quick_searchff@gmail.com [2015-06-13]
FF Extension: Search Enginer - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\Extensions\sweetsearch@gmail.com [2015-06-13]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT

Chrome: 
=======
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-16] (Broadcom Corporation.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373824 2015-05-25] (WildTangent)
S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125056 2015-06-12] (XTab system)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-05] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S2 ServiceEverything; C:\Users\Tobi\AppData\Everything\ServiceEverything.exe [295624 2015-06-12] (TODO: <公司名>)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-07] (Fuyu LIMITED) <==== ATTENTION
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-16] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2015-04-17] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-05-16] (Broadcom Corporation.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-03-15] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)


==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-22 10:54 - 2015-06-13 14:08 - 00019442 _____ C:\Users\Tobi\Desktop\FRST.txt
2015-08-22 10:54 - 2015-06-13 14:01 - 00000000 ____D C:\FRST
2015-08-22 10:51 - 2013-09-30 13:47 - 00000614 _____ C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2015-08-22 10:48 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-22 10:32 - 2012-07-26 07:26 - 01048576 ___SH C:\Windows\system32\config\BBI
2015-08-22 10:31 - 2013-05-24 01:59 - 01087038 _____ C:\Windows\WindowsUpdate.log
2015-08-22 10:22 - 2014-01-04 15:19 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E80D6E94-9CEF-4628-8ECB-B0C8B87A83A8}
2015-08-22 10:17 - 2015-06-13 00:01 - 00000000 ____D C:\Users\Tobi\AppData\Everything
2015-08-22 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-22 10:04 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru

==================== Files in the root of some directories =======

2014-09-05 20:21 - 2014-09-05 20:21 - 0000600 _____ () C:\Users\Tobi\AppData\Roaming\winscp.rnd
2014-09-05 15:33 - 2015-01-22 13:01 - 0000600 _____ () C:\Users\Tobi\AppData\Local\PUTTY.RND
2015-04-17 22:23 - 2015-04-17 22:23 - 0007607 _____ () C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg
2015-03-15 22:13 - 2015-03-15 22:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 17:06 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall404190.exe

Files to move or delete:
====================
C:\ProgramData\uninstall404190.exe
C:\Users\Public\Supercharger 1.1.0 Setup PC.exe


Some files in TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Tobias\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprgbgyg.dll
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Tobias\AppData\Local\Temp\ICReinstall_FileZilla_3.8.1_win32-setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 03:02

==================== End of log ============================
         
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Tobi at 2015-08-22 10:55:47
Running from C:\Users\Tobi\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3842866729-4066958523-73093308-500 - Administrator - Disabled)
Andere (S-1-5-21-3842866729-4066958523-73093308-1005 - Limited - Enabled) => C:\Users\Andere
Gast (S-1-5-21-3842866729-4066958523-73093308-501 - Limited - Disabled)
Musik (S-1-5-21-3842866729-4066958523-73093308-1011 - Limited - Enabled) => C:\Users\Musik
Polina (S-1-5-21-3842866729-4066958523-73093308-1004 - Limited - Enabled) => C:\Users\Polina
Tobi (S-1-5-21-3842866729-4066958523-73093308-1002 - Administrator - Enabled) => C:\Users\Tobi
Tobias (S-1-5-21-3842866729-4066958523-73093308-1003 - Limited - Enabled) => C:\Users\Tobias
UpdatusUser (S-1-5-21-3842866729-4066958523-73093308-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Ableton Live 9 Standard (HKLM\...\{80EAF092-F954-47D5-839D-8E074CB891AB}) (Version: 9.0.0.0 - Ableton)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced Installer 11.4.1 (HKLM-x32\...\{E3FD5251-067A-451B-84AE-5452D6CCD465}) (Version: 11.4.1 - Caphyon)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apowersoft Gratis - Audiorekorder V2.3.4 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 2.3.4 - APOWERSOFT LIMITED)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.20150424 - Landesfinanzdirektion Thüringen)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3372 - Intel Corporation)
Intel(R) PROSet/Wireless NFC-Software (HKLM\...\Intel(R) PROSet/Wireless NFC-Software) (Version: 1.1.1.002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jack (HKLM-x32\...\Jack) (Version:  - )
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
MATLAB R2012a Student Version (32-bit) (HKLM-x32\...\Matlab SV R2012a) (Version: 7.14 - The MathWorks, Inc.)
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (HKLM\...\{2CA9F96F-AFFC-4D41-B781-47EBD2378DB8}) (Version: 5.0.0 - M-Audio)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.0.3 - CEWE Stiftung u Co. KGaA)
Mendeley Desktop 1.9.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.9.2 - Mendeley Ltd.)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 38.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
MyFreeCodec (HKU\S-1-5-21-3842866729-4066958523-73093308-1002\...\MyFreeCodec) (Version:  - )
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Native Instruments Abbey Road 60s Drums (HKLM-x32\...\Native Instruments Abbey Road 60s Drums) (Version:  - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments Battery 3 (HKLM-x32\...\Native Instruments Battery 3) (Version:  - Native Instruments)
Native Instruments Battery Library Importer for Maschine (HKLM-x32\...\Native Instruments Battery Library Importer for Maschine) (Version:  - Native Instruments)
Native Instruments Berlin Concert Grand (HKLM-x32\...\Native Instruments Berlin Concert Grand) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.3.0.1244 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Komplete 8 (HKLM-x32\...\Native Instruments Komplete 8) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.1.37 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.1.0.6 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.4.0.292 - Native Instruments)
Native Instruments New York Concert Grand (HKLM-x32\...\Native Instruments New York Concert Grand) (Version:  - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: 2.0.0.4 - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version: 5.9.0.725 - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version: 1.4.0.3 - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version: 2.0.0.1 - Native Instruments)
Native Instruments Replika (HKLM-x32\...\Native Instruments Replika) (Version: 1.2.0.699 - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version:  - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version:  - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.1.0.418 - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version: 2.0.0.2 - Native Instruments)
Native Instruments Transient Master (HKLM-x32\...\Native Instruments Transient Master) (Version:  - Native Instruments)
Native Instruments Upright Piano (HKLM-x32\...\Native Instruments Upright Piano) (Version:  - Native Instruments)
Native Instruments Vienna Concert Grand (HKLM-x32\...\Native Instruments Vienna Concert Grand) (Version:  - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version:  - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version:  - Native Instruments)
Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Grafiktreiber 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.22 (HKLM\...\{F053F74A-A631-4CFA-A271-6D0747599BC9}) (Version: 4.3.22 - Oracle Corporation)
PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Rossmann Fotowelt Software (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.14.5. - ORWO Net)
Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.50 (16.12.2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.75.00(19.01.2015) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.19 (03.12.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.22 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scarlett MixControl 1.8 (HKLM-x32\...\Saffire USB 26_is1) (Version: 1.8 - Focusrite Audio Engineering Limited)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.3.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
TeXnicCenter Version 2.0 Beta 2 (HKLM\...\TeXnicCenter_is1) (Version: 2.0 Beta 2 - The TeXnicCenter Team)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote-Tastatur mit PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.1.05220 - Sony Corporation)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.01.11140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6400 - Broadcom Corporation)
WildTangent Games App (x32 Version: 4.0.11.7 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Windows Driver Package - Arduino LLC (www.arduino.cc) Arduino Boards (01/01/2013 1.0.0.0) (HKLM\...\27F112693ABDF0F56F902294F4BF6B9EE3B8C6D0) (Version: 01/01/2013 1.0.0.0 - Arduino LLC (www.arduino.cc))
WindowsMangerProtect20.0.0.502 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/17/2014 2.5.128.1) (HKLM\...\D86E353566ECB4A7ADA159C02FE46D0BACC4FA6B) (Version: 03/17/2014 2.5.128.1 - Focusrite)
WinSCP 5.6.1 (HKLM-x32\...\winscp3_is1) (Version: 5.6.1 - Martin Prikryl)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3842866729-4066958523-73093308-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3842866729-4066958523-73093308-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3842866729-4066958523-73093308-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
CustomCLSID: HKU\S-1-5-21-3842866729-4066958523-73093308-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
CustomCLSID: HKU\S-1-5-21-3842866729-4066958523-73093308-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File
CustomCLSID: HKU\S-1-5-21-3842866729-4066958523-73093308-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll No File

==================== Restore Points =========================

20-06-2015 13:30:39 Windows Update
27-06-2015 15:24:00 Windows Update
05-07-2015 03:04:30 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {26D046FE-176E-4E45-BDBE-89564AFE2A2E} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {2986A119-E824-4431-9250-EB3F7D0A867D} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {29DA6144-123C-42F6-BCF4-168F58C150C0} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {3B9D1C10-AFBA-479F-929F-B6915DA87975} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {451DF4FA-68FE-4A51-92F6-DF0C84F00B7B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-17] (Microsoft Corporation)
Task: {4D9C802B-C524-4E4F-BB4B-A4F8739BE2A4} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {5165C462-8D30-443F-8530-13AC090D082D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {5838EEEB-84B5-4276-A46A-9FD1246D66A1} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {5E79AB06-E794-47CC-8366-4FB3CB40554A} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {64C8582D-4347-4BE3-B981-67D7A78A2EEC} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {6614AAD2-52E0-4657-8676-59EBAB4DFDF4} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {68D3585C-D07B-42D9-983B-8036302F46F9} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {6E8B6B63-9EFF-4386-8E4E-AFFA125A8B35} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {7091A287-CC21-4501-B46F-C78A3FE448B1} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {7D4DABF8-9285-421E-A19D-0DD5C610B6C6} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8A5599FA-6D81-42E5-BA85-83E678555921} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {910A17D7-FDAE-44F0-8237-AC8FCB59E505} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9B8F23B6-7E81-429A-A505-0FE6C9B2D0DB} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {9D2F82FE-2EFB-45D5-B181-B56FABC5D68B} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {B11B05DE-1B7E-4460-9063-154D70F17249} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2F11594-6811-4EB6-AD95-0F122962AC37} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {C33B2232-3849-45FC-A23D-2929B0FD8438} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-06-13] (Microsoft Corporation)
Task: {C62927D1-9BE7-4858-8C27-0EC6B5D4DDB7} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {CBDFCB95-7DCE-4160-ABFF-011A5C3E15D5} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {D46AAD5F-3DEA-41E6-925A-921185BADDA8} - System32\Tasks\MATLAB R2012a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe [2011-12-29] ()
Task: {E61B60F4-E0F6-4891-8F90-924657EBD38B} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {E9B64139-5C3B-45EA-A9FC-40D139CE052E} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {F08581C9-4A83-49F7-91E3-5AC4176DFA58} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "vpngui.exe.lnk"
HKLM\...\StartupApproved\Run: => "Bluetooth"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(R) center"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\...\StartupApproved\Run: => "KiesPreload"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C3496F55-5477-4F31-B7BD-8FA27F079C68}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{6531FFFD-F00A-481C-B556-CEF092A91556}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{A58BF964-FFBB-4607-B641-2BE0C38E600E}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9B61A93F-8561-4BF7-9D5E-9EB70FAAE2A4}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{BD41438F-3AFC-4586-ADD1-68E061C10231}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{54160FB1-45B2-4377-A399-FC6254DC9E69}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{4610B74F-4C67-4592-AA5C-ACB1E6598BE1}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{A9A91368-7737-4EC9-A41B-6F6CE3318971}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{3958A44B-6A1D-42BB-AC91-0A2FCD9C0E64}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{30349A30-A965-4D50-9C20-FC9AF3298E94}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{69339B0B-7B3D-4B65-AC56-6BC2012ADFA7}] => (Allow) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FD484754-88ED-47A8-9DD9-F64E2F3A40AA}] => (Allow) C:\Users\Tobias\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{7E2FE783-4130-4E87-9A66-ECDC8BCA50AF}C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [UDP Query User{70B4841C-07C8-4853-88B3-0D6E53B6BD89}C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\21\jre\bin\javaw.exe
FirewallRules: [TCP Query User{82844CFB-B55B-447C-9FFC-5343413CC412}C:\users\tobias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tobias\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{09FF2D2A-7B36-4ACA-A1A5-59283C096980}C:\users\tobias\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tobias\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CAD1EA41-E831-4645-95A8-3C758B8C46BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4023C60D-F9E9-406D-A5D6-F712E7EC6D7F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD574E48-34D0-4F21-8EAB-7DE2EC06FC0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9B03E8F4-7E1B-4BC6-985A-63DECB51F490}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4545FFDA-E130-43A6-82BB-04CE39725099}C:\users\tobias\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\tobias\appdata\local\warthunder\launcher.exe
FirewallRules: [UDP Query User{A6F72072-8CE8-4924-A599-2F073CB2741F}C:\users\tobias\appdata\local\warthunder\launcher.exe] => (Allow) C:\users\tobias\appdata\local\warthunder\launcher.exe
FirewallRules: [TCP Query User{11AE1805-CB29-4C5A-9FB2-A703705B5803}C:\users\tobias\appdata\local\warthunder\aces.exe] => (Block) C:\users\tobias\appdata\local\warthunder\aces.exe
FirewallRules: [UDP Query User{BD386C6D-B1DD-4E93-ACB2-2B70149D26B6}C:\users\tobias\appdata\local\warthunder\aces.exe] => (Block) C:\users\tobias\appdata\local\warthunder\aces.exe
FirewallRules: [{BB9ACDB7-9AE9-402B-AE85-7FCE2CCD201E}] => (Allow) C:\Program Files (x86)\Caphyon\Advanced Installer 11.4.1\bin\x86\Repackager.exe
FirewallRules: [{EE44AAD2-895B-4393-ADBC-859A7A49B6C1}] => (Allow) C:\Program Files (x86)\Caphyon\Advanced Installer 11.4.1\bin\x64\Repackager.exe
FirewallRules: [TCP Query User{FFC869E3-FDBD-4E6D-A61E-A19EFD20E591}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [UDP Query User{D36E5F63-40D4-4980-A54C-DDD3AE6909D1}C:\program files (x86)\stream what you hear\swyh.exe] => (Allow) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [{D6CCF48D-6C14-4949-8A69-ED2A622CB778}] => (Block) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [{07F992B3-F392-4233-9280-B8BCC02FF4E8}] => (Block) C:\program files (x86)\stream what you hear\swyh.exe
FirewallRules: [{5B373E68-03AB-4637-9C0E-ABBC32A333C6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2D0AC2D3-FBD7-4E7A-AED9-F379EC581DB6}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{EA26DC9C-89C1-4893-9C5A-05B72AAF20DF}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{C25F1067-0016-4FB7-B792-1F3171F4F3AB}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{BAD7CB60-B60F-461F-8868-44E913A91AD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8B3F6C16-A53F-4A55-99E9-BA63B51E9633}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{650E9A82-A1DD-4BC7-AE9E-6231E5CEBAF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F44793AB-FB74-4851-91E5-270A6C792BA0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5B9EABD1-4DB7-45A9-8C8A-C3070EDBA904}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{CD50C047-47A7-427B-ABD8-A66C57884A0D}] => (Allow) C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{6E826CD7-77EF-4BE4-99C8-5757FBE07B17}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{FFA55D44-72BE-49DF-A508-6E9A5EE5BCC8}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{96FF4354-E68E-41CD-A2A3-263138B4C2CD}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{EF5C0A21-16C8-40E3-9DDD-C9292E5C1611}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{53C708B7-2EB3-4077-8274-F3CF6D0FB667}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{4E667184-AB63-4AED-9808-FF7428CA32E6}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{868C152E-D3AC-4F30-8E90-85550FEFB71C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{019E4F25-365E-475A-A850-D2A5D51C0AB6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{D6ED8A09-24D9-4C64-8D2E-0A2FE784FF59}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0C54D508-E5C7-47BA-A322-A389E0B05CE5}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{1BEA0C6F-D563-40EA-A1CA-19AFA2B8DB8B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{4908F6DF-C4AB-49A3-886A-EAB4BBC60A30}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{ECD2AAB5-DB68-4DF6-A6C1-7EEBEB26BA23}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{C1E95F80-6214-4971-9707-507B405C4335}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{EF5702BB-A06E-41AC-93B6-6A911F7BE2A1}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8C0B594E-87AD-462E-8993-6EE3F22A8D4A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{4FFE0A23-5CA7-4DA1-B5B8-54C7BE74691C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{E08E6B1E-E2E3-4F00-A22E-AA8B91CBCFB7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{90482CAF-42FF-4967-AA91-3AC49439AD39}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{78579FF9-1D4F-416A-BDAD-36738183A662}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{CFC959AE-0E6A-4F13-8537-63C780B1691A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B9CAE126-86A2-4FF7-8358-9FD3C16C0554}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{4A0915DB-431F-4999-9B17-31C9F50112F4}C:\program files\tightvnc\tvnviewer.exe] => (Allow) C:\program files\tightvnc\tvnviewer.exe
FirewallRules: [UDP Query User{DE470882-3748-4B48-87F6-5FE05B33DC94}C:\program files\tightvnc\tvnviewer.exe] => (Allow) C:\program files\tightvnc\tvnviewer.exe
FirewallRules: [{340DFA86-C3A7-4EBA-B667-C6256F0A01B6}] => (Allow) LPort=7070

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2015 10:26:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fdaddba3f1
ID des fehlerhaften Prozesses: 0xc04
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3
Vollständiger Name des fehlerhaften Pakets: VCAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VCAgent.exe5

Error: (08/22/2015 10:26:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (08/22/2015 10:20:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: d28

Startzeit: 01d0dcb324c56d67

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 948871fe-48a6-11e5-befe-83a397f2795c

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/22/2015 10:17:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCAgent.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d099
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007f9293cab41
ID des fehlerhaften Prozesses: 0xefc
Startzeit der fehlerhaften Anwendung: 0xVCAgent.exe0
Pfad der fehlerhaften Anwendung: VCAgent.exe1
Pfad des fehlerhaften Moduls: VCAgent.exe2
Berichtskennung: VCAgent.exe3
Vollständiger Name des fehlerhaften Pakets: VCAgent.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VCAgent.exe5

Error: (08/22/2015 10:17:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (08/22/2015 10:17:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VCSystemTray.exe, Version: 8.4.2.12030, Zeitstempel: 0x5476d133
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.17313, Zeitstempel: 0x5507a832
Ausnahmecode: 0xc000000d
Fehleroffset: 0x00000000000f4158
ID des fehlerhaften Prozesses: 0xf70
Startzeit der fehlerhaften Anwendung: 0xVCSystemTray.exe0
Pfad der fehlerhaften Anwendung: VCSystemTray.exe1
Pfad des fehlerhaften Moduls: VCSystemTray.exe2
Berichtskennung: VCSystemTray.exe3
Vollständiger Name des fehlerhaften Pakets: VCSystemTray.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: VCSystemTray.exe5

Error: (08/22/2015 10:04:30 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/06/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/05/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (07/04/2015 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "E:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"


System errors:
=============
Error: (08/22/2015 10:54:15 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/22/2015 10:54:04 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/22/2015 10:53:52 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/22/2015 10:53:47 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/22/2015 10:53:42 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/22/2015 10:53:37 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/22/2015 10:53:37 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1068netprofmNicht verfügbar{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (08/22/2015 10:53:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2015 10:53:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "DHCP-Client" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (08/22/2015 10:53:37 AM) (Source: DCOM) (EventID: 10005) (User: Tobias)
Description: 1068netprofmNicht verfügbar{A47979D2-C419-11D9-A5B4-001185AD2B89}


Microsoft Office:
=========================
Error: (08/22/2015 10:26:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007fdaddba3f1c0401d0dcb3dd621412C:\Program Files\Sony\VAIO Care\VCAgent.exeunknown7d0291db-48a7-11e5-befe-83a397f2795c

Error: (08/22/2015 10:26:30 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (08/22/2015 10:20:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16628d2801d0dcb324c56d670C:\Windows\Explorer.EXE948871fe-48a6-11e5-befe-83a397f2795c

Error: (08/22/2015 10:17:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCAgent.exe8.4.2.120305476d099unknown0.0.0.000000000c0000005000007f9293cab41efc01d0dcb1cc8adbcfC:\Program Files\Sony\VAIO Care\VCAgent.exeunknown3765914d-48a6-11e5-befd-9195212be5c5

Error: (08/22/2015 10:17:24 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VCAgent.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
Stapel:
   bei VCAgent.View.MainWindow.WindowProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei System.Windows.Interop.HwndSource.PublicHooksFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   bei MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   bei System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.DefWndProcWrapper(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei MS.Win32.UnsafeNativeMethods.IntGetMessageW(System.Windows.Interop.MSG ByRef, System.Runtime.InteropServices.HandleRef, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.GetMessage(System.Windows.Interop.MSG ByRef, IntPtr, Int32, Int32)
   bei System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   bei System.Windows.Application.RunInternal(System.Windows.Window)
   bei System.Windows.Application.Run()
   bei VCAgent.App.Main()

Error: (08/22/2015 10:17:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: VCSystemTray.exe8.4.2.120305476d133ntdll.dll6.2.9200.173135507a832c000000d00000000000f4158f7001d0dcb1b8f85b69C:\Program Files\Sony\VAIO Care\VCSystemTray.exeC:\Windows\SYSTEM32\ntdll.dll2aafc809-48a6-11e5-befd-9195212be5c5

Error: (08/22/2015 10:04:30 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/06/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/05/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (07/04/2015 07:00:04 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Percentage of memory in use: 18%
Total physical RAM: 3972.8 MB
Available physical RAM: 3239.52 MB
Total Pagefile: 4676.8 MB
Available Pagefile: 3989.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:438.39 GB) (Free:184.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9E1EF563)

Partition: GPT Partition Type.

==================== End of log ============================
         
Ausgabe vom Defender:
Code:
ATTFilter
Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
containerfile:C:\Users\Tobias\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\a8385d6932a3c2a7\120712-0049\Att\20006702\Ausgleich stornierten Lastschrift Ihrer Bestellung Directpay GmbH vom 11.06.2015.zip
file:C:\Users\XXX\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\a8385d6932a3c2a7\120712-0049\Att\20006702\Ausgleich stornierten Lastschrift Ihrer Bestellung Directpay GmbH vom 11.06.2015.zip->Ausgleich an XXX. 11 06.2015 - Rechnungsstelle Directpay GmbH.zip->XXX Rechnung 11.06.2015 - Rechnungsstelle Directpay GmbH.com

Kategorie: Trojaner

Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Elemente: 
containerfile:C:\Users\XXX\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\a8385d6932a3c2a7\120712-0049\Att\20006372\Rechnung stornierten Zahlung Ihrer Bestellung Directpay AG vom 20.05.2015.zip
file:C:\Users\XXX\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\a8385d6932a3c2a7\120712-0049\Att\20006372\Rechnung stornierten Zahlung Ihrer Bestellung Directpay AG vom 20.05.2015.zip->Forderung an XXX. 20 05.2015 - Stellvertretender Rechtsanwalt Directpay AG.zip->XXX XXX Ausgleich 20.05.2015 - Stellvertretender Rechtsanwalt Directpay AG.com

Online weitere Informationen zu diesem Element abrufen
         
Vielen Dank,
Tobi

Alt 22.08.2015, 10:59   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 22.08.2015, 19:08   #3
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hallo Schrauber,
Vielen Dank für die schnelle Hilfe. Hier die weiteren logs:

mbar log vor der Bereinigung.
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org

Database version:
  main:    v2015.08.22.01
  rootkit: v2015.08.16.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17377
Tobi :: TOBIAS [administrator]

22.08.2015 12:21:07
mbar-log-2015-08-22 (12-21-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 725247
Time elapsed: 58 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot. [8f4a7a91a6e57abcbaaacb0d887afd03]

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
mbar nach dem Neustart
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.2.1008
www.malwarebytes.org

Database version:
  main:    v2015.08.22.03
  rootkit: v2015.08.16.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17377
Tobi :: TOBIAS [administrator]

22.08.2015 18:19:02
mbar-log-2015-08-22 (18-19-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 725431
Time elapsed: 59 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
__________________

Alt 22.08.2015, 19:08   #4
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



TDSSKiller log
Code:
ATTFilter
19:49:04.0949 0x12ec  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
19:49:04.0949 0x12ec  UEFI system
19:49:17.0711 0x12ec  ============================================================
19:49:17.0711 0x12ec  Current date / time: 2015/08/22 19:49:17.0711
19:49:17.0711 0x12ec  SystemInfo:
19:49:17.0711 0x12ec  
19:49:17.0711 0x12ec  OS Version: 6.2.9200 ServicePack: 0.0
19:49:17.0711 0x12ec  Product type: Workstation
19:49:17.0711 0x12ec  ComputerName: TOBIAS
19:49:17.0711 0x12ec  UserName: Tobi
19:49:17.0727 0x12ec  Windows directory: C:\Windows
19:49:17.0727 0x12ec  System windows directory: C:\Windows
19:49:17.0727 0x12ec  Running under WOW64
19:49:17.0727 0x12ec  Processor architecture: Intel x64
19:49:17.0727 0x12ec  Number of processors: 2
19:49:17.0727 0x12ec  Page size: 0x1000
19:49:17.0727 0x12ec  Boot type: Normal boot
19:49:17.0727 0x12ec  ============================================================
19:49:20.0676 0x12ec  KLMD registered as C:\Windows\system32\drivers\37952486.sys
19:49:21.0051 0x12ec  System UUID: {F625FD1C-3E1F-A7DC-3292-CB2CE5082FDB}
19:49:22.0410 0x12ec  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:49:22.0410 0x12ec  ============================================================
19:49:22.0410 0x12ec  \Device\Harddisk0\DR0:
19:49:22.0426 0x12ec  GPT partitions:
19:49:22.0426 0x12ec  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {F4019732-066E-4E12-8273-346C5641494F}, UniqueGUID: {E0F9A1E6-1B45-415B-9D72-4FBFB063BA9F}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
19:49:22.0426 0x12ec  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {DAB9B3CC-C4F4-4ECC-B920-82923872A4C5}, Name: Basic data partition, StartLBA 0x82800, BlocksNum 0x2E1000
19:49:22.0426 0x12ec  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {7819B6C4-17FE-43B0-A8F3-D4BD75225FF9}, Name: EFI system partition, StartLBA 0x363800, BlocksNum 0x82000
19:49:22.0426 0x12ec  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {2DDA1A59-F937-427C-AF49-40062BE9F78D}, Name: Microsoft reserved partition, StartLBA 0x3E5800, BlocksNum 0x40000
19:49:22.0426 0x12ec  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9B163603-7956-4991-97F2-5A21C0829E80}, Name: Basic data partition, StartLBA 0x425800, BlocksNum 0x36CC6000
19:49:22.0426 0x12ec  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {9DB97B4C-AF23-4EA6-AEDE-195F4E029A04}, Name: Basic data partition, StartLBA 0x370EB800, BlocksNum 0x329A800
19:49:22.0426 0x12ec  MBR partitions:
19:49:22.0426 0x12ec  ============================================================
19:49:22.0489 0x12ec  C: <-> \Device\Harddisk0\DR0\Partition5
19:49:22.0489 0x12ec  ============================================================
19:49:22.0489 0x12ec  Initialize success
19:49:22.0489 0x12ec  ============================================================
19:50:14.0397 0x0d48  ============================================================
19:50:14.0397 0x0d48  Scan started
19:50:14.0397 0x0d48  Mode: Manual; SigCheck; TDLFS; 
19:50:14.0397 0x0d48  ============================================================
19:50:14.0397 0x0d48  KSN ping started
19:50:16.0929 0x0d48  KSN ping finished: true
19:50:20.0384 0x0d48  ================ Scan system memory ========================
19:50:20.0384 0x0d48  System memory - ok
19:50:20.0384 0x0d48  ================ Scan services =============================
19:50:20.0509 0x0d48  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
19:50:20.0603 0x0d48  1394ohci - ok
19:50:20.0665 0x0d48  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
19:50:20.0681 0x0d48  3ware - ok
19:50:20.0728 0x0d48  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:50:20.0775 0x0d48  ACPI - ok
19:50:20.0806 0x0d48  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
19:50:20.0821 0x0d48  acpiex - ok
19:50:20.0837 0x0d48  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
19:50:20.0853 0x0d48  acpipagr - ok
19:50:20.0868 0x0d48  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
19:50:20.0884 0x0d48  AcpiPmi - ok
19:50:20.0884 0x0d48  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
19:50:20.0900 0x0d48  acpitime - ok
19:50:20.0978 0x0d48  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:50:20.0993 0x0d48  AdobeARMservice - ok
19:50:21.0056 0x0d48  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:50:21.0103 0x0d48  adp94xx - ok
19:50:21.0134 0x0d48  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:50:21.0165 0x0d48  adpahci - ok
19:50:21.0181 0x0d48  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:50:21.0196 0x0d48  adpu320 - ok
19:50:21.0243 0x0d48  [ 480C020D9B58E881A5349F5F1189A418, 8AE8ED9CD8F239DF47853FBCE45DB34652CE94E3FD296FDF3897AC6DD5F9B143 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:50:21.0290 0x0d48  AeLookupSvc - ok
19:50:21.0509 0x0d48  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\Windows\system32\drivers\afd.sys
19:50:21.0556 0x0d48  AFD - ok
19:50:21.0634 0x0d48  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:50:21.0650 0x0d48  agp440 - ok
19:50:21.0728 0x0d48  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
19:50:21.0743 0x0d48  ALG - ok
19:50:21.0963 0x0d48  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
19:50:21.0979 0x0d48  AllUserInstallAgent - ok
19:50:22.0088 0x0d48  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
19:50:22.0119 0x0d48  AmdK8 - ok
19:50:22.0166 0x0d48  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
19:50:22.0182 0x0d48  AmdPPM - ok
19:50:22.0229 0x0d48  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:50:22.0244 0x0d48  amdsata - ok
19:50:22.0369 0x0d48  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:50:22.0401 0x0d48  amdsbs - ok
19:50:22.0479 0x0d48  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:50:22.0494 0x0d48  amdxata - ok
19:50:22.0526 0x0d48  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
19:50:22.0557 0x0d48  AppID - ok
19:50:22.0635 0x0d48  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:50:22.0651 0x0d48  AppIDSvc - ok
19:50:23.0057 0x0d48  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
19:50:23.0073 0x0d48  Appinfo - ok
19:50:23.0338 0x0d48  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:50:23.0369 0x0d48  Apple Mobile Device Service - ok
19:50:23.0588 0x0d48  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
19:50:23.0823 0x0d48  arc - ok
19:50:24.0182 0x0d48  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:50:24.0229 0x0d48  arcsas - ok
19:50:24.0307 0x0d48  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:50:24.0338 0x0d48  AsyncMac - ok
19:50:24.0338 0x0d48  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:50:24.0354 0x0d48  atapi - ok
19:50:25.0057 0x0d48  [ DECE3E2832F125A41A02FB59F4C54EEA, 2994024E5C295E9FDF4C6C0A8F2B17C07C158AD1567BEDA46A482C6C08F460BC ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:50:26.0166 0x0d48  athr - ok
19:50:26.0260 0x0d48  [ 8FB10919E1283FD108334FDBFB173574, EAD11C6FA884AAC9E8534C267E9B1D2EAB1F2A396EACC900525465A2AEAB84D3 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
19:50:26.0276 0x0d48  AudioEndpointBuilder - ok
19:50:26.0338 0x0d48  [ 463E7457227E970CB249031AEAE7902C, 2F627BC558E5764592B08269F3EE4C6ECD544904963312A60F5B0C0B9C8C5D32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:50:26.0417 0x0d48  Audiosrv - ok
19:50:26.0463 0x0d48  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:50:26.0495 0x0d48  AxInstSV - ok
19:50:26.0542 0x0d48  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:50:26.0588 0x0d48  b06bdrv - ok
19:50:26.0620 0x0d48  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
19:50:26.0635 0x0d48  BasicDisplay - ok
19:50:26.0667 0x0d48  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
19:50:26.0682 0x0d48  BasicRender - ok
19:50:26.0729 0x0d48  [ 455EB0128FD08E07EACE0C6F754A3AAD, E14237655F64B1576A67CC6A323933F13A5104003B53D46A650420F0279E8ADD ] bcbtums         C:\Windows\system32\drivers\bcbtums.sys
19:50:26.0979 0x0d48  bcbtums - ok
19:50:27.0010 0x0d48  [ 80EF4382B5CB1DB7BF56629131D36AA5, BEC4F3AE3E805688A2DB394046451276FFB1663838778F3B33950C5CE766CDE9 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
19:50:27.0026 0x0d48  BCM42RLY - ok
19:50:27.0621 0x0d48  [ D7DBC8C2C159BE83A14D7A84DF6A9622, 2C089F6BDD74C1980CB166C1A32E06B95342465EB3100F2735D6956F13B15681 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl63a.sys
19:50:28.0089 0x0d48  BCM43XX - ok
19:50:28.0230 0x0d48  [ 994869F76C3B2027A60C5887B7A2D5EC, D3A0794C8A029D39EC9FBD3A106D6D6510FE6DBFB7E351F4D7F8B72FE02C2E67 ] BcmBtRSupport   C:\Windows\system32\BtwRSupportService.exe
19:50:28.0355 0x0d48  BcmBtRSupport - ok
19:50:28.0418 0x0d48  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
19:50:28.0449 0x0d48  BDESVC - ok
19:50:28.0480 0x0d48  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
19:50:28.0496 0x0d48  Beep - ok
19:50:28.0574 0x0d48  [ C72AB32F7EFCA677AF079F4336BC1609, 90FF653027709ADB674B2D4240E398E7A64D2079CBF56E3983008D92FA12EA0D ] BFE             C:\Windows\System32\bfe.dll
19:50:28.0636 0x0d48  BFE - ok
19:50:28.0913 0x0d48  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
19:50:28.0964 0x0d48  BITS - ok
19:50:29.0026 0x0d48  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:50:29.0058 0x0d48  Bonjour Service - ok
19:50:29.0089 0x0d48  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:50:29.0120 0x0d48  bowser - ok
19:50:29.0183 0x0d48  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
19:50:29.0214 0x0d48  BrokerInfrastructure - ok
19:50:29.0230 0x0d48  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
19:50:29.0245 0x0d48  Browser - ok
19:50:29.0292 0x0d48  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
19:50:29.0308 0x0d48  BthAvrcpTg - ok
19:50:29.0348 0x0d48  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
19:50:29.0485 0x0d48  BthEnum - ok
19:50:29.0751 0x0d48  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
19:50:29.0830 0x0d48  BthHFEnum - ok
19:50:29.0877 0x0d48  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
19:50:29.0892 0x0d48  bthhfhid - ok
19:50:30.0002 0x0d48  [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
19:50:30.0049 0x0d48  BthLEEnum - ok
19:50:30.0096 0x0d48  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
19:50:30.0127 0x0d48  BTHMODEM - ok
19:50:30.0158 0x0d48  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:50:30.0205 0x0d48  BthPan - ok
19:50:30.0283 0x0d48  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:50:30.0377 0x0d48  BTHPORT - ok
19:50:30.0393 0x0d48  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
19:50:30.0408 0x0d48  bthserv - ok
19:50:30.0439 0x0d48  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:50:30.0486 0x0d48  BTHUSB - ok
19:50:30.0518 0x0d48  [ 55D13AE8E3B73671448D863CBBE4927C, D83101CB325DEA35BED277F39519D23B44E9EAFF09BEAE079CFEB253EDFA9EC3 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
19:50:30.0533 0x0d48  btwampfl - ok
19:50:30.0549 0x0d48  [ 1DB17CBEF587A795E54CF1FAF80A3ED7, D2A392D0CBBB0A9288B8F646D254D6A24969E5F4EE2D35CF0A1D594C88674D51 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
19:50:30.0564 0x0d48  btwaudio - ok
19:50:30.0580 0x0d48  [ 35BAD5FEE5FD66205521B8A83A60B5AF, 8AD1846B15958E1A671ABE4D7536E6D9E265C83406E0BB544F8CF392876FC81F ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
19:50:30.0611 0x0d48  btwavdt - ok
19:50:30.0674 0x0d48  [ 1D766A5D7A3232DDF849BA7F09620B7D, B44B395D1F3D01147788C5961557BDCE10D308D996274158ED38F8CEAA025B7C ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:50:30.0736 0x0d48  btwdins - ok
19:50:30.0846 0x0d48  [ C3C8974D99F976C927165363855690CD, 2B73E11FE341DE581CFF655E58C5671B83F4331529C30DADCAA9B6BE615D5E1F ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
19:50:30.0861 0x0d48  btwl2cap - ok
19:50:30.0908 0x0d48  [ 1D1591BB5356D4160C15F754886EEE98, 1DEF03F2B716026166047D83150C285561E159A26B15A38161368074A178E4ED ] BTWPANFL        C:\Windows\system32\drivers\btwpanfl.sys
19:50:30.0924 0x0d48  BTWPANFL - ok
19:50:30.0971 0x0d48  [ 8B48C53FA923297E1AE282552403C112, 72A23C3F5F7EBC60936567914D30E9C3262F8C77C4C7758453AF188C085B6574 ] btwrchid        C:\Windows\System32\drivers\btwrchid.sys
19:50:30.0986 0x0d48  btwrchid - ok
19:50:31.0033 0x0d48  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:50:31.0049 0x0d48  cdfs - ok
19:50:31.0096 0x0d48  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
19:50:31.0127 0x0d48  cdrom - ok
19:50:31.0205 0x0d48  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:50:31.0221 0x0d48  CertPropSvc - ok
19:50:31.0252 0x0d48  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
19:50:31.0283 0x0d48  circlass - ok
19:50:31.0361 0x0d48  [ 94250D5AE3E7269DB29BCF96E07F21A6, 538C6CDCD193AABDE40CC25220528F8F80AEF828C46D8660234CB0E592B607CB ] CLFS            C:\Windows\system32\drivers\CLFS.sys
19:50:31.0393 0x0d48  CLFS - ok
19:50:31.0455 0x0d48  [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
19:50:31.0471 0x0d48  CLVirtualDrive - ok
19:50:31.0502 0x0d48  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
19:50:31.0549 0x0d48  CmBatt - ok
19:50:31.0611 0x0d48  [ 45845AF69F92DEA0347168DFC6FA917B, AD31DFF99CA91A75F2636BBB4908103AE0C60727B3D1495E3EDF3A28EC7990EE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:50:31.0658 0x0d48  CNG - ok
19:50:31.0705 0x0d48  [ 81F2B52C47B8AD32CC4FF967FC8D73DA, 13D84B4096E0F9AB9D04F6CD9E9C0DE4B6DF6F11D63C797266D719FD2429A655 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
19:50:31.0705 0x0d48  CompFilter64 - ok
19:50:31.0736 0x0d48  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
19:50:31.0768 0x0d48  CompositeBus - ok
19:50:31.0783 0x0d48  COMSysApp - ok
19:50:31.0783 0x0d48  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
19:50:31.0799 0x0d48  condrv - ok
19:50:31.0908 0x0d48  [ FA7CA36D38D66DD3A6EEC724968001F1, 0DDA32EBDC34E7BBC9B00F48812840604A3851D2D16B114124D565E8181495E2 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:50:31.0939 0x0d48  cphs - ok
19:50:31.0971 0x0d48  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:50:31.0986 0x0d48  CryptSvc - ok
19:50:32.0033 0x0d48  [ 44BDDEB03C84A1C993C992FFB5700357, 29080E9A434BB2A932783B0B5104BC9E3C514A0FFB387123B75F4F4045E353BC ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
19:50:32.0033 0x0d48  CVirtA - ok
19:50:32.0236 0x0d48  [ 66257CB4E4FB69887CDDC71663741435, A072C2868EC3CB773F1C512C9E07D152920794969E302199E8265CFFFD3EFC2D ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
19:50:32.0314 0x0d48  CVPND - ok
19:50:32.0361 0x0d48  [ CC8E52DAA9826064BA464DBE531F2BB5, 28150B5DDB4DB42839EBB4F3672EB575373046B1676938111904290DFF6DEC8E ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
19:50:32.0393 0x0d48  CVPNDRVA - ok
19:50:32.0424 0x0d48  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
19:50:32.0440 0x0d48  dam - ok
19:50:32.0502 0x0d48  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:50:32.0565 0x0d48  DcomLaunch - ok
19:50:32.0611 0x0d48  [ FC1569B5705887D74FE7C8A39BE1C71C, 7DEB8FE472C72C439A2F54B6277C0A87AC2083869BD9AF8226071B7AA33B09FF ] defragsvc       C:\Windows\System32\defragsvc.dll
19:50:32.0643 0x0d48  defragsvc - ok
19:50:32.0674 0x0d48  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
19:50:32.0736 0x0d48  DeviceAssociationService - ok
19:50:32.0768 0x0d48  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
19:50:32.0799 0x0d48  DeviceInstall - ok
19:50:32.0830 0x0d48  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
19:50:32.0846 0x0d48  Dfsc - ok
19:50:32.0893 0x0d48  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:50:32.0908 0x0d48  dg_ssudbus - ok
19:50:32.0957 0x0d48  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:50:32.0990 0x0d48  Dhcp - ok
19:50:33.0022 0x0d48  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
19:50:33.0053 0x0d48  discache - ok
19:50:33.0084 0x0d48  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
19:50:33.0115 0x0d48  disk - ok
19:50:33.0147 0x0d48  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
19:50:33.0162 0x0d48  dmvsc - ok
19:50:33.0194 0x0d48  [ 05CB5910B3CA6019FC3CCA815EE06FFB, 8FA532ED500BB1F08E8034A6125BDD53B74D5E6AB0A83A6185B07AAFCD90AA82 ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
19:50:33.0209 0x0d48  DNE - ok
19:50:33.0272 0x0d48  [ B9450BC3F1820A99D010D7426BCA60E9, FC7C35A0C522E5DA52B0616CF99F4903EAC14946180A18A8D8A0FF555BAA87C5 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:50:33.0287 0x0d48  Dnscache - ok
19:50:33.0350 0x0d48  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
19:50:33.0412 0x0d48  dot3svc - ok
19:50:33.0444 0x0d48  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
19:50:33.0553 0x0d48  DPS - ok
19:50:33.0600 0x0d48  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:50:33.0615 0x0d48  drmkaud - ok
19:50:33.0740 0x0d48  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
19:50:33.0772 0x0d48  DsmSvc - ok
19:50:33.0959 0x0d48  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:50:34.0084 0x0d48  DXGKrnl - ok
19:50:34.0162 0x0d48  [ CFE0E3D5EFBF0649E5900CBFCC2B95F7, 8C6C4579048D0D9C43742DBD55CB2E704914D46016BBBF68FCD860320605C6F1 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
19:50:34.0194 0x0d48  e1yexpress - ok
19:50:34.0240 0x0d48  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
19:50:34.0272 0x0d48  Eaphost - ok
19:50:34.0459 0x0d48  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:50:34.0678 0x0d48  ebdrv - ok
19:50:34.0756 0x0d48  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\Windows\System32\lsass.exe
19:50:34.0819 0x0d48  EFS - ok
19:50:34.0976 0x0d48  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
19:50:35.0007 0x0d48  EhStorClass - ok
19:50:35.0288 0x0d48  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
19:50:35.0788 0x0d48  EhStorTcgDrv - ok
19:50:35.0945 0x0d48  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
19:50:35.0976 0x0d48  ErrDev - ok
19:50:36.0132 0x0d48  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
19:50:36.0179 0x0d48  EventSystem - ok
19:50:36.0304 0x0d48  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
19:50:36.0648 0x0d48  exfat - ok
19:50:36.0867 0x0d48  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:50:36.0929 0x0d48  fastfat - ok
19:50:37.0226 0x0d48  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
19:50:37.0544 0x0d48  Fax - ok
19:50:37.0607 0x0d48  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
19:50:37.0622 0x0d48  fdc - ok
19:50:37.0826 0x0d48  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:50:37.0872 0x0d48  fdPHost - ok
19:50:38.0154 0x0d48  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:50:38.0232 0x0d48  FDResPub - ok
19:50:38.0388 0x0d48  [ FEE468AFE8C9458B65A0C82B96DFD949, BCD13BF324669D3E0467D12E0E46E07A047F9311BCCDA7B47518837D489FBE22 ] ffusb2audio     C:\Windows\system32\DRIVERS\ffusb2audio.sys
19:50:38.0544 0x0d48  ffusb2audio - ok
19:50:38.0591 0x0d48  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
19:50:38.0623 0x0d48  fhsvc - ok
19:50:38.0669 0x0d48  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:50:38.0685 0x0d48  FileInfo - ok
19:50:38.0748 0x0d48  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:50:38.0779 0x0d48  Filetrace - ok
19:50:38.0841 0x0d48  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
19:50:38.0857 0x0d48  flpydisk - ok
19:50:38.0969 0x0d48  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:50:39.0204 0x0d48  FltMgr - ok
19:50:39.0470 0x0d48  [ AD7B1F0444344752EF123A687ED59487, F46CE20D7AB8883F5E7940E1F99AC2613675CAB7FF2B136A894DB61C4104E513 ] FontCache       C:\Windows\system32\FntCache.dll
19:50:39.0548 0x0d48  FontCache - ok
19:50:39.0689 0x0d48  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:50:39.0720 0x0d48  FontCache3.0.0.0 - ok
19:50:39.0798 0x0d48  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:50:39.0814 0x0d48  FsDepends - ok
19:50:39.0845 0x0d48  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:50:39.0861 0x0d48  Fs_Rec - ok
19:50:40.0001 0x0d48  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:50:40.0048 0x0d48  fvevol - ok
19:50:40.0079 0x0d48  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
19:50:40.0111 0x0d48  FxPPM - ok
19:50:40.0142 0x0d48  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:50:40.0158 0x0d48  gagp30kx - ok
19:50:40.0501 0x0d48  [ 9ACFC1E97F789D3C2E6E44431C9FB47B, BE5787A7B9F96BE384FF9EE4962766E7A83C60E74613557FE5274E3900889B6B ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
19:50:40.0533 0x0d48  GamesAppIntegrationService - ok
19:50:40.0595 0x0d48  [ C23410A44ADDF0E1A9B4BA42A5DD5EA7, 384382D16D09A17E29D8348E1CF8DD7E377607DB3472AB8888EF8E83671B772C ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:50:40.0954 0x0d48  GamesAppService - ok
19:50:41.0018 0x0d48  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:50:41.0018 0x0d48  GEARAspiWDM - ok
19:50:41.0065 0x0d48  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
19:50:41.0080 0x0d48  gencounter - ok
19:50:41.0127 0x0d48  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
19:50:41.0143 0x0d48  GPIOClx0101 - ok
19:50:41.0252 0x0d48  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:50:41.0378 0x0d48  gpsvc - ok
19:50:41.0425 0x0d48  [ 40DFA19D230FF7326BF77822D4627540, 867822BB9973B7D96B074B169097E21DC961532CB98E3249AFEF26625F3AB694 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
19:50:41.0440 0x0d48  hcmon - ok
19:50:41.0534 0x0d48  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:50:41.0565 0x0d48  HdAudAddService - ok
19:50:41.0612 0x0d48  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
19:50:41.0644 0x0d48  HDAudBus - ok
19:50:41.0753 0x0d48  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
19:50:41.0815 0x0d48  HidBatt - ok
19:50:41.0894 0x0d48  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
19:50:41.0909 0x0d48  HidBth - ok
19:50:41.0909 0x0d48  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
19:50:41.0925 0x0d48  hidi2c - ok
19:50:41.0972 0x0d48  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
19:50:42.0003 0x0d48  HidIr - ok
19:50:42.0050 0x0d48  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
19:50:42.0065 0x0d48  hidserv - ok
19:50:42.0112 0x0d48  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
19:50:42.0128 0x0d48  HidUsb - ok
19:50:42.0159 0x0d48  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:50:42.0206 0x0d48  hkmsvc - ok
19:50:42.0253 0x0d48  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:50:42.0269 0x0d48  HomeGroupListener - ok
19:50:42.0347 0x0d48  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:50:42.0378 0x0d48  HomeGroupProvider - ok
19:50:42.0409 0x0d48  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:50:42.0425 0x0d48  HpSAMD - ok
19:50:42.0487 0x0d48  [ 258A9103842E36CD27D07D5A1F6D2A23, 883E797263DB0A971C5FDDB588AAE041DD1021F079A891E8AA4525799C795B04 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:50:42.0566 0x0d48  HTTP - ok
19:50:42.0612 0x0d48  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:50:42.0644 0x0d48  hwpolicy - ok
19:50:42.0659 0x0d48  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
19:50:42.0675 0x0d48  hyperkbd - ok
19:50:42.0691 0x0d48  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
19:50:42.0706 0x0d48  HyperVideo - ok
19:50:42.0722 0x0d48  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
19:50:42.0737 0x0d48  i8042prt - ok
19:50:42.0847 0x0d48  [ 6C91E425ACE29594BD574DE38AC9B76D, 697784E4C7AF08B1F35662D8AD871E6890CECE22B6E64985B7C1A66C10DA390D ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
19:50:42.0878 0x0d48  iaStorA - ok
19:50:42.0925 0x0d48  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:50:42.0956 0x0d48  iaStorV - ok
19:50:43.0034 0x0d48  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:50:43.0066 0x0d48  ICCS - ok
19:50:43.0284 0x0d48  [ DEA2F976E7327716AA0038EBF550003A, 5EA4666874F1D03879EA95F28228AC9EA3D7DF0F2E199EEE9B5BC6C81CA290B3 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:50:43.0394 0x0d48  IconMan_R - ok
19:50:43.0753 0x0d48  [ 5D4C27F028E059E96DCAE096F0AD1FC9, 73B8E4B5CC4CED778928E845837432D3B13DD995AFFAFBCB20591862D76EF674 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:50:44.0144 0x0d48  igfx - ok
19:50:44.0206 0x0d48  [ 056E5F42963DB389DD7396AA0E9E5A2F, A45F4B2515C1624BE399556EBD3BC1A78ACDEA4C10E65ACF9DCAFAAE796C1EA1 ] IHProtect Service C:\Program Files (x86)\MiuiTab\ProtectService.exe
19:50:44.0206 0x0d48  IHProtect Service - ok
19:50:44.0253 0x0d48  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:50:44.0269 0x0d48  iirsp - ok
19:50:44.0503 0x0d48  [ 644D7E4EAC8D5CE757435FA98A7BDA50, 7C91F6E75B148E69BF701F0152CDBF8FB94009935EE97F5208560E1E8FEDA4DB ] IKEEXT          C:\Windows\System32\ikeext.dll
19:50:44.0612 0x0d48  IKEEXT - ok
19:50:44.0831 0x0d48  [ F9A6ACDDD86D3281F765374A0BF37DE0, 988911FC45B14A5E40AD91B49A18DFFF56F81874611ED994624D7200E7FDD834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:50:45.0066 0x0d48  IntcAzAudAddService - ok
19:50:45.0113 0x0d48  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:50:45.0159 0x0d48  IntcDAud - ok
19:50:45.0284 0x0d48  [ B353F1834FCD36D77BE3F74992C147D4, BFBC42B500FC7D6D2B523F988DD54156D2B6132CBE366EB591BF45556959A8E9 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:50:45.0331 0x0d48  Intel(R) Capability Licensing Service Interface - ok
19:50:45.0425 0x0d48  [ 420142EC02098130910F34191F38D1B1, 8D853F69DFF2D6D66BB1A25644E66DC1E8D841B86674925821B7795FBDC6A683 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
19:50:45.0441 0x0d48  Intel(R) ME Service - ok
19:50:45.0456 0x0d48  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:50:45.0472 0x0d48  intelide - ok
19:50:45.0503 0x0d48  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
19:50:45.0519 0x0d48  intelppm - ok
19:50:45.0644 0x0d48  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:50:45.0675 0x0d48  IpFilterDriver - ok
19:50:46.0192 0x0d48  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:50:46.0317 0x0d48  iphlpsvc - ok
19:50:46.0551 0x0d48  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
19:50:46.0567 0x0d48  IPMIDRV - ok
19:50:46.0848 0x0d48  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:50:46.0879 0x0d48  IPNAT - ok
19:50:46.0989 0x0d48  [ E61BB95A7CB49696D25A0C4EBD108156, 65D95A0DBC408AD18D5E344A5E875551E6CC044038DE438E4EA1102A234FC529 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:50:47.0020 0x0d48  iPod Service - ok
19:50:47.0051 0x0d48  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:50:47.0067 0x0d48  IRENUM - ok
19:50:47.0098 0x0d48  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:50:47.0114 0x0d48  isapnp - ok
19:50:47.0192 0x0d48  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
19:50:47.0207 0x0d48  iScsiPrt - ok
19:50:47.0286 0x0d48  [ 9B24288D9F247BC5B3DAA71C571A028C, 0A1EF61858F9C1066F299C94C0FC4BB434D7585536294847CA8E21E731B9B931 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
19:50:47.0286 0x0d48  jhi_service - ok
19:50:47.0348 0x0d48  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
19:50:47.0364 0x0d48  kbdclass - ok
19:50:47.0411 0x0d48  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
19:50:47.0426 0x0d48  kbdhid - ok
19:50:47.0473 0x0d48  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
19:50:47.0504 0x0d48  kdnic - ok
19:50:47.0536 0x0d48  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\Windows\system32\lsass.exe
19:50:47.0551 0x0d48  KeyIso - ok
19:50:47.0614 0x0d48  [ 07071C1E3CD8F0F9114AAC8B072CA1E5, F72E49D9A77BBE28B135D5DDBD9037083D90400A6D61DA45B5D53C4ACFFAF932 ] KMWDFILTER      C:\Windows\System32\drivers\KMWDFILTER.sys
19:50:47.0629 0x0d48  KMWDFILTER - ok
19:50:47.0676 0x0d48  [ 559A933F5647A7A2783C8A0C6CB0514C, B4CF12D409F14E21DE081A5D7FC935719582FADA1505D03301B444B6B027F1EB ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:50:47.0707 0x0d48  KSecDD - ok
19:50:47.0770 0x0d48  [ 0EB535ADDC065F2D0CBFC089630A6065, F6DD544227A5B7A0C80E401EB5461963567A24834C60AF520FBABC1A9FB4E631 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:50:47.0786 0x0d48  KSecPkg - ok
19:50:47.0817 0x0d48  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:50:47.0832 0x0d48  ksthunk - ok
19:50:47.0879 0x0d48  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:50:47.0911 0x0d48  KtmRm - ok
19:50:47.0957 0x0d48  [ 05A5B36592BB5F371B6AB020A2691E42, 384230A10EA0394E260282509B7D8EFCBFF8814611F6EFAB2DD346B97963EC55 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:50:47.0989 0x0d48  LanmanServer - ok
19:50:48.0036 0x0d48  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:50:48.0067 0x0d48  LanmanWorkstation - ok
19:50:48.0082 0x0d48  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:50:48.0114 0x0d48  lltdio - ok
19:50:48.0176 0x0d48  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:50:48.0207 0x0d48  lltdsvc - ok
19:50:48.0223 0x0d48  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:50:48.0239 0x0d48  lmhosts - ok
19:50:48.0301 0x0d48  [ F194FE43BD9C0E949384E16EED7AA52E, 6260DD6DE9E6BBE8AB2CB8FA3A008C921ACDD340A6BF5C6A1C7C4FFE84C5BD79 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:50:48.0332 0x0d48  LMS - ok
19:50:48.0379 0x0d48  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:50:48.0395 0x0d48  LSI_SAS - ok
19:50:48.0411 0x0d48  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:50:48.0426 0x0d48  LSI_SAS2 - ok
19:50:48.0457 0x0d48  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:50:48.0473 0x0d48  LSI_SCSI - ok
19:50:48.0708 0x0d48  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
19:50:48.0739 0x0d48  LSI_SSS - ok
19:50:48.0942 0x0d48  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\Windows\System32\lsm.dll
19:50:48.0989 0x0d48  LSM - ok
19:50:49.0036 0x0d48  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:50:49.0072 0x0d48  luafv - ok
19:50:49.0111 0x0d48  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
19:50:49.0142 0x0d48  LVRS64 - ok
19:50:49.0377 0x0d48  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
19:50:49.0642 0x0d48  LVUVC64 - ok
19:50:49.0689 0x0d48  [ F0DCD0FD9D79668E34A660F49C8C00BC, 1A57E0E6528AD21F983577E3945B3B72A3A3614E6245313330A4351D9FD3F207 ] MADFULEGACYKEYBOARD C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys
19:50:49.0689 0x0d48  MADFULEGACYKEYBOARD - ok
19:50:49.0736 0x0d48  [ FAEDBEE189A877E302B023BD24FAEBF8, C6E77B90D5D53E539A3AE35D42DD17E90AC1F90B3698C4600BC537E58EA867E4 ] MAUSBLEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys
19:50:49.0752 0x0d48  MAUSBLEGACYKEYBOARD - ok
19:50:49.0892 0x0d48  [ 77AB66599EAFF797744D17C502FECDB9, E3A356AC3D6958B08C126D2C4231F2F7A655348606AE53FB95C6DA17908B32D1 ] McComponentHostServiceSony C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe
19:50:49.0939 0x0d48  McComponentHostServiceSony - ok
19:50:50.0002 0x0d48  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:50:50.0017 0x0d48  megasas - ok
19:50:50.0142 0x0d48  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:50:50.0533 0x0d48  MegaSR - ok
19:50:50.0596 0x0d48  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
19:50:50.0611 0x0d48  MEIx64 - ok
19:50:50.0658 0x0d48  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
19:50:50.0674 0x0d48  MMCSS - ok
19:50:50.0721 0x0d48  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
19:50:50.0752 0x0d48  Modem - ok
19:50:50.0814 0x0d48  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
19:50:50.0846 0x0d48  monitor - ok
19:50:50.0908 0x0d48  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
19:50:50.0924 0x0d48  mouclass - ok
19:50:50.0986 0x0d48  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
19:50:51.0018 0x0d48  mouhid - ok
19:50:51.0065 0x0d48  [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:50:51.0096 0x0d48  mountmgr - ok
19:50:51.0158 0x0d48  [ 9FC679D10A7377BB04ECC3D0E2E26B53, 24ACD4EC1618A052C29E4463138B28F62C8B78D442DB82F4925E64FC5849A096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:50:51.0190 0x0d48  MozillaMaintenance - ok
19:50:51.0252 0x0d48  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:50:51.0361 0x0d48  mpsdrv - ok
19:50:51.0611 0x0d48  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:50:51.0986 0x0d48  MpsSvc - ok
19:50:52.0096 0x0d48  [ 25560C1656DC7F0723A0CC0B0E1C6BED, 17E8565B833ED58CCB6F85B90A42553464C4408C54006E019AA5641EDB682E31 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:50:52.0143 0x0d48  MRxDAV - ok
19:50:52.0283 0x0d48  [ 14EE56050E1637926F5CFA65B1F4209B, C654280B4BB461898B43DF350B5BB76C2FDEBD6B49A19D08B2F28D92E2FA3D0D ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:50:52.0658 0x0d48  mrxsmb - ok
19:50:52.0752 0x0d48  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:50:52.0768 0x0d48  mrxsmb10 - ok
19:50:52.0830 0x0d48  [ 0AA400AB21745F1153ECE75E0186509A, E26696A00008BB8D88ABED6F379FFFAE21ACE9AA7108D9E89A7D99CAF2F23FEF ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:50:52.0861 0x0d48  mrxsmb20 - ok
19:50:53.0033 0x0d48  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
19:50:53.0205 0x0d48  MsBridge - ok
19:50:53.0674 0x0d48  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
19:50:53.0705 0x0d48  MSDTC - ok
19:50:53.0752 0x0d48  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:50:53.0768 0x0d48  Msfs - ok
19:50:53.0799 0x0d48  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
19:50:53.0830 0x0d48  msgpiowin32 - ok
19:50:53.0987 0x0d48  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:50:54.0018 0x0d48  mshidkmdf - ok
19:50:54.0205 0x0d48  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
19:50:54.0330 0x0d48  mshidumdf - ok
19:50:54.0518 0x0d48  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:50:54.0612 0x0d48  msisadrv - ok
19:50:54.0846 0x0d48  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:50:54.0862 0x0d48  MSiSCSI - ok
19:50:54.0877 0x0d48  msiserver - ok
19:50:54.0924 0x0d48  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:50:54.0940 0x0d48  MSKSSRV - ok
19:50:55.0002 0x0d48  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
19:50:55.0018 0x0d48  MsLldp - ok
19:50:55.0018 0x0d48  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:50:55.0033 0x0d48  MSPCLOCK - ok
19:50:55.0049 0x0d48  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:50:55.0065 0x0d48  MSPQM - ok
19:50:55.0190 0x0d48  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:50:55.0221 0x0d48  MsRPC - ok
19:50:55.0283 0x0d48  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
19:50:55.0299 0x0d48  mssmbios - ok
19:50:55.0330 0x0d48  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:50:55.0346 0x0d48  MSTEE - ok
19:50:55.0362 0x0d48  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
19:50:55.0377 0x0d48  MTConfig - ok
19:50:55.0377 0x0d48  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
19:50:55.0393 0x0d48  Mup - ok
19:50:55.0424 0x0d48  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
19:50:55.0440 0x0d48  mvumis - ok
19:50:55.0737 0x0d48  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
19:50:55.0815 0x0d48  napagent - ok
19:50:55.0940 0x0d48  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:50:55.0971 0x0d48  NativeWifiP - ok
19:50:56.0065 0x0d48  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
19:50:56.0080 0x0d48  NcaSvc - ok
19:50:56.0150 0x0d48  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
19:50:56.0166 0x0d48  NcdAutoSetup - ok
19:50:56.0400 0x0d48  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:50:56.0509 0x0d48  NDIS - ok
19:50:56.0556 0x0d48  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:50:56.0587 0x0d48  NdisCap - ok
19:50:56.0634 0x0d48  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
19:50:56.0650 0x0d48  NdisImPlatform - ok
19:50:56.0744 0x0d48  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:50:56.0775 0x0d48  NdisTapi - ok
19:50:56.0806 0x0d48  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:50:56.0822 0x0d48  Ndisuio - ok
19:50:56.0884 0x0d48  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:56.0931 0x0d48  NdisWan - ok
19:50:57.0025 0x0d48  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
19:50:57.0041 0x0d48  NDISWANLEGACY - ok
19:50:57.0103 0x0d48  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:50:57.0181 0x0d48  NDProxy - ok
19:50:57.0244 0x0d48  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
19:50:57.0275 0x0d48  Ndu - ok
19:50:57.0291 0x0d48  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:50:57.0322 0x0d48  NetBIOS - ok
19:50:57.0400 0x0d48  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:50:57.0431 0x0d48  NetBT - ok
19:50:57.0463 0x0d48  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\Windows\system32\lsass.exe
19:50:57.0478 0x0d48  Netlogon - ok
19:50:57.0884 0x0d48  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
19:50:57.0931 0x0d48  Netman - ok
19:50:58.0134 0x0d48  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
19:50:58.0228 0x0d48  netprofm - ok
19:50:58.0416 0x0d48  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:50:58.0431 0x0d48  NetTcpPortSharing - ok
19:50:58.0650 0x0d48  [ EAD40501E8D0B5BF357E090A63698144, 703FD7743569878661903F10C13665A64A106C9918985ABFE2BC2E2020AE65B5 ] NetworkSupport  C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
19:50:58.0681 0x0d48  NetworkSupport - ok
19:50:58.0744 0x0d48  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:50:58.0759 0x0d48  nfrd960 - ok
19:50:58.0822 0x0d48  [ 5177E35B186D2DED6F1EFF57BA61B975, B48C2E0FE2E95C37697107BDB8E0843D3E56200D2E242BF02E205C53978655D9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:50:58.0853 0x0d48  NlaSvc - ok
19:50:58.0900 0x0d48  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:50:58.0916 0x0d48  Npfs - ok
19:50:58.0947 0x0d48  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
19:50:58.0978 0x0d48  npsvctrig - ok
19:50:59.0009 0x0d48  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
19:50:59.0025 0x0d48  nsi - ok
19:50:59.0041 0x0d48  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:50:59.0056 0x0d48  nsiproxy - ok
19:50:59.0197 0x0d48  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:50:59.0369 0x0d48  Ntfs - ok
19:50:59.0431 0x0d48  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
19:50:59.0509 0x0d48  Null - ok
19:51:00.0744 0x0d48  [ 86B50CE257C74E378FC2686B8A1F8B30, 944093E5182FD076A93D8D9C06979E2B031A310217DFF0B2723CB136EE517772 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:51:01.0385 0x0d48  nvlddmkm - ok
19:51:01.0447 0x0d48  [ 3C4C982A745D50EEF29A59927E4E37CD, DB1C833FDA7873D00578C281EC808A6A303D0B569141E5F08FC6369F84AF8318 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:51:01.0447 0x0d48  nvpciflt - ok
19:51:01.0494 0x0d48  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:51:01.0510 0x0d48  nvraid - ok
19:51:01.0556 0x0d48  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:51:01.0588 0x0d48  nvstor - ok
19:51:01.0728 0x0d48  [ F44DF61D9B1C1269862CF4E135B64590, 7E6579A63A6E2E75C9CA752A5D16896C1677F6B7461C9ED9E1962B97946E716B ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:51:01.0775 0x0d48  nvsvc - ok
19:51:01.0994 0x0d48  [ 845AF450F71A11B7358C6EFE9A76A894, 8042DF2402D00E210536552AC8202F6112F75C2F1506B0BED8DD3F04AF7BEF3F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:51:02.0056 0x0d48  nvUpdatusService - ok
19:51:02.0088 0x0d48  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:51:02.0103 0x0d48  nv_agp - ok
19:51:02.0197 0x0d48  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:51:02.0213 0x0d48  ose - ok
19:51:02.0900 0x0d48  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:51:03.0213 0x0d48  osppsvc - ok
19:51:03.0557 0x0d48  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:51:03.0728 0x0d48  p2pimsvc - ok
19:51:03.0822 0x0d48  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:51:04.0166 0x0d48  p2psvc - ok
19:51:04.0308 0x0d48  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
19:51:04.0401 0x0d48  Parport - ok
19:51:04.0480 0x0d48  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:51:04.0495 0x0d48  partmgr - ok
19:51:04.0573 0x0d48  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:51:04.0698 0x0d48  PcaSvc - ok
19:51:04.0761 0x0d48  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
19:51:04.0792 0x0d48  pci - ok
19:51:04.0839 0x0d48  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
19:51:04.0855 0x0d48  pciide - ok
19:51:04.0886 0x0d48  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:51:04.0917 0x0d48  pcmcia - ok
19:51:04.0917 0x0d48  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
19:51:04.0933 0x0d48  pcw - ok
19:51:04.0980 0x0d48  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
19:51:05.0058 0x0d48  pdc - ok
19:51:05.0245 0x0d48  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:51:05.0308 0x0d48  PEAUTH - ok
19:51:05.0526 0x0d48  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:51:05.0558 0x0d48  PerfHost - ok
19:51:05.0651 0x0d48  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
19:51:05.0745 0x0d48  pla - ok
19:51:05.0808 0x0d48  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:51:05.0823 0x0d48  PlugPlay - ok
19:51:05.0995 0x0d48  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:51:06.0026 0x0d48  PNRPAutoReg - ok
19:51:06.0152 0x0d48  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:51:06.0183 0x0d48  PNRPsvc - ok
19:51:06.0308 0x0d48  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:51:06.0355 0x0d48  PolicyAgent - ok
19:51:06.0496 0x0d48  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
19:51:06.0530 0x0d48  Power - ok
19:51:06.0748 0x0d48  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:51:06.0795 0x0d48  PptpMiniport - ok
19:51:07.0483 0x0d48  [ 3D312AC13CB8D05822E9EFD234766BA7, 5914CAA563FAE4E21AD58A262369657135D320788A56ABF15C9D77E9ADC4CA36 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
19:51:07.0686 0x0d48  PrintNotify - ok
19:51:07.0826 0x0d48  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
19:51:07.0858 0x0d48  Processor - ok
19:51:08.0327 0x0d48  [ 1D7127048413309629233B50BF2DD9A6, 918322AFDD576D9966961B111F5E38BDDB4278F9456E7AA1A3453EC8CAF4B8A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:51:08.0358 0x0d48  ProfSvc - ok
19:51:08.0389 0x0d48  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:51:08.0436 0x0d48  Psched - ok
19:51:08.0592 0x0d48  [ D8EB393983B644879DE0546122CC16DF, 4A11DDFB016B560E770660183AF1ADA4831D97DAEAF560E60259F81F2727CBFC ] ptun0901        C:\Windows\system32\DRIVERS\ptun0901.sys
19:51:08.0608 0x0d48  ptun0901 - ok
19:51:08.0795 0x0d48  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
19:51:08.0920 0x0d48  QWAVE - ok
19:51:09.0155 0x0d48  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:51:09.0186 0x0d48  QWAVEdrv - ok
19:51:09.0202 0x0d48  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:51:09.0233 0x0d48  RasAcd - ok
19:51:09.0327 0x0d48  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:51:09.0358 0x0d48  RasAgileVpn - ok
19:51:09.0436 0x0d48  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
19:51:09.0452 0x0d48  RasAuto - ok
19:51:09.0483 0x0d48  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:51:09.0514 0x0d48  Rasl2tp - ok
19:51:09.0577 0x0d48  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
19:51:09.0608 0x0d48  RasMan - ok
19:51:09.0702 0x0d48  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:51:09.0717 0x0d48  RasPppoe - ok
19:51:09.0748 0x0d48  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:51:09.0780 0x0d48  RasSstp - ok
19:51:09.0920 0x0d48  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:51:10.0014 0x0d48  rdbss - ok
19:51:10.0045 0x0d48  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
19:51:10.0077 0x0d48  rdpbus - ok
19:51:10.0108 0x0d48  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:51:10.0202 0x0d48  RDPDR - ok
19:51:10.0264 0x0d48  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:51:10.0295 0x0d48  RdpVideoMiniport - ok
19:51:10.0373 0x0d48  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:51:10.0405 0x0d48  RDPWD - ok
19:51:10.0436 0x0d48  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:51:10.0467 0x0d48  rdyboost - ok
19:51:10.0577 0x0d48  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:51:10.0624 0x0d48  RemoteAccess - ok
19:51:10.0670 0x0d48  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:51:10.0717 0x0d48  RemoteRegistry - ok
19:51:10.0874 0x0d48  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
19:51:10.0905 0x0d48  RFCOMM - ok
19:51:10.0936 0x0d48  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:51:10.0967 0x0d48  RpcEptMapper - ok
19:51:11.0030 0x0d48  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
19:51:11.0139 0x0d48  RpcLocator - ok
19:51:11.0264 0x0d48  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
19:51:11.0311 0x0d48  RpcSs - ok
19:51:11.0374 0x0d48  [ D5E76FA33A4109490228F4015564133E, 2C8206F3E8149D8A6DDFAF5EF0341752586C210ABAB8809E1AB42777CB1B6447 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
19:51:11.0389 0x0d48  RSPCIESTOR - ok
19:51:11.0499 0x0d48  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:51:11.0530 0x0d48  rspndr - ok
19:51:11.0655 0x0d48  [ D2768897FCEA8EEFAD3D69BAC9DC4180, 81E23AA9E13C06BD417C34566766A9F98FD3A8F916123F282CB6E52AB1A10A1D ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
19:51:11.0749 0x0d48  RTL8168 - ok
19:51:11.0811 0x0d48  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
19:51:11.0842 0x0d48  s3cap - ok
19:51:11.0967 0x0d48  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\Windows\system32\lsass.exe
19:51:11.0999 0x0d48  SamSs - ok
19:51:12.0030 0x0d48  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:51:12.0061 0x0d48  sbp2port - ok
19:51:12.0170 0x0d48  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:51:12.0233 0x0d48  SCardSvr - ok
19:51:12.0264 0x0d48  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:51:12.0295 0x0d48  scfilter - ok
19:51:12.0796 0x0d48  [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule        C:\Windows\system32\schedsvc.dll
19:51:12.0921 0x0d48  Schedule - ok
19:51:13.0046 0x0d48  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:51:13.0077 0x0d48  SCPolicySvc - ok
19:51:13.0202 0x0d48  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
19:51:13.0233 0x0d48  sdbus - ok
19:51:13.0359 0x0d48  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:51:13.0390 0x0d48  SDRSVC - ok
19:51:13.0484 0x0d48  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
19:51:13.0500 0x0d48  sdstor - ok
19:51:13.0547 0x0d48  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:51:13.0562 0x0d48  secdrv - ok
19:51:13.0625 0x0d48  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
19:51:13.0656 0x0d48  seclogon - ok
19:51:13.0703 0x0d48  [ 1ED7A8574A28357097A5CB4063C96B00, 4E248CA66B7DE930AEC501A85F507AB813FC3CEBCBA347DFF3B05CE6CB8E496B ] semav6thermal64ro C:\Windows\system32\drivers\semav6thermal64ro.sys
19:51:13.0718 0x0d48  semav6thermal64ro - ok
19:51:13.0765 0x0d48  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
19:51:13.0812 0x0d48  SENS - ok
19:51:13.0875 0x0d48  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:51:13.0890 0x0d48  SensrSvc - ok
19:51:13.0937 0x0d48  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
19:51:13.0953 0x0d48  SerCx - ok
19:51:13.0953 0x0d48  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
19:51:13.0968 0x0d48  Serenum - ok
19:51:14.0000 0x0d48  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
19:51:14.0015 0x0d48  Serial - ok
19:51:14.0047 0x0d48  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
19:51:14.0062 0x0d48  sermouse - ok
19:51:14.0281 0x0d48  ServiceEverything - ok
19:51:14.0359 0x0d48  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:51:14.0390 0x0d48  SessionEnv - ok
19:51:14.0422 0x0d48  [ 415B1326C40A2E1F251A3845B9C7DF31, D7BD668962B71DC3877366EB0C0BD5CDB1FF564A5866EE58DB90838D78227AD6 ] SFEP            C:\Windows\System32\drivers\SFEP.sys
19:51:14.0453 0x0d48  SFEP - ok
19:51:14.0500 0x0d48  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
19:51:14.0625 0x0d48  sfloppy - ok
19:51:14.0734 0x0d48  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:51:14.0781 0x0d48  SharedAccess - ok
19:51:14.0906 0x0d48  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:51:14.0953 0x0d48  ShellHWDetection - ok
19:51:15.0047 0x0d48  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:51:15.0062 0x0d48  SiSRaid2 - ok
19:51:15.0109 0x0d48  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:51:15.0125 0x0d48  SiSRaid4 - ok
19:51:15.0250 0x0d48  [ 651BE03BCD0EEA41765D453DEB6050BC, D8A8132AF78E2E8BA3BCF6EE4D1C8BB4C6F2224765E04F0254B592BCB4C3CDF1 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
19:51:15.0268 0x0d48  SmbDrvI - ok
19:51:15.0313 0x0d48  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:51:15.0328 0x0d48  SNMPTRAP - ok
19:51:15.0516 0x0d48  [ 56210E78E7ED9CD178DF3B710D0D514C, 641C8CA7264975DA82A532B816723454235CFD247E0311803B472070DBE83320 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
19:51:15.0547 0x0d48  SOHCImp - ok
19:51:15.0594 0x0d48  [ F939D397853E433C1D59B96B96497F88, 98FC1EC27B758774A708910AE217AA02B14DA34245A1D6BA072436928FDA972D ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
19:51:15.0625 0x0d48  SOHDms - ok
19:51:15.0656 0x0d48  [ FA4AC5624B245FA03D4CCBA9C48D385E, 3125359763D34EE51EB1125217050DB29045154E76673F7CFED25B6301C7EEBE ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
19:51:15.0672 0x0d48  SOHDs - ok
19:51:15.0735 0x0d48  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
19:51:15.0766 0x0d48  spaceport - ok
19:51:15.0797 0x0d48  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
19:51:15.0813 0x0d48  SpbCx - ok
19:51:15.0891 0x0d48  [ C03E480E63A80D73FABE28D24D3B6B47, F8C68DC63A5492587F9343158348ADD99A99AF34DC7ED29E5562EE90C0AB8F25 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
19:51:15.0906 0x0d48  SpfService - ok
19:51:15.0985 0x0d48  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
19:51:16.0078 0x0d48  Spooler - ok
19:51:16.0328 0x0d48  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
19:51:16.0625 0x0d48  sppsvc - ok
19:51:16.0688 0x0d48  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:51:16.0719 0x0d48  srv - ok
19:51:16.0813 0x0d48  [ B56A855B23676CCE05B626C6037FD02F, 3C0DCB16A96BD6A002A4FAF1AF939AF470D95137CB745F5DAD039B5D8C956E30 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:51:16.0891 0x0d48  srv2 - ok
19:51:16.0922 0x0d48  [ 78E9665C8DC59106D133CBEF0F0C3DE3, 380FD51EE00CEF3FFEF9BFB5E14538E084F1DDF8D8F8BCDF4EC23CB8C3A40D2F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:51:16.0953 0x0d48  srvnet - ok
19:51:16.0985 0x0d48  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:51:17.0016 0x0d48  SSDPSRV - ok
19:51:17.0063 0x0d48  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
19:51:17.0063 0x0d48  SSPORT - ok
19:51:17.0094 0x0d48  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:51:17.0110 0x0d48  SstpSvc - ok
19:51:17.0157 0x0d48  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:51:17.0172 0x0d48  ssudmdm - ok
19:51:17.0219 0x0d48  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:51:17.0235 0x0d48  stexstor - ok
19:51:17.0297 0x0d48  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
19:51:17.0361 0x0d48  stisvc - ok
19:51:17.0408 0x0d48  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
19:51:17.0423 0x0d48  storahci - ok
19:51:17.0501 0x0d48  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
19:51:17.0517 0x0d48  storflt - ok
19:51:17.0626 0x0d48  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
19:51:17.0642 0x0d48  StorSvc - ok
19:51:17.0704 0x0d48  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:51:17.0720 0x0d48  storvsc - ok
19:51:17.0767 0x0d48  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
19:51:17.0798 0x0d48  svsvc - ok
19:51:17.0829 0x0d48  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
19:51:17.0845 0x0d48  swenum - ok
19:51:17.0892 0x0d48  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
19:51:17.0939 0x0d48  swprv - ok
19:51:18.0001 0x0d48  [ C54F86A754D7EA388ABD817D7A9B712C, EC2E365EE165393543A0661783410C91D32FF4413866DC0875D67FFA7DF4F763 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:51:18.0048 0x0d48  SynTP - ok
19:51:18.0142 0x0d48  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
19:51:18.0236 0x0d48  SysMain - ok
19:51:18.0298 0x0d48  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:51:18.0314 0x0d48  SystemEventsBroker - ok
19:51:18.0345 0x0d48  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
19:51:18.0376 0x0d48  TabletInputService - ok
19:51:18.0408 0x0d48  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:51:18.0423 0x0d48  tap0901 - ok
19:51:18.0454 0x0d48  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:51:18.0470 0x0d48  TapiSrv - ok
19:51:18.0611 0x0d48  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:51:18.0954 0x0d48  Tcpip - ok
19:51:19.0315 0x0d48  [ 2AE9136724568DB4F08BC04F131CFC54, 11AA017AE39D0A63233D01A8AE33FD53D5302683E037D29B73366D6233764080 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:51:19.0440 0x0d48  TCPIP6 - ok
19:51:19.0487 0x0d48  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:51:19.0533 0x0d48  tcpipreg - ok
19:51:19.0565 0x0d48  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:51:19.0580 0x0d48  tdx - ok
19:51:19.0612 0x0d48  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
19:51:19.0627 0x0d48  terminpt - ok
19:51:19.0705 0x0d48  [ 2B3D2FDF50EDABEBE0A9E6F741C81858, F0C3A1DC968C5D28EF68BE4352577B4F8D4B4FB6274268DCCCD8A5C132DEC2F9 ] TermService     C:\Windows\System32\termsrv.dll
19:51:19.0768 0x0d48  TermService - ok
19:51:19.0799 0x0d48  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
19:51:19.0830 0x0d48  Themes - ok
19:51:19.0940 0x0d48  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:51:19.0955 0x0d48  THREADORDER - ok
19:51:20.0018 0x0d48  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
19:51:20.0049 0x0d48  TimeBroker - ok
19:51:20.0158 0x0d48  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
19:51:20.0315 0x0d48  TPM - ok
19:51:20.0614 0x0d48  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
19:51:20.0645 0x0d48  TrkWks - ok
19:51:20.0801 0x0d48  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:51:20.0832 0x0d48  TrustedInstaller - ok
19:51:20.0879 0x0d48  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:51:20.0895 0x0d48  TsUsbFlt - ok
19:51:20.0895 0x0d48  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
19:51:20.0911 0x0d48  TsUsbGD - ok
19:51:21.0098 0x0d48  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:51:21.0130 0x0d48  tunnel - ok
19:51:21.0223 0x0d48  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:51:21.0255 0x0d48  uagp35 - ok
19:51:21.0286 0x0d48  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
19:51:21.0505 0x0d48  UASPStor - ok
19:51:21.0661 0x0d48  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
19:51:21.0848 0x0d48  UCX01000 - ok
19:51:22.0145 0x0d48  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:51:22.0177 0x0d48  udfs - ok
19:51:22.0239 0x0d48  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:51:22.0255 0x0d48  UI0Detect - ok
19:51:22.0302 0x0d48  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:51:22.0317 0x0d48  uliagpkx - ok
19:51:22.0348 0x0d48  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
19:51:22.0364 0x0d48  umbus - ok
19:51:22.0380 0x0d48  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
19:51:22.0395 0x0d48  UmPass - ok
19:51:22.0458 0x0d48  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:51:22.0473 0x0d48  UmRdpService - ok
19:51:22.0661 0x0d48  [ 83C37EF0E54580BAB3497259516A9431, A5EAC7241774EF738AB3927B11091F0C1E7E987DAF936B76D129EA3E516C6733 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:51:22.0692 0x0d48  UNS - ok
19:51:22.0770 0x0d48  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
19:51:22.0817 0x0d48  upnphost - ok
19:51:22.0864 0x0d48  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\System32\Drivers\usbaapl64.sys
19:51:22.0895 0x0d48  USBAAPL64 - ok
19:51:22.0942 0x0d48  [ 9E9F21FF91D7ECC0BCCB94D3FE52A959, 85461393D62ED939F6741C2D0A90C8AB34F4415173223BB4CFC119715D10E7A7 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:51:22.0989 0x0d48  usbaudio - ok
19:51:23.0036 0x0d48  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
19:51:23.0052 0x0d48  usbccgp - ok
19:51:23.0145 0x0d48  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
19:51:23.0177 0x0d48  usbcir - ok
19:51:23.0302 0x0d48  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
19:51:23.0317 0x0d48  usbehci - ok
19:51:23.0412 0x0d48  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
19:51:23.0459 0x0d48  usbhub - ok
19:51:23.0584 0x0d48  [ FAAB461D5AEB21EE5FC5C0DBD6648223, 187EB7AC6CDE39621C587EB1551DBC358DE2BC7C8A4265DB817C9D6F5ADE54A3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
19:51:23.0631 0x0d48  USBHUB3 - ok
19:51:23.0662 0x0d48  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
19:51:23.0678 0x0d48  usbohci - ok
19:51:23.0709 0x0d48  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
19:51:23.0756 0x0d48  usbprint - ok
19:51:23.0787 0x0d48  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:51:23.0803 0x0d48  usbscan - ok
19:51:23.0850 0x0d48  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
19:51:23.0865 0x0d48  USBSTOR - ok
19:51:23.0896 0x0d48  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
19:51:23.0912 0x0d48  usbuhci - ok
19:51:23.0943 0x0d48  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:51:23.0959 0x0d48  usbvideo - ok
19:51:24.0021 0x0d48  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
19:51:24.0037 0x0d48  USBXHCI - ok
19:51:24.0146 0x0d48  [ 34349E7B488FA61B639117F6BF1EBF99, A7A7E60511F7D6370473D41867F5323695308CC27D3EEB0286687D3A9E0084E9 ] USER_ESRV_SVC   C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
19:51:24.0178 0x0d48  USER_ESRV_SVC - ok
19:51:24.0543 0x0d48  [ 1CA1DC88D9484BCFD6C26560F397539A, 95C2AB45D4682BB4F75F1D03D57CCA944BA570EFEA06E0AB71062C6E6E7C7F4A ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
19:51:24.0558 0x0d48  VAIO Event Service - ok
19:51:24.0637 0x0d48  [ 0E15735307E1068F2E2169BEB1CA4CC2, BF44F28E473EBBA1910436C17FD14CF9A4DD4AD0716FFD3129D2B6F2300ADCF1 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
19:51:24.0762 0x0d48  VAIO Power Management - ok
19:51:24.0793 0x0d48  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\Windows\system32\lsass.exe
19:51:24.0809 0x0d48  VaultSvc - ok
19:51:24.0887 0x0d48  [ 7D99F5F96DB4A5789C7A6B8BBC8AED95, 911251CD3418079905790DDF2404DC0DE537DBBBEE7F993CE8E1FC3A003F6180 ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
19:51:24.0980 0x0d48  VBoxDrv - ok
19:51:24.0996 0x0d48  [ 0239B3849DE58C1D13F79D2B2BFA780F, FC31F00727D1AD603DE439236278CF7584CF3A783CAB4F938F3F3FD9005A2903 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
19:51:25.0012 0x0d48  VBoxNetAdp - ok
19:51:25.0059 0x0d48  [ 4485FDDC62FD8582D23C9603CA4B603D, 015221150052B40150D3DAD4375234C58B1E97329D4829B031D22FD4E74892E4 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
19:51:25.0074 0x0d48  VBoxNetFlt - ok
19:51:25.0090 0x0d48  [ EC2DFAD046DEB5E92E1BA4D366B6B9EE, E48BEFECD2CF2C9CF946E4B3AEE41B98AA1FB4D240A9F62A6978B9E1E476E42D ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
19:51:25.0105 0x0d48  VBoxUSBMon - ok
19:51:25.0215 0x0d48  [ DEBA4273293DAE85EE4BE3F433C903D7, 62254F305DDE2D14CE3ABD1FA7B2B1F1FAC3925926D73A217EF863F6D4B25FBF ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
19:51:25.0277 0x0d48  VCFw - ok
19:51:25.0324 0x0d48  [ 3C8E2C591345F38149C69FE8E5DF8C90, 9F4BB9BDA09CB2E99A6A888B288F322AE5C460B5D124CD714C6F00FF5029144B ] VClone          C:\Windows\System32\drivers\VClone.sys
19:51:25.0340 0x0d48  VClone - ok
19:51:25.0465 0x0d48  [ 0D53D30C8473EEDC1757FDA3C511103B, 54E1AE2CCD71AD446F373DD8E19382D81CA2BC9AEEE326CF5BF020AD3C5F58AB ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
19:51:25.0465 0x0d48  VCService - ok
19:51:25.0496 0x0d48  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:51:25.0512 0x0d48  vdrvroot - ok
19:51:25.0590 0x0d48  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
19:51:25.0652 0x0d48  vds - ok
19:51:25.0715 0x0d48  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
19:51:25.0777 0x0d48  VerifierExt - ok
19:51:25.0824 0x0d48  [ D4051AA2ACD38AABF9DEC24B8A331EB1, 377D5DD98E4E09F3CCC330852F9FD9E4CC2069AE1A1C1AFBC90002FE3101708B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
19:51:25.0871 0x0d48  vhdmp - ok
19:51:25.0902 0x0d48  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:51:26.0121 0x0d48  viaide - ok
19:51:26.0152 0x0d48  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:51:26.0168 0x0d48  vmbus - ok
19:51:26.0184 0x0d48  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
19:51:26.0199 0x0d48  VMBusHID - ok
19:51:26.0199 0x0d48  vmci - ok
19:51:26.0262 0x0d48  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
19:51:26.0293 0x0d48  vmicheartbeat - ok
19:51:26.0309 0x0d48  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
19:51:26.0340 0x0d48  vmickvpexchange - ok
19:51:26.0355 0x0d48  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
19:51:26.0371 0x0d48  vmicrdv - ok
19:51:26.0387 0x0d48  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
19:51:26.0418 0x0d48  vmicshutdown - ok
19:51:26.0434 0x0d48  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
19:51:26.0465 0x0d48  vmictimesync - ok
19:51:26.0496 0x0d48  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
19:51:26.0512 0x0d48  vmicvss - ok
19:51:26.0527 0x0d48  VMnetAdapter - ok
19:51:26.0605 0x0d48  [ 7921F8A6D7EC098F6DB5F37A6C44D0C2, F204BABDE6E70D6377AB5945E979FA44CC37F03587A7AD3DB4A08D8E297C2345 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
19:51:26.0652 0x0d48  VMUSBArbService - ok
19:51:26.0746 0x0d48  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:51:26.0762 0x0d48  volmgr - ok
19:51:26.0777 0x0d48  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:51:26.0809 0x0d48  volmgrx - ok
19:51:26.0887 0x0d48  [ AA37946941ED3805AB3A924965907147, 11BD8FA585F193EED050458E93679D730FC2C09D19237DA40B0190132D328CB2 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:51:26.0934 0x0d48  volsnap - ok
19:51:26.0965 0x0d48  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
19:51:26.0980 0x0d48  vpci - ok
19:51:27.0137 0x0d48  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:51:27.0152 0x0d48  vsmraid - ok
19:51:27.0324 0x0d48  [ FE37051171F3B90B18037FDBAC5B9D76, F220D71512E059F298F3CD958D69BE7225A8E8D492387347E75A0E615159782A ] VSS             C:\Windows\system32\vssvc.exe
19:51:27.0418 0x0d48  VSS - ok
19:51:27.0465 0x0d48  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
19:51:27.0481 0x0d48  VSTXRAID - ok
19:51:27.0621 0x0d48  [ C1FAE2E81955DCCD79034A23EC4F3F37, 61B6477C6068B5542D3EE9C6336FBD7589F1CFFD3E850473A539619033533286 ] VUAgent         C:\Program Files\Sony\VAIO Update\vuagent.exe
19:51:27.0699 0x0d48  VUAgent - ok
19:51:27.0715 0x0d48  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:51:27.0746 0x0d48  vwifibus - ok
19:51:27.0856 0x0d48  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:51:27.0871 0x0d48  vwififlt - ok
19:51:27.0902 0x0d48  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
19:51:27.0918 0x0d48  vwifimp - ok
19:51:28.0043 0x0d48  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
19:51:28.0074 0x0d48  W32Time - ok
19:51:28.0106 0x0d48  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
19:51:28.0121 0x0d48  WacomPen - ok
19:51:28.0152 0x0d48  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:51:28.0168 0x0d48  Wanarp - ok
19:51:28.0168 0x0d48  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:51:28.0184 0x0d48  Wanarpv6 - ok
19:51:28.0293 0x0d48  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
19:51:28.0418 0x0d48  wbengine - ok
19:51:28.0528 0x0d48  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:51:28.0560 0x0d48  WbioSrvc - ok
19:51:28.0607 0x0d48  [ F43314B83101DEBF7D7CCD42493CFC60, F4B70372559F2FD9A74FB87422EC6EF024F925AE4D838473E04E6B48AB7255AF ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
19:51:28.0638 0x0d48  Wcmsvc - ok
19:51:28.0685 0x0d48  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:51:28.0732 0x0d48  wcncsvc - ok
19:51:28.0763 0x0d48  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:51:28.0778 0x0d48  WcsPlugInService - ok
19:51:28.0825 0x0d48  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
19:51:28.0841 0x0d48  Wd - ok
19:51:28.0872 0x0d48  [ 5A416C253D2C50327928ABC4A1D8A0F2, A3A41F3E6229D86F85F68062BBEA38290FB78B3D3F0D8DF3B6C01FF5B93A9F16 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
19:51:28.0888 0x0d48  WdBoot - ok
19:51:29.0044 0x0d48  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:51:29.0122 0x0d48  Wdf01000 - ok
19:51:29.0153 0x0d48  [ 6FBA6CD2348DEC440D0C6D511C55F3FE, 0CB50B57D9C6E56B20FA8777540E2C8C5702753758075DA4C310A7B2B2F8A352 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
19:51:29.0185 0x0d48  WdFilter - ok
19:51:29.0216 0x0d48  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:51:29.0247 0x0d48  WdiServiceHost - ok
19:51:29.0247 0x0d48  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:51:29.0278 0x0d48  WdiSystemHost - ok
19:51:29.0341 0x0d48  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\Windows\System32\webclnt.dll
19:51:29.0372 0x0d48  WebClient - ok
19:51:29.0419 0x0d48  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:51:29.0450 0x0d48  Wecsvc - ok
19:51:29.0482 0x0d48  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:51:29.0545 0x0d48  wercplsupport - ok
19:51:29.0592 0x0d48  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:51:29.0623 0x0d48  WerSvc - ok
19:51:29.0654 0x0d48  [ 8FDA12E934C7BB7CC317F90FC70DC4FC, AA0DA063BCE5692DFD46F0AAE07727B38D4AA87A9BAEBAFF137F9CAAF2808EC0 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
19:51:29.0670 0x0d48  WFPLWFS - ok
19:51:29.0764 0x0d48  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
19:51:29.0904 0x0d48  WiaRpc - ok
19:51:29.0951 0x0d48  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:51:29.0967 0x0d48  WIMMount - ok
19:51:30.0029 0x0d48  WinDefend - ok
19:51:30.0154 0x0d48  WindowsMangerProtect - ok
19:51:30.0248 0x0d48  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:51:30.0295 0x0d48  WinHttpAutoProxySvc - ok
19:51:30.0561 0x0d48  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:51:30.0639 0x0d48  Winmgmt - ok
19:51:30.0858 0x0d48  [ 89DA335401D956F2696E35A38817BE19, D5A8D5C0BE285564AB0DF1B4594FE612359C72BE3B64063C3460BB73AA34F413 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:51:31.0029 0x0d48  WinRM - ok
19:51:31.0076 0x0d48  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
19:51:31.0108 0x0d48  WinUsb - ok
19:51:31.0311 0x0d48  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
19:51:31.0405 0x0d48  WlanSvc - ok
19:51:31.0514 0x0d48  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
19:51:31.0655 0x0d48  wlidsvc - ok
19:51:31.0889 0x0d48  [ 73B8665D4C3111E4AFF871955BDEB2DB, D919425768589D6BC5806CD559599D7775BF03BABC19D406E2E8F5C35BFA6F44 ] wltrysvc        C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
19:51:31.0889 0x0d48  wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
19:51:34.0375 0x0d48  Detect skipped due to KSN trusted
19:51:34.0375 0x0d48  wltrysvc - ok
19:51:34.0406 0x0d48  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
19:51:34.0421 0x0d48  WmiAcpi - ok
19:51:34.0500 0x0d48  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:51:34.0531 0x0d48  wmiApSrv - ok
19:51:34.0562 0x0d48  WMPNetworkSvc - ok
19:51:34.0609 0x0d48  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
19:51:34.0625 0x0d48  wpcfltr - ok
19:51:34.0672 0x0d48  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:51:34.0687 0x0d48  WPCSvc - ok
19:51:34.0765 0x0d48  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:51:34.0781 0x0d48  WPDBusEnum - ok
19:51:34.0796 0x0d48  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
19:51:34.0812 0x0d48  WpdUpFltr - ok
19:51:34.0843 0x0d48  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:51:34.0859 0x0d48  ws2ifsl - ok
19:51:34.0906 0x0d48  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\System32\wscsvc.dll
19:51:34.0937 0x0d48  wscsvc - ok
19:51:34.0937 0x0d48  WSearch - ok
19:51:35.0281 0x0d48  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
19:51:35.0500 0x0d48  WSService - ok
19:51:36.0687 0x0d48  [ C5B45464B98F211FE58AEE62CFF21F05, A0AB6142F35707102B75C9C29A749C7EB12CB6F5E85E6BA67C5B961AF7EB3BE8 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:51:36.0953 0x0d48  wuauserv - ok
19:51:37.0172 0x0d48  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:51:37.0187 0x0d48  WudfPf - ok
19:51:37.0218 0x0d48  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
19:51:37.0375 0x0d48  WUDFRd - ok
19:51:37.0750 0x0d48  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:51:37.0781 0x0d48  wudfsvc - ok
19:51:37.0812 0x0d48  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
19:51:37.0844 0x0d48  WUDFWpdFs - ok
19:51:37.0890 0x0d48  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
19:51:37.0906 0x0d48  WUDFWpdMtp - ok
19:51:38.0234 0x0d48  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:51:38.0265 0x0d48  WwanSvc - ok
19:51:38.0297 0x0d48  ================ Scan global ===============================
19:51:38.0375 0x0d48  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
19:51:38.0453 0x0d48  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
19:51:38.0515 0x0d48  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
19:51:38.0562 0x0d48  [ 590A2B4198DD35AA42893BA04F66FD3F, BDD9609F43275E895AE3A685DF921B19F11E4D8617F7BD3D4BA21A230EB9A060 ] C:\Windows\system32\services.exe
19:51:38.0578 0x0d48  [ Global ] - ok
19:51:38.0594 0x0d48  ================ Scan MBR ==================================
19:51:38.0594 0x0d48  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:51:38.0844 0x0d48  \Device\Harddisk0\DR0 - ok
19:51:38.0844 0x0d48  ================ Scan VBR ==================================
19:51:38.0859 0x0d48  [ 2388141679C96C8EFC61B4EC4BB6DB0D ] \Device\Harddisk0\DR0\Partition1
19:51:38.0875 0x0d48  \Device\Harddisk0\DR0\Partition1 - ok
19:51:38.0906 0x0d48  [ 20CD9C07838FC7D29CB5957B58256AF4 ] \Device\Harddisk0\DR0\Partition2
19:51:38.0922 0x0d48  \Device\Harddisk0\DR0\Partition2 - ok
19:51:38.0937 0x0d48  [ 6B41B8319E8F8D32A508D0B4DCF01DC1 ] \Device\Harddisk0\DR0\Partition3
19:51:38.0953 0x0d48  \Device\Harddisk0\DR0\Partition3 - ok
19:51:38.0969 0x0d48  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
19:51:38.0969 0x0d48  \Device\Harddisk0\DR0\Partition4 - ok
19:51:38.0969 0x0d48  [ 8EE68D74E2EE8847E2E3B1727A0BA190 ] \Device\Harddisk0\DR0\Partition5
19:51:38.0984 0x0d48  \Device\Harddisk0\DR0\Partition5 - ok
19:51:39.0000 0x0d48  [ A27DF04B2949D2B2BC3D35386E3B6FC8 ] \Device\Harddisk0\DR0\Partition6
19:51:39.0015 0x0d48  \Device\Harddisk0\DR0\Partition6 - ok
19:51:39.0015 0x0d48  ================ Scan generic autorun ======================
19:51:39.0594 0x0d48  [ 693B9E5DF7A394D70D2AA96958854C67, F1FB4CE517DC7FB8788D991F354B7429EF756B15953C38B859FDACAFD356DC21 ] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe
19:51:40.0156 0x0d48  Broadcom Wireless Manager UI - detected UnsignedFile.Multi.Generic ( 1 )
19:51:42.0891 0x0d48  Detect skipped due to KSN trusted
19:51:42.0891 0x0d48  Broadcom Wireless Manager UI - ok
19:51:43.0079 0x0d48  [ AAA55BD633DBDB39746CC2394A04187F, 2F22135FCE51B31047A231DB9B22F9FB1F29CED67E32660B56F7FA68BBCD5235 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
19:51:43.0157 0x0d48  RtHDVBg - ok
19:51:43.0360 0x0d48  [ CED51BFC4C08ACD31580858A71A08732, 3E66440DC32484CDA4E1461B22AD2E34D7082A5828DAA92DD44578D34708CABF ] C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe
19:51:43.0423 0x0d48  Bluetooth - ok
19:51:43.0579 0x0d48  [ 8CC5E4DB25E4C22A308E2820E69D4950, A53BBE06FF226DA7E37C3ADA881AF4F856E439553DFA7D10DDECB07196545B39 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
19:51:43.0610 0x0d48  CDAServer - ok
19:51:43.0657 0x0d48  [ 948765C7AFDBCBE4F18FFBFBB61D0F84, 8B5D9E27F4833E78DBE078FD9047F96EDFEE00C6A3AC2A859369FC141291060F ] C:\Windows\system32\igfxtray.exe
19:51:43.0673 0x0d48  IgfxTray - ok
19:51:43.0719 0x0d48  [ 0466C36B944C3DF471E0FB37893075A4, 619D132F3819D77CD7B2A7C0E83724F9A5F8D429815EF407D1AA97B43E5641E2 ] C:\Windows\system32\hkcmd.exe
19:51:43.0735 0x0d48  HotKeysCmds - ok
19:51:43.0782 0x0d48  [ 593B696A273EDCF651EBA9400E318195, 7AB2F6C8FAC4F6885D49FE773DF34B12C7D5965BF89BFD918E8BCD26AA07C951 ] C:\Windows\system32\igfxpers.exe
19:51:43.0813 0x0d48  Persistence - ok
19:51:43.0876 0x0d48  [ 076B3EE149E01ADBAC2DC529554A3FD9, 4F65D9D2EE44829AA2264210112851E899165C2346489BEBE679C41420CF7D07 ] C:\Program Files\iTunes\iTunesHelper.exe
19:51:43.0891 0x0d48  iTunesHelper - ok
19:51:43.0891 0x0d48  SynTPEnh - ok
19:51:43.0891 0x0d48  tvncontrol - ok
19:51:43.0891 0x0d48  mcui_exe - ok
19:51:43.0985 0x0d48  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
19:51:44.0048 0x0d48  Adobe ARM - ok
19:51:44.0126 0x0d48  [ 49CD8D25D932C5BF867EBFF00D432B75, D107F7736AC8D43CE93ABDE1A8038D8FE87779F25F41B3FD1E942DF439581236 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
19:51:44.0141 0x0d48  Intel AppUp(R) center - ok
19:51:44.0188 0x0d48  [ 3E27C683EFB0CA64190D9FA9AD4C6CD2, C5841378E22CEE607BBBD06F8024D0BB6EE05768B78DA0C0B0E2EA887E500F5A ] C:\Program Files (x86)\PDF24\pdf24.exe
19:51:44.0204 0x0d48  PDFPrint - ok
19:51:44.0266 0x0d48  [ 4275C55AA440DC08EA0267AED31D9654, A5EF4505960D9CECC45376026A8B51FF43282AE811C88617CCD8F7F1E6E56A7B ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
19:51:44.0282 0x0d48  APSDaemon - ok
19:51:44.0407 0x0d48  [ F8A3337DE768B126B061F1B7CD38A436, F93EE8D8D7CA28658587F82C38AE6C13D51A03CFE8DE6AC3BA35DC6A1DB986CE ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
19:51:44.0423 0x0d48  KiesTrayAgent - ok
19:51:44.0501 0x0d48  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
19:51:44.0516 0x0d48  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
19:51:47.0111 0x0d48  Detect skipped due to KSN trusted
19:51:47.0111 0x0d48  QuickTime Task - ok
19:51:47.0236 0x0d48  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
19:51:47.0314 0x0d48  KiesPreload - ok
19:51:47.0393 0x0d48  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
19:51:47.0455 0x0d48  KiesPreload - ok
19:51:47.0674 0x0d48  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
19:51:47.0736 0x0d48  KiesPreload - ok
19:51:47.0814 0x0d48  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
19:51:47.0893 0x0d48  KiesPreload - ok
19:51:47.0971 0x0d48  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
19:51:48.0033 0x0d48  KiesPreload - ok
19:51:48.0111 0x0d48  [ 2F85D5E63A1ECE08085D32C1B615BBFD, 7263F4E0CC7D375CBAA44406F90F427E6EC9382184B3CD62A90C0DD6B7D88372 ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
19:51:48.0205 0x0d48  KiesPreload - ok
19:51:48.0205 0x0d48  Waiting for KSN requests completion. In queue: 18
19:51:49.0220 0x0d48  Waiting for KSN requests completion. In queue: 18
19:51:50.0228 0x0d48  Waiting for KSN requests completion. In queue: 6
19:51:51.0275 0x0d48  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
19:51:51.0550 0x0d48  Win FW state via NFP2: enabled ( trusted )
19:51:54.0038 0x0d48  ============================================================
19:51:54.0038 0x0d48  Scan finished
19:51:54.0038 0x0d48  ============================================================
19:51:54.0054 0x11bc  Detected object count: 0
19:51:54.0054 0x11bc  Actual detected object count: 0
         

Alt 23.08.2015, 07:35   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.08.2015, 16:03   #6
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hallo,
Sorry war die letzten Tage unterwegs:
Hier die weiteren Logs:

AdwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.003 - Bericht erstellt 26/08/2015 um 11:12:04
# Aktualisiert 20/08/2015 von Xplode
# Datenbank : 2015-08-20.1 [Lokal]
# Betriebssystem : Windows 8  (x64)
# Benutzername : Tobi - TOBIAS
# Gestarted von : C:\Users\Tobias\Desktop\AdwCleaner_5.003.exe
# Option : Löschen

***** [ Dienste ] *****

[-] Dienst Gelöscht : ServiceEverything

***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\WinZipper
[-] Ordner Gelöscht : C:\Program Files (x86)\miuitab
[-] Ordner Gelöscht : C:\Users\Tobi\AppData\Roaming\WinZipper

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\user.js

***** [ Verknüpfungen ] *****

[-] Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Tobi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Tobi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\V9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Myfree Codec
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Internetbrowser ] *****

[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaultenginename", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.alias", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://search.delta-homes.com/favicon.ico");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.name", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://search.delta-homes.com/web/?type=ds&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q[...]
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt

########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [5299 Bytes] ##########
         
--- --- ---


mbam erster Durchgang:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 26.08.2015
Suchlaufzeit: 09:00
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.06.03.03
Rootkit-Datenbank: v2015.06.02.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Tobi

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 723667
Abgelaufene Zeit: 51 Min., 28 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 3
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1244, Löschen bei Neustart, [a3ace6d04f3b30065e8ce2dcff028977]
PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, 1856, Löschen bei Neustart, [f35c3c7a5d2d3402fe9321f651b1a15f]
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 4228, Löschen bei Neustart, [2e2160563852b77f3fe1f568e122e818]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 37
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [a3ace6d04f3b30065e8ce2dcff028977], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, In Quarantäne, [a3ace6d04f3b30065e8ce2dcff028977], 
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [f35c3c7a5d2d3402fe9321f651b1a15f], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [96b96452b7d3330323c9fe692fd4926e], 
PUP.Optional.MultiPlug.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Native Instruments Kontakt Factory Library, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1244CC88-97DF-4694-A720-6F073845DEE2}, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [4e01c1f5b1d993a3f1ddad61e22257a9], 
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [c68915a16822280e266402e33bc89d63], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [66e9b8fe9eec71c55af343b3c83b28d8], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [9ab5a4121377a294f9e5293f2bdaaa56], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [d37c991db5d59c9a1f0a67a3a262ba46], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [afa0199d8dfd61d568ba7de14cb9c739], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [b59a2294602af046b078f812bc48748c], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [3c13fbbbcfbb88ae8faca35d63a1d030], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [3b148036b4d61d19f04c01ffcd37c937], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [cf80feb8573371c54ace91a3d133f20e], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\INSTALLCORE, In Quarantäne, [0a45714517739f9702d77ccd4abb0ff1], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [c38c298d0d7d77bf818d37b14bb8b050], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [5cf372440f7b270f729caa3e778c04fc], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{710EB415-0FEB-4072-A071-2EBF67913B6D}, In Quarantäne, [311ed3e3404a76c06ba3de0a1ae98e72], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{83500C12-F30C-4853-B3FC-855714F941F1}, In Quarantäne, [430c2f875f2b181e888614d4689bb34d], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9F24448A-79C7-4C35-9C15-B0E17ED97E93}, In Quarantäne, [98b7a90de5a550e60806df097f848b75], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [c58a75415436b482a36b10d8e221847c], 
PUP.Optional.QuickSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [034c44720c7e9e98594c85611be8659b], 
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\OPTIMIZER PRO, In Quarantäne, [430c6d49d1b930061078413f1ce9ba46], 

Registrierungswerte: 13
PUP.Optional.QuickSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com, In Quarantäne, [1b34b7ff7119211591ec1cca37cc40c0]
PUP.Optional.SweetSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com, In Quarantäne, [ee61ccea830745f108761fc71be8ba46]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [b59a2294602af046b078f812bc48748c]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, In Quarantäne, [0a45714517739f9702d77ccd4abb0ff1]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [c38c298d0d7d77bf818d37b14bb8b050]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [5cf372440f7b270f729caa3e778c04fc]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://do-search.com//favicon.ico, In Quarantäne, [aca364524b3f33031af440a86a99ea16]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{710EB415-0FEB-4072-A071-2EBF67913B6D}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [311ed3e3404a76c06ba3de0a1ae98e72]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{83500C12-F30C-4853-B3FC-855714F941F1}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [430c2f875f2b181e888614d4689bb34d]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9F24448A-79C7-4C35-9C15-B0E17ED97E93}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [98b7a90de5a550e60806df097f848b75]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [c58a75415436b482a36b10d8e221847c]
PUP.Optional.QuickSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MOZILLA\EXTENDS|appid, quick_searchff@gmail.com, In Quarantäne, [034c44720c7e9e98594c85611be8659b]
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, hxxp://www.safeshopgate.com/r?s=121000600&g=0B81BED8-0BE9-229D-B6CA-934C528A0174, In Quarantäne, [430c6d49d1b930061078413f1ce9ba46]

Registrierungsdaten: 21
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[e06f74420684a5913d4a85af24e2ac54]
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[e56a7d39b1d959dd3751ab8945c1c63a]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[1f30a90dabdfcc6a23de6bc9fe08a35d]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[1d32bbfb7e0cd1657a099c987b8bf808]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[96b9d9dd0387b77fbfc4082c21e52fd1]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[f55af8be800a0f27996843f13ec840c0]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[63ec308678121323c3c4092b5fa7a858]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[3b148a2c2a6077bfe0a821136f9734cc]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[0946486ee9a11323926fbd77ad59669a]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[74dbaa0c7317979f4340f2426c9af50b]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[56f97145b2d8999d5231dd570df920e0]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[c788e0d6ed9d53e3738e5fd5fd0931cf]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[1e31c3f3fb8f251137c7d2617b8b29d7]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[cd82d0e65a30e94d9569b77cfa0cb14f]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[62edf1c5e2a8db5b728cc76c16f0ab55]
PUP.Optional.Delta.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[b39c7343c8c2082e2c58072d0bfb16ea]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[004fe0d6b2d8b482f707f63d1ee829d7]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[84cbe2d40882ff37a55950e315f1e917]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[78d701b55832ec4a619d8ea5887ee020]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[9db274429eec58de906ebb781ee82dd3]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[bc932f87e4a6f44201fd8ea5f31321df]

Ordner: 47
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.OptimizerPro.A, C:\Users\Tobi\Documents\Optimizer Pro, In Quarantäne, [e7684e68e0aaf640e6a0b2ce41c4b050], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [a3acbef894f69d996d28596f80838b75], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [d27d5165cebc46f0e6a7d604d72c06fa], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [d27d5165cebc46f0e6a7d604d72c06fa], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pl, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\tr, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\vi, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults\preferences, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\content, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\skin, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 

Dateien: 98
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [a3ace6d04f3b30065e8ce2dcff028977], 
PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, Löschen bei Neustart, [f35c3c7a5d2d3402fe9321f651b1a15f], 
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\MiuiTab\SupTab.dll, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Löschen bei Neustart, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [80cfd2e41f6be74f350c7b40669b25db], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [bf903c7a2763b086ff9dd85fb0504ab6], 
PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchCH.dll, In Quarantäne, [4a051b9b87035bdbfde6a47e4cbab54b], 
PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchFF.dll, In Quarantäne, [e26dffb7fd8d1422dd061b0733d3c23e], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\MiuiTab\BrowserAction.dll, In Quarantäne, [cd8252648dfd88ae578c212662a0eb15], 
PUP.Optional.Giner, C:\Program Files (x86)\MiuiTab\CmdShell.exe, In Quarantäne, [92bd54620d7d75c1c106dc934db904fc], 
PUP.Optional.Giner, C:\Program Files (x86)\MiuiTab\HPNotify.exe, In Quarantäne, [c788694d800ae74fd9ee78f70105629e], 
PUP.Optional.Giner, C:\Program Files (x86)\MiuiTab\IeWatchDog.dll, In Quarantäne, [5af5c4f21971a78fab1c353a19ed768a], 
PUP.Optional.SkyTech.A, C:\Users\Tobi\AppData\Local\Temp\SupIeTemp\D17AB79826034081A81CE635E71F1C60\QQBrowserFrame.dll, In Quarantäne, [a8a7c1f50387bc7ad535a66440c2768a], 
PUP.Optional.Giner, C:\Users\Tobi\AppData\Local\Temp\SupIeTemp\D17AB79826034081A81CE635E71F1C60\XTab.exe, In Quarantäne, [97b8c3f390fa7abc10b7b4bba95d7e82], 
PUP.Optional.Giga, C:\Users\Tobias\Downloads\CPU-Z-lnstall.exe, In Quarantäne, [56f9dfd797f3a88ed5ac0e01ee189769], 
PUP.Optional.Delta.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\searchplugins\delta-homes.xml, In Quarantäne, [d27d2f878cfe91a52f3d9c7b61a3c13f], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.dat, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\instance.dat, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.exe, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.msi, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.par, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.res, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\mia.lib, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.OptimizerPro.A, C:\Users\Tobi\Documents\Optimizer Pro\CookiesException.txt, In Quarantäne, [e7684e68e0aaf640e6a0b2ce41c4b050], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\PluginUpdate.exe, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-07-07[20-35-43-372].log, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome.manifest, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\install.rdf, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\awesome.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\awesome.xul, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\index.html, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\js.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\icon.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\logo.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\luck.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\simple.css, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\style.css, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\addonmanager.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\aes.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\config.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\dialogs.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\last_tab.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\misc.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\properties.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\remoterequest.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\restoreprefs.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\settings.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome.manifest, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\install.rdf, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\skin\icon.png, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.QuickStart.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[38175f57c8c276c016102a4953b3bf41]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
mbam zweiter Durchgang:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 26.08.2015
Suchlaufzeit: 13:11
Protokolldatei: mbam2.txt
Administrator: Nein

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.26.05
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Tobias

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 532411
Abgelaufene Zeit: 19 Min., 50 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 3
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 

Dateien: 40
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Local\Temp\SupIeTemp\D17AB79826034081A81CE635E71F1C60\everything.exe, In Quarantäne, [81ec6ba2a2e9cb6b1a0fae034bb60bf5], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\config.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\everything.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\everything.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\helper.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\Patch.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SearchBase.db, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SearchBase.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SearchHand.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\ServiceEverything.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX64.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX64.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\uninst.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\update.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\bing.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\google.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\search_config.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\SFK.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\SFKEX.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\yahoo.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\bing.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\caret.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\FileListItem.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\FileListItem_bing.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\FileListItem_google.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\frame.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\frame2.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\google.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\guide.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\icon_search.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\mainpanel.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\MainPannel.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\panel_base.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\search_content_list.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\WndMask.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\yahoo.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js, Gut: (), Schlecht: (quick_searchff@gmail.com), Ersetzt,[a0cd64a97318af87e4210f8a32d3d32d]
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js, Gut: (), Schlecht: (sweetsearch@gmail.com), Ersetzt,[8edfc845c9c29c9a5cac1386d33228d8]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
JRT
JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 8 x64
Ran by Tobi on 26.08.2015 at 11:20:50,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec



~~~ FireFox

Successfully deleted the following from C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\a53njth5.default\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, ient06120);
user_pref(browser.search.searchengine.uid, TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT);
user_pref(extensions.xpiState, {\app-profile\:{\quick_searchff@gmail.com\:{\d\:\C:\\\\Users\\\\Tobi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\a53njt



~~~ Chrome


[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.08.2015 at 11:25:03,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Tobias (ATTENTION: The logged in user is not administrator) on TOBIAS on 26-08-2015 11:45:10
Running from C:\Users\Tobi\Desktop
Loaded Profiles: Tobi & Tobias (Available Profiles: UpdatusUser & Tobi & Tobias & Polina & Andere & Musik)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> LMS.exe
Failed to access process -> WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Failed to access process -> svchost.exe
Failed to access process -> HeciServer.exe
Failed to access process -> VESMgr.exe
Failed to access process -> VESMgrSub.exe
Failed to access process -> VESMgrSub.exe
Failed to access process -> dllhost.exe
Failed to access process -> SUSSoundProxy.exe
Failed to access process -> vmware-usbarbitrator64.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> btwdins.exe
Failed to access process -> RIconMan.exe
Failed to access process -> VCService.exe
Failed to access process -> VCAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
Failed to access process -> dllhost.exe
Failed to access process -> VUAgent.exe
Failed to access process -> WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-02] (Broadcom Corporation.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-14]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-11-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
URLSearchHook: [S-1-5-21-3842866729-4066958523-73093308-1002] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {9F24448A-79C7-4C35-9C15-B0E17ED97E93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {A400D7DF-CA39-4F01-8FD1-348B993DFBF5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-24] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ya9i3cr5.default
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-05-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ya9i3cr5.default\Extensions\firefox@ghostery.com.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ya9i3cr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-16]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-16]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-16]
CHR Extension: (Google Search) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Gmail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-16] (Broadcom Corporation.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-05] (Sony Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-16] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2015-04-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-05-16] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-03-15] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 11:45 - 2015-08-26 11:45 - 00018593 _____ C:\Users\Tobi\Desktop\FRST.txt
2015-08-26 11:43 - 2015-08-26 11:43 - 00001780 _____ C:\Users\Tobias\Desktop\JRT.txt
2015-08-26 11:25 - 2015-08-26 11:25 - 00001780 _____ C:\Users\Tobi\Desktop\JRT.txt
2015-08-26 11:16 - 2015-08-26 11:16 - 00005396 _____ C:\Users\Tobias\Desktop\AdwCleaner[C1].txt
2015-08-26 10:55 - 2015-08-26 11:18 - 00000000 ____D C:\AdwCleaner
2015-08-26 10:48 - 2015-08-26 10:48 - 00049926 _____ C:\Users\Tobias\Desktop\mbam.txt
2015-08-26 09:57 - 2015-08-26 09:57 - 00319377 _____ C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus.htm
2015-08-26 09:57 - 2015-08-26 09:57 - 00000000 ____D C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus-Dateien
2015-08-26 08:58 - 2015-08-26 08:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-26 08:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-26 08:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-26 08:32 - 2015-08-26 08:32 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Tobias\Desktop\JRT.exe
2015-08-26 08:31 - 2015-08-26 08:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-22 19:39 - 2015-07-13 23:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-22 19:39 - 2015-07-13 23:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-22 19:39 - 2015-07-01 15:00 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 14:58 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-22 19:39 - 2015-07-01 13:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 13:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-22 19:39 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-22 19:39 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-08-22 19:38 - 2015-07-30 15:11 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-30 15:10 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-22 19:38 - 2015-07-28 16:13 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-22 19:38 - 2015-07-28 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-22 19:38 - 2015-07-16 22:31 - 19291648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 19:38 - 2015-07-16 22:31 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-22 19:38 - 2015-07-16 21:06 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-22 19:38 - 2015-07-16 21:06 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-22 19:38 - 2015-07-09 23:46 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-22 19:38 - 2015-07-09 23:44 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-22 19:38 - 2015-07-09 22:17 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-22 19:38 - 2015-07-09 22:16 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-22 19:38 - 2015-07-06 18:16 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-22 19:38 - 2015-07-06 16:32 - 00281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-22 19:38 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-22 19:37 - 2015-07-28 00:42 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-22 19:37 - 2015-07-28 00:40 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-22 19:37 - 2015-07-28 00:40 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 01850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-22 19:37 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-22 19:37 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-22 19:37 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-22 19:37 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-22 19:37 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-22 19:37 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-22 19:37 - 2015-06-09 15:09 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-22 19:37 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-22 19:36 - 2015-07-15 18:09 - 06969688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-22 19:36 - 2015-07-15 18:09 - 00095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-22 19:36 - 2015-07-15 18:06 - 01824296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:49 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:29 - 01333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-22 19:36 - 2015-07-09 22:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-22 19:36 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-22 19:36 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-22 19:36 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-22 19:36 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-22 19:36 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-22 19:26 - 2015-08-22 19:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-08-22 12:21 - 2015-08-26 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 12:20 - 2015-08-26 08:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 12:20 - 2015-08-22 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-22 12:19 - 2015-08-22 19:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2015-08-22 12:19 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-22 12:18 - 2015-08-22 12:18 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.09.2.1008.exe
2015-08-22 11:20 - 2015-08-22 11:20 - 00000000 ____D C:\Users\Tobi\workspace
2015-08-22 11:01 - 2015-08-22 11:01 - 00000491 _____ C:\Users\Tobias\Desktop\gmer.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 11:45 - 2015-06-13 14:01 - 00000000 ____D C:\FRST
2015-08-26 11:14 - 2013-09-30 13:47 - 00000614 _____ C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2015-08-26 11:13 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 11:12 - 2014-04-10 10:50 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-26 11:12 - 2013-09-09 12:53 - 00001009 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-08-26 10:51 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2015-08-26 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-08-26 09:58 - 2012-08-03 04:22 - 00122850 _____ C:\Windows\PFRO.log
2015-08-26 08:25 - 2015-03-19 20:22 - 00443416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-26 08:20 - 2013-05-24 01:59 - 01936238 _____ C:\Windows\WindowsUpdate.log
2015-08-22 20:19 - 2013-10-20 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-22 20:18 - 2013-09-10 11:24 - 00000000 ____D C:\Windows\system32\MRT
2015-08-22 19:54 - 2013-09-09 17:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-22 19:46 - 2012-07-26 07:26 - 00000199 _____ C:\Windows\win.ini
2015-08-22 19:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-22 11:20 - 2013-09-09 12:51 - 00000000 ____D C:\Users\Tobi
2015-08-22 11:19 - 2014-12-24 17:42 - 00000000 ____D C:\eclipse
2015-08-22 10:56 - 2015-06-13 14:08 - 00060056 _____ C:\Users\Tobias\Desktop\Addition.txt
2015-08-22 10:56 - 2015-06-13 14:08 - 00022815 _____ C:\Users\Tobias\Desktop\FRST.txt
2015-08-22 10:17 - 2015-06-13 00:01 - 00000000 ____D C:\Users\Tobi\AppData\Everything
2015-08-08 04:27 - 2014-11-15 10:39 - 00793544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 04:27 - 2014-11-15 10:39 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-28 10:59 - 2013-09-10 11:24 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-12-19 18:09 - 2015-06-02 17:20 - 0000600 _____ () C:\Users\Tobias\AppData\Roaming\winscp.rnd
2014-10-15 15:23 - 2015-06-02 18:00 - 0000600 _____ () C:\Users\Tobias\AppData\Local\PUTTY.RND
2013-11-13 23:40 - 2013-11-13 23:40 - 0002762 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
2015-03-15 22:13 - 2015-03-15 22:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 17:06 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall404190.exe

Files to move or delete:
====================
C:\ProgramData\uninstall404190.exe
C:\Users\Public\Supercharger 1.1.0 Setup PC.exe


Some files in TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Tobias\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprgbgyg.dll
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Tobias\AppData\Local\Temp\ICReinstall_FileZilla_3.8.1_win32-setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
         
--- --- ---


Gruß,
Tobias

Alt 26.08.2015, 16:05   #7
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hallo,
Sorry war die letzten Tage unterwegs:
Hier die weiteren Logs:

AdwCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v5.003 - Bericht erstellt 26/08/2015 um 11:12:04
# Aktualisiert 20/08/2015 von Xplode
# Datenbank : 2015-08-20.1 [Lokal]
# Betriebssystem : Windows 8  (x64)
# Benutzername : Tobi - TOBIAS
# Gestarted von : C:\Users\Tobias\Desktop\AdwCleaner_5.003.exe
# Option : Löschen

***** [ Dienste ] *****

[-] Dienst Gelöscht : ServiceEverything

***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Program Files (x86)\WinZipper
[-] Ordner Gelöscht : C:\Program Files (x86)\miuitab
[-] Ordner Gelöscht : C:\Users\Tobi\AppData\Roaming\WinZipper

***** [ Dateien ] *****

[-] Datei Gelöscht : C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\user.js

***** [ Verknüpfungen ] *****

[-] Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Tobi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung Desinfiziert : C:\Users\Tobi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Schlüssel Gelöscht : HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel Gelöscht : HKCU\Software\Myfree Codec
[-] Schlüssel Gelöscht : HKCU\Software\OCS
[-] Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\V9
[-] Schlüssel Gelöscht : HKLM\SOFTWARE\winzipersvc
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\Myfree Codec
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\OCS
[-] Daten Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Daten Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Internetbrowser ] *****

[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.defaultenginename", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.alias", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://search.delta-homes.com/favicon.ico");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.name", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://search.delta-homes.com/web/?type=ds&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q[...]
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("browser.search.selectedEngine", "delta-homes");
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[-] [C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt

########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [5299 Bytes] ##########
         
--- --- ---

[/CODE]

mbam erster Durchgang:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 26.08.2015
Suchlaufzeit: 09:00
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.06.03.03
Rootkit-Datenbank: v2015.06.02.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Tobi

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 723667
Abgelaufene Zeit: 51 Min., 28 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 3
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1244, Löschen bei Neustart, [a3ace6d04f3b30065e8ce2dcff028977]
PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, 1856, Löschen bei Neustart, [f35c3c7a5d2d3402fe9321f651b1a15f]
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 4228, Löschen bei Neustart, [2e2160563852b77f3fe1f568e122e818]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 37
PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [a3ace6d04f3b30065e8ce2dcff028977], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, In Quarantäne, [a3ace6d04f3b30065e8ce2dcff028977], 
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [f35c3c7a5d2d3402fe9321f651b1a15f], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [96b96452b7d3330323c9fe692fd4926e], 
PUP.Optional.MultiPlug.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Native Instruments Kontakt Factory Library, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1244CC88-97DF-4694-A720-6F073845DEE2}, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, In Quarantäne, [4e01c1f5b1d993a3f1ddad61e22257a9], 
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [c68915a16822280e266402e33bc89d63], 
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [66e9b8fe9eec71c55af343b3c83b28d8], 
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [9ab5a4121377a294f9e5293f2bdaaa56], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [d37c991db5d59c9a1f0a67a3a262ba46], 
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [afa0199d8dfd61d568ba7de14cb9c739], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [b59a2294602af046b078f812bc48748c], 
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [3c13fbbbcfbb88ae8faca35d63a1d030], 
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [3b148036b4d61d19f04c01ffcd37c937], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [cf80feb8573371c54ace91a3d133f20e], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\INSTALLCORE, In Quarantäne, [0a45714517739f9702d77ccd4abb0ff1], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, [c38c298d0d7d77bf818d37b14bb8b050], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, [5cf372440f7b270f729caa3e778c04fc], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{710EB415-0FEB-4072-A071-2EBF67913B6D}, In Quarantäne, [311ed3e3404a76c06ba3de0a1ae98e72], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{83500C12-F30C-4853-B3FC-855714F941F1}, In Quarantäne, [430c2f875f2b181e888614d4689bb34d], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9F24448A-79C7-4C35-9C15-B0E17ED97E93}, In Quarantäne, [98b7a90de5a550e60806df097f848b75], 
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, [c58a75415436b482a36b10d8e221847c], 
PUP.Optional.QuickSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [034c44720c7e9e98594c85611be8659b], 
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\OPTIMIZER PRO, In Quarantäne, [430c6d49d1b930061078413f1ce9ba46], 

Registrierungswerte: 13
PUP.Optional.QuickSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|quick_searchff@gmail.com, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com, In Quarantäne, [1b34b7ff7119211591ec1cca37cc40c0]
PUP.Optional.SweetSearch.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|sweetsearch@gmail.com, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com, In Quarantäne, [ee61ccea830745f108761fc71be8ba46]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, cor, In Quarantäne, [b59a2294602af046b078f812bc48748c]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, In Quarantäne, [0a45714517739f9702d77ccd4abb0ff1]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [c38c298d0d7d77bf818d37b14bb8b050]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [5cf372440f7b270f729caa3e778c04fc]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://do-search.com//favicon.ico, In Quarantäne, [aca364524b3f33031af440a86a99ea16]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{710EB415-0FEB-4072-A071-2EBF67913B6D}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [311ed3e3404a76c06ba3de0a1ae98e72]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{83500C12-F30C-4853-B3FC-855714F941F1}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [430c2f875f2b181e888614d4689bb34d]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9F24448A-79C7-4C35-9C15-B0E17ED97E93}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [98b7a90de5a550e60806df097f848b75]
PUP.Optional.DoSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}, In Quarantäne, [c58a75415436b482a36b10d8e221847c]
PUP.Optional.QuickSearch.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MOZILLA\EXTENDS|appid, quick_searchff@gmail.com, In Quarantäne, [034c44720c7e9e98594c85611be8659b]
PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, hxxp://www.safeshopgate.com/r?s=121000600&g=0B81BED8-0BE9-229D-B6CA-934C528A0174, In Quarantäne, [430c6d49d1b930061078413f1ce9ba46]

Registrierungsdaten: 21
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[e06f74420684a5913d4a85af24e2ac54]
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[e56a7d39b1d959dd3751ab8945c1c63a]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[1f30a90dabdfcc6a23de6bc9fe08a35d]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[1d32bbfb7e0cd1657a099c987b8bf808]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[96b9d9dd0387b77fbfc4082c21e52fd1]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[f55af8be800a0f27996843f13ec840c0]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[63ec308678121323c3c4092b5fa7a858]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[3b148a2c2a6077bfe0a821136f9734cc]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[0946486ee9a11323926fbd77ad59669a]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[74dbaa0c7317979f4340f2426c9af50b]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[56f97145b2d8999d5231dd570df920e0]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[c788e0d6ed9d53e3738e5fd5fd0931cf]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[1e31c3f3fb8f251137c7d2617b8b29d7]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[cd82d0e65a30e94d9569b77cfa0cb14f]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[62edf1c5e2a8db5b728cc76c16f0ab55]
PUP.Optional.Delta.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT, Gut: (www.google.com), Schlecht: (hxxp://www.delta-homes.com/?type=hp&ts=1434146431&z=0b88b9627c9d27937d4b259g8z8c4z2g8z7q9z2c0c&from=ient06120&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT),Ersetzt,[b39c7343c8c2082e2c58072d0bfb16ea]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[004fe0d6b2d8b482f707f63d1ee829d7]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[84cbe2d40882ff37a55950e315f1e917]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[78d701b55832ec4a619d8ea5887ee020]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[9db274429eec58de906ebb781ee82dd3]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-3842866729-4066958523-73093308-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1404758087&from=cor&uid=TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT&q={searchTerms}),Ersetzt,[bc932f87e4a6f44201fd8ea5f31321df]

Ordner: 47
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.OptimizerPro.A, C:\Users\Tobi\Documents\Optimizer Pro, In Quarantäne, [e7684e68e0aaf640e6a0b2ce41c4b050], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [a3acbef894f69d996d28596f80838b75], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [d27d5165cebc46f0e6a7d604d72c06fa], 
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [d27d5165cebc46f0e6a7d604d72c06fa], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pl, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\tr, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\vi, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults\preferences, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\content, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\skin, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 

Dateien: 98
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [a3ace6d04f3b30065e8ce2dcff028977], 
PUP.Optional.XTab.A, C:\Program Files (x86)\MiuiTab\ProtectService.exe, Löschen bei Neustart, [f35c3c7a5d2d3402fe9321f651b1a15f], 
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\MiuiTab\SupTab.dll, In Quarantäne, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.LuckyTab.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Löschen bei Neustart, [2e2160563852b77f3fe1f568e122e818], 
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [80cfd2e41f6be74f350c7b40669b25db], 
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [bf903c7a2763b086ff9dd85fb0504ab6], 
PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchCH.dll, In Quarantäne, [4a051b9b87035bdbfde6a47e4cbab54b], 
PUP.Optional.Browserwatch, C:\Program Files (x86)\MiuiTab\BrowerWatchFF.dll, In Quarantäne, [e26dffb7fd8d1422dd061b0733d3c23e], 
PUP.Optional.SearchProtect, C:\Program Files (x86)\MiuiTab\BrowserAction.dll, In Quarantäne, [cd8252648dfd88ae578c212662a0eb15], 
PUP.Optional.Giner, C:\Program Files (x86)\MiuiTab\CmdShell.exe, In Quarantäne, [92bd54620d7d75c1c106dc934db904fc], 
PUP.Optional.Giner, C:\Program Files (x86)\MiuiTab\HPNotify.exe, In Quarantäne, [c788694d800ae74fd9ee78f70105629e], 
PUP.Optional.Giner, C:\Program Files (x86)\MiuiTab\IeWatchDog.dll, In Quarantäne, [5af5c4f21971a78fab1c353a19ed768a], 
PUP.Optional.SkyTech.A, C:\Users\Tobi\AppData\Local\Temp\SupIeTemp\D17AB79826034081A81CE635E71F1C60\QQBrowserFrame.dll, In Quarantäne, [a8a7c1f50387bc7ad535a66440c2768a], 
PUP.Optional.Giner, C:\Users\Tobi\AppData\Local\Temp\SupIeTemp\D17AB79826034081A81CE635E71F1C60\XTab.exe, In Quarantäne, [97b8c3f390fa7abc10b7b4bba95d7e82], 
PUP.Optional.Giga, C:\Users\Tobias\Downloads\CPU-Z-lnstall.exe, In Quarantäne, [56f9dfd797f3a88ed5ac0e01ee189769], 
PUP.Optional.Delta.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\searchplugins\delta-homes.xml, In Quarantäne, [d27d2f878cfe91a52f3d9c7b61a3c13f], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.dat, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\instance.dat, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.exe, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.msi, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.par, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\Kontakt Factory Library Setup PC.res, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.MultiPlug.Gen, C:\ProgramData\{868E5822-04F1-4FBB-98CD-DC08EB82D497}\mia.lib, In Quarantäne, [ed62882ea9e13ef8e67f99e724e1a25e], 
PUP.Optional.OptimizerPro.A, C:\Users\Tobi\Documents\Optimizer Pro\CookiesException.txt, In Quarantäne, [e7684e68e0aaf640e6a0b2ce41c4b050], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\PluginUpdate.exe, In Quarantäne, [6ee18d298dfd350191bdb70c778cc23e], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-07-07[20-35-43-372].log, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, In Quarantäne, [fb54783e9dede4525ac0b90c4eb52ad6], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome.manifest, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\install.rdf, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\awesome.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\awesome.xul, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\index.html, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\js.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\icon.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\logo.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\luck.png, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\simple.css, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\chrome\skin\style.css, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\addonmanager.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\aes.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\config.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\dialogs.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\last_tab.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\misc.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\properties.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\remoterequest.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\restoreprefs.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com\modules\settings.js, In Quarantäne, [c28d34821e6cac8a9365cf1213f09f61], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome.manifest, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\install.rdf, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.xul, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com\chrome\skin\icon.png, In Quarantäne, [aca3496da2e8e25412e7ae3338cbed13], 
PUP.Optional.QuickStart.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[38175f57c8c276c016102a4953b3bf41]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
mbam zweiter Durchgang:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 26.08.2015
Suchlaufzeit: 13:11
Protokolldatei: mbam2.txt
Administrator: Nein

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.26.05
Rootkit-Datenbank: v2015.08.16.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Tobias

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 532411
Abgelaufene Zeit: 19 Min., 50 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 3
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 

Dateien: 40
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Local\Temp\SupIeTemp\D17AB79826034081A81CE635E71F1C60\everything.exe, In Quarantäne, [81ec6ba2a2e9cb6b1a0fae034bb60bf5], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\config.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\everything.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\everything.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\helper.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\Patch.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SearchBase.db, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SearchBase.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SearchHand.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\ServiceEverything.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX64.dll, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\SFKEX64.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\uninst.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\update.exe, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\bing.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\google.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\search_config.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\SFK.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\SFKEX.ini, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\net_search\yahoo.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\bing.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\caret.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\FileListItem.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\FileListItem_bing.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\FileListItem_google.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\frame.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\frame2.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\google.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\guide.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\icon_search.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\mainpanel.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\MainPannel.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\panel_base.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\search_content_list.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\WndMask.xml, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.Everything.A, C:\Users\Tobi\AppData\Everything\skin\yahoo.png, In Quarantäne, [95d84ac35c2f7db96aa4bc67729116ea], 
PUP.Optional.QuickSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js, Gut: (), Schlecht: (quick_searchff@gmail.com), Ersetzt,[a0cd64a97318af87e4210f8a32d3d32d]
PUP.Optional.SweetSearch.A, C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\prefs.js, Gut: (), Schlecht: (sweetsearch@gmail.com), Ersetzt,[8edfc845c9c29c9a5cac1386d33228d8]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 8 x64
Ran by Tobi on 26.08.2015 at 11:20:50,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec



~~~ FireFox

Successfully deleted the following from C:\Users\Tobi\AppData\Roaming\mozilla\firefox\profiles\a53njth5.default\prefs.js

user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);
user_pref(browser.search.searchengine.ptid, ient06120);
user_pref(browser.search.searchengine.uid, TOSHIBAXMQ01ABF050_23Q9C0FLTXX23Q9C0FLT);
user_pref(extensions.xpiState, {\app-profile\:{\quick_searchff@gmail.com\:{\d\:\C:\\\\Users\\\\Tobi\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\a53njt



~~~ Chrome


[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Tobi\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.08.2015 at 11:25:03,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015
Ran by Tobias (ATTENTION: The logged in user is not administrator) on TOBIAS on 26-08-2015 11:45:10
Running from C:\Users\Tobi\Desktop
Loaded Profiles: Tobi & Tobias (Available Profiles: UpdatusUser & Tobi & Tobias & Polina & Andere & Musik)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> LMS.exe
Failed to access process -> WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
Failed to access process -> svchost.exe
Failed to access process -> HeciServer.exe
Failed to access process -> VESMgr.exe
Failed to access process -> VESMgrSub.exe
Failed to access process -> VESMgrSub.exe
Failed to access process -> dllhost.exe
Failed to access process -> SUSSoundProxy.exe
Failed to access process -> vmware-usbarbitrator64.exe
Failed to access process -> wmpnetwk.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> btwdins.exe
Failed to access process -> RIconMan.exe
Failed to access process -> VCService.exe
Failed to access process -> VCAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
Failed to access process -> dllhost.exe
Failed to access process -> VUAgent.exe
Failed to access process -> WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-02] (Broadcom Corporation.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File not found
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-14]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-11-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
URLSearchHook: [S-1-5-21-3842866729-4066958523-73093308-1002] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {9F24448A-79C7-4C35-9C15-B0E17ED97E93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {A400D7DF-CA39-4F01-8FD1-348B993DFBF5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-24] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ya9i3cr5.default
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-05-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Ghostery - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ya9i3cr5.default\Extensions\firefox@ghostery.com.xpi [2014-04-11]
FF Extension: Adblock Plus - C:\Users\Tobias\AppData\Roaming\Mozilla\Firefox\Profiles\ya9i3cr5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-11]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-16]
CHR Extension: (Google Drive) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-16]
CHR Extension: (YouTube) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-16]
CHR Extension: (Google Search) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-16]
CHR Extension: (Google Wallet) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Gmail) - C:\Users\Tobias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-16] (Broadcom Corporation.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-05] (Sony Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [23040 2012-09-20] (Microsoft Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-16] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2015-04-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-05-16] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-03-15] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 11:45 - 2015-08-26 11:45 - 00018593 _____ C:\Users\Tobi\Desktop\FRST.txt
2015-08-26 11:43 - 2015-08-26 11:43 - 00001780 _____ C:\Users\Tobias\Desktop\JRT.txt
2015-08-26 11:25 - 2015-08-26 11:25 - 00001780 _____ C:\Users\Tobi\Desktop\JRT.txt
2015-08-26 11:16 - 2015-08-26 11:16 - 00005396 _____ C:\Users\Tobias\Desktop\AdwCleaner[C1].txt
2015-08-26 10:55 - 2015-08-26 11:18 - 00000000 ____D C:\AdwCleaner
2015-08-26 10:48 - 2015-08-26 10:48 - 00049926 _____ C:\Users\Tobias\Desktop\mbam.txt
2015-08-26 09:57 - 2015-08-26 09:57 - 00319377 _____ C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus.htm
2015-08-26 09:57 - 2015-08-26 09:57 - 00000000 ____D C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus-Dateien
2015-08-26 08:58 - 2015-08-26 08:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-26 08:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-26 08:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-26 08:32 - 2015-08-26 08:32 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Tobias\Desktop\JRT.exe
2015-08-26 08:31 - 2015-08-26 08:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-22 19:39 - 2015-07-13 23:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-22 19:39 - 2015-07-13 23:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-22 19:39 - 2015-07-01 15:00 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 14:58 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-22 19:39 - 2015-07-01 13:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 13:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-22 19:39 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-22 19:39 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-08-22 19:38 - 2015-07-30 15:11 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-30 15:10 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-22 19:38 - 2015-07-28 16:13 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-22 19:38 - 2015-07-28 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-22 19:38 - 2015-07-16 22:31 - 19291648 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 19:38 - 2015-07-16 22:31 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-22 19:38 - 2015-07-16 21:06 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-22 19:38 - 2015-07-16 21:06 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-22 19:38 - 2015-07-09 23:46 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-22 19:38 - 2015-07-09 23:44 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-22 19:38 - 2015-07-09 22:17 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-22 19:38 - 2015-07-09 22:16 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-22 19:38 - 2015-07-06 18:16 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-22 19:38 - 2015-07-06 16:32 - 00281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-22 19:38 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-22 19:37 - 2015-07-28 00:42 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-22 19:37 - 2015-07-28 00:40 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-22 19:37 - 2015-07-28 00:40 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 01850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-22 19:37 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-22 19:37 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-22 19:37 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-22 19:37 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-22 19:37 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-22 19:37 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-22 19:37 - 2015-06-09 15:09 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-22 19:37 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-22 19:36 - 2015-07-15 18:09 - 06969688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-22 19:36 - 2015-07-15 18:09 - 00095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-22 19:36 - 2015-07-15 18:06 - 01824296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:49 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:29 - 01333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-22 19:36 - 2015-07-09 22:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-22 19:36 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-22 19:36 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-22 19:36 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-22 19:36 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-22 19:36 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-22 19:26 - 2015-08-22 19:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-08-22 12:21 - 2015-08-26 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 12:20 - 2015-08-26 08:58 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 12:20 - 2015-08-22 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-22 12:19 - 2015-08-22 19:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2015-08-22 12:19 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-22 12:18 - 2015-08-22 12:18 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.09.2.1008.exe
2015-08-22 11:20 - 2015-08-22 11:20 - 00000000 ____D C:\Users\Tobi\workspace
2015-08-22 11:01 - 2015-08-22 11:01 - 00000491 _____ C:\Users\Tobias\Desktop\gmer.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-26 11:45 - 2015-06-13 14:01 - 00000000 ____D C:\FRST
2015-08-26 11:14 - 2013-09-30 13:47 - 00000614 _____ C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2015-08-26 11:13 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 11:12 - 2014-04-10 10:50 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-26 11:12 - 2013-09-09 12:53 - 00001009 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-08-26 10:51 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2015-08-26 10:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-08-26 09:58 - 2012-08-03 04:22 - 00122850 _____ C:\Windows\PFRO.log
2015-08-26 08:25 - 2015-03-19 20:22 - 00443416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-26 08:20 - 2013-05-24 01:59 - 01936238 _____ C:\Windows\WindowsUpdate.log
2015-08-22 20:19 - 2013-10-20 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-22 20:18 - 2013-09-10 11:24 - 00000000 ____D C:\Windows\system32\MRT
2015-08-22 19:54 - 2013-09-09 17:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-22 19:46 - 2012-07-26 07:26 - 00000199 _____ C:\Windows\win.ini
2015-08-22 19:39 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-22 11:20 - 2013-09-09 12:51 - 00000000 ____D C:\Users\Tobi
2015-08-22 11:19 - 2014-12-24 17:42 - 00000000 ____D C:\eclipse
2015-08-22 10:56 - 2015-06-13 14:08 - 00060056 _____ C:\Users\Tobias\Desktop\Addition.txt
2015-08-22 10:56 - 2015-06-13 14:08 - 00022815 _____ C:\Users\Tobias\Desktop\FRST.txt
2015-08-22 10:17 - 2015-06-13 00:01 - 00000000 ____D C:\Users\Tobi\AppData\Everything
2015-08-08 04:27 - 2014-11-15 10:39 - 00793544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 04:27 - 2014-11-15 10:39 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-28 10:59 - 2013-09-10 11:24 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-12-19 18:09 - 2015-06-02 17:20 - 0000600 _____ () C:\Users\Tobias\AppData\Roaming\winscp.rnd
2014-10-15 15:23 - 2015-06-02 18:00 - 0000600 _____ () C:\Users\Tobias\AppData\Local\PUTTY.RND
2013-11-13 23:40 - 2013-11-13 23:40 - 0002762 _____ () C:\Users\Tobias\AppData\Local\recently-used.xbel
2015-03-15 22:13 - 2015-03-15 22:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 17:06 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall404190.exe

Files to move or delete:
====================
C:\ProgramData\uninstall404190.exe
C:\Users\Public\Supercharger 1.1.0 Setup PC.exe


Some files in TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Tobias\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprgbgyg.dll
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Tobias\AppData\Local\Temp\ICReinstall_FileZilla_3.8.1_win32-setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================
         
--- --- ---


Gruß,
Tobias

Alt 27.08.2015, 12:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



FRST bitte nochmal, unsere Tools brauchen immer Adminrechte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.08.2015, 11:57   #9
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hallo,

Ich hoffe das ist jetzt der richtige Scan:

FRST:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
durchgeführt von Tobi (Administrator) auf TOBIAS (29-08-2015 12:38:28)
Gestartet von C:\Users\Tobi\Desktop
Geladene Profile: Tobi & Tobias (Verfügbare Profile: UpdatusUser & Tobi & Tobias & Polina & Andere & Musik)
Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17280_none_6224eed751126779\TiWorker.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-02] (Broadcom Corporation.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Keine Datei
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-14]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-11-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
BootExecute: autocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {9F24448A-79C7-4C35-9C15-B0E17ED97E93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {A400D7DF-CA39-4F01-8FD1-348B993DFBF5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-24] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5C743DE8-607E-44AE-8E5C-2EEA1C23DA25}: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default
FF Homepage: www.google.de
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-05-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-02-19] (Intel)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-02-19] (Intel)
FF Extension: Kein Name - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\quick_searchff@gmail.com [nicht gefunden]
FF Extension: Kein Name - C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default\extensions\sweetsearch@gmail.com [nicht gefunden]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-16] (Broadcom Corporation.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-05] (Sony Corporation)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-16] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2015-04-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-05-16] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-03-15] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-29 12:38 - 2015-08-29 12:38 - 00000000 ____D C:\Users\Tobi\Desktop\FRST-OlderVersion
2015-08-29 12:07 - 2015-08-13 14:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-29 12:06 - 2015-08-13 13:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-29 12:06 - 2015-08-13 12:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-29 12:06 - 2015-08-13 12:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-26 17:00 - 2015-08-26 17:00 - 00006909 _____ C:\Users\Tobias\Desktop\mbam2.txt
2015-08-26 16:42 - 2015-08-26 16:42 - 00054459 _____ C:\Users\Tobi\Desktop\Addition.txt
2015-08-26 13:48 - 2015-08-26 13:48 - 00001041 _____ C:\Users\Tobi\Desktop\JRT.txt
2015-08-26 11:45 - 2015-08-29 12:38 - 00017614 _____ C:\Users\Tobi\Desktop\FRST.txt
2015-08-26 11:43 - 2015-08-26 11:43 - 00001780 _____ C:\Users\Tobias\Desktop\JRT.txt
2015-08-26 11:16 - 2015-08-26 11:16 - 00005396 _____ C:\Users\Tobias\Desktop\AdwCleaner[C1].txt
2015-08-26 10:55 - 2015-08-26 11:18 - 00000000 ____D C:\AdwCleaner
2015-08-26 10:48 - 2015-08-26 10:48 - 00049926 _____ C:\Users\Tobias\Desktop\mbam1.txt
2015-08-26 09:57 - 2015-08-26 09:57 - 00319377 _____ C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus.htm
2015-08-26 09:57 - 2015-08-26 09:57 - 00000000 ____D C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus-Dateien
2015-08-26 08:58 - 2015-08-26 08:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-26 08:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-26 08:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-26 08:32 - 2015-08-26 08:32 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Tobias\Desktop\JRT.exe
2015-08-26 08:31 - 2015-08-26 08:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-22 19:39 - 2015-07-13 23:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-22 19:39 - 2015-07-13 23:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-22 19:39 - 2015-07-01 15:00 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 14:58 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-22 19:39 - 2015-07-01 13:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 13:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-22 19:39 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-22 19:39 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-08-22 19:38 - 2015-07-30 15:11 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-30 15:10 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-22 19:38 - 2015-07-28 16:13 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-22 19:38 - 2015-07-28 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-22 19:38 - 2015-07-16 22:31 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-22 19:38 - 2015-07-16 21:06 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-22 19:38 - 2015-07-09 23:46 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-22 19:38 - 2015-07-09 23:44 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-22 19:38 - 2015-07-09 22:17 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-22 19:38 - 2015-07-09 22:16 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-22 19:38 - 2015-07-06 18:16 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-22 19:38 - 2015-07-06 16:32 - 00281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-22 19:38 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-22 19:37 - 2015-07-28 00:42 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-22 19:37 - 2015-07-28 00:40 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-22 19:37 - 2015-07-28 00:40 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 01850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-22 19:37 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-22 19:37 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-22 19:37 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-22 19:37 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-22 19:37 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-22 19:37 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-22 19:37 - 2015-06-09 15:09 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-22 19:37 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-22 19:36 - 2015-07-15 18:09 - 06969688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-22 19:36 - 2015-07-15 18:09 - 00095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-22 19:36 - 2015-07-15 18:06 - 01824296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:49 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:29 - 01333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-22 19:36 - 2015-07-09 22:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-22 19:36 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-22 19:36 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-22 19:36 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-22 19:36 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-22 19:36 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-22 19:26 - 2015-08-22 19:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-08-22 12:21 - 2015-08-26 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 12:20 - 2015-08-26 13:59 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 12:20 - 2015-08-22 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-22 12:19 - 2015-08-22 19:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2015-08-22 12:19 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-22 12:18 - 2015-08-22 12:18 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.09.2.1008.exe
2015-08-22 11:20 - 2015-08-22 11:20 - 00000000 ____D C:\Users\Tobi\workspace
2015-08-22 11:01 - 2015-08-22 11:01 - 00000491 _____ C:\Users\Tobias\Desktop\gmer.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-29 12:38 - 2015-06-13 14:01 - 00000000 ____D C:\FRST
2015-08-29 12:38 - 2015-06-13 10:41 - 02186752 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2015-08-29 12:38 - 2013-09-30 13:47 - 00000614 _____ C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2015-08-29 12:25 - 2013-05-24 01:59 - 01175095 _____ C:\Windows\WindowsUpdate.log
2015-08-29 12:06 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-29 12:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-08-29 11:33 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-29 11:23 - 2015-03-15 22:13 - 02147370 _____ C:\Windows\setupact.log
2015-08-26 13:36 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 13:35 - 2012-07-26 07:26 - 01048576 ___SH C:\Windows\system32\config\BBI
2015-08-26 11:46 - 2015-06-13 14:08 - 00037684 _____ C:\Users\Tobias\Desktop\FRST.txt
2015-08-26 11:29 - 2013-09-09 18:05 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3842866729-4066958523-73093308-1003
2015-08-26 11:12 - 2014-04-10 10:50 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-26 11:12 - 2013-09-09 12:53 - 00001009 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-08-26 10:51 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2015-08-26 09:58 - 2012-08-03 04:22 - 00122850 _____ C:\Windows\PFRO.log
2015-08-26 08:25 - 2015-03-19 20:22 - 00443416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-22 20:19 - 2013-10-20 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-22 20:18 - 2013-09-10 11:24 - 00000000 ____D C:\Windows\system32\MRT
2015-08-22 19:54 - 2013-09-09 17:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 07:26 - 00000199 _____ C:\Windows\win.ini
2015-08-22 11:20 - 2013-09-09 12:51 - 00000000 ____D C:\Users\Tobi
2015-08-22 11:19 - 2014-12-24 17:42 - 00000000 ____D C:\eclipse
2015-08-22 10:56 - 2015-06-13 14:08 - 00060056 _____ C:\Users\Tobias\Desktop\Addition.txt
2015-08-22 10:22 - 2014-01-04 15:19 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E80D6E94-9CEF-4628-8ECB-B0C8B87A83A8}
2015-08-08 04:27 - 2014-11-15 10:39 - 00793544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 04:27 - 2014-11-15 10:39 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-09-05 20:21 - 2014-09-05 20:21 - 0000600 _____ () C:\Users\Tobi\AppData\Roaming\winscp.rnd
2014-09-05 15:33 - 2015-01-22 13:01 - 0000600 _____ () C:\Users\Tobi\AppData\Local\PUTTY.RND
2015-04-17 22:23 - 2015-04-17 22:23 - 0007607 _____ () C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg
2015-03-15 22:13 - 2015-03-15 22:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 17:06 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall404190.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\uninstall404190.exe
C:\Users\Public\Supercharger 1.1.0 Setup PC.exe


Einige Dateien in TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Tobias\AppData\Local\Temp\Ableton Swapper.exe
C:\Users\Tobias\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprgbgyg.dll
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Tobias\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Tobias\AppData\Local\Temp\ICReinstall_FileZilla_3.8.1_win32-setup.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-22 11:45

==================== Ende von FRST.txt ============================
         
--- --- ---


BG,
Tobi

Alt 29.08.2015, 14:28   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Keine Datei
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.09.2015, 17:20   #11
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hallo,
Endlich bin ich wieder dazu gekommen mich um meinen Rechner zu kümmern.

Hier die Logs:
Fixlog:
Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:04-09-2015
durchgeführt von Tobi (2015-09-05 12:49:41) Run:1
Gestartet von C:\Users\Tobi\Desktop
Geladene Profile: Tobi & Tobias (Verfügbare Profile: UpdatusUser & Tobi & Tobias & Polina & Andere & Musik)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => Keine Datei
Emptytemp:
*****************

"C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Wert Daten erfolgreich entfernt.
         
ESET Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5512a04f51679c4cbc99aa0cd8cc2624
# end=init
# utc_time=2015-09-05 11:12:06
# local_time=2015-09-05 01:12:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 25616
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=5512a04f51679c4cbc99aa0cd8cc2624
# end=updated
# utc_time=2015-09-05 11:15:21
# local_time=2015-09-05 01:15:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=5512a04f51679c4cbc99aa0cd8cc2624
# engine=25616
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-05 03:40:47
# local_time=2015-09-05 05:40:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 897549 10844652 0 0
# scanned=597382
# found=4
# cleaned=0
# scan_time=15925
sh=11D5B8270EA0596976F7DC4F766A6EFA77A4D5F6 ft=1 fh=36b02d570f49b105 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobi\Downloads\Gmer-19357 - CHIP-Installer.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\cbsidlm-cbsi188-Apowersoft_Free_Audio_Recorder-BP-75959668.exe"
sh=256578163985E702590BC93D717F1B37975C6672 ft=1 fh=c71c0011c840b8e1 vn="Variante von Win32/InstallCore.LA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\FileZilla_3.8.1_win32-setup.exe"
sh=7F52FA2499E64483864DE468F3E7D0914B1031E5 ft=1 fh=7caf5b3b2f986feb vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Tobias\Downloads\Virtual CloneDrive - CHIP-Installer.exe"
         
checkup.txt

Code:
ATTFilter
 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 13  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Mozilla Firefox 38.0.5 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 SoftwareDistribution Download 5ff46bd639cd986ab17b1cf48385c718 windowsstoresetupbox.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
durchgeführt von Tobi (Administrator) auf TOBIAS (05-09-2015 18:01:32)
Gestartet von C:\Users\Tobi\Desktop
Geladene Profile: Tobi & Tobias (Verfügbare Profile: UpdatusUser & Tobi & Tobias & Polina & Andere & Musik)
Platform: Windows 8 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 10 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Windows\System32\AutoUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\5ff46bd639cd986ab17b1cf48385c718\windowsstoresetupbox.exe
(Microsoft Corporation) C:\$Windows.~BT\Sources\SetupHost.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\$Windows.~BT\Sources\mighost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-02] (Broadcom Corporation.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2013-10-14]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-11-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * 

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5C743DE8-607E-44AE-8E5C-2EEA1C23DA25}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1003\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {9F24448A-79C7-4C35-9C15-B0E17ED97E93} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1003 -> {A400D7DF-CA39-4F01-8FD1-348B993DFBF5} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-24] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default
FF Homepage: www.google.de
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-05-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-02-19] (Intel)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-02-19] (Intel)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-16] (Broadcom Corporation.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-05] (Sony Corporation)
R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-16] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2015-04-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 BTWPANFL; C:\Windows\system32\drivers\btwpanfl.sys [44912 2013-05-16] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2014-03-17] (Focusrite Audio Engineering Limited.)
S3 MADFULEGACYKEYBOARD; C:\Windows\System32\drivers\MAudioLegacyKeyboard_DFU.sys [28680 2010-02-09] (M-Audio)
S3 MAUSBLEGACYKEYBOARD; C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [196616 2010-02-09] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-09-05] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-05 17:55 - 2015-09-05 17:56 - 00852704 _____ C:\Users\Tobi\Desktop\SecurityCheck.exe
2015-09-05 13:11 - 2015-09-05 13:11 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-05 13:10 - 2015-09-05 13:10 - 02870984 _____ (ESET) C:\Users\Tobi\Desktop\esetsmartinstaller_deu.exe
2015-09-05 12:58 - 2015-09-05 12:58 - 00003124 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC
2015-09-05 12:58 - 2015-09-05 12:58 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-09-05 12:58 - 2015-09-05 12:58 - 00001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2015-09-05 12:58 - 2015-09-05 12:58 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-09-05 12:48 - 2015-09-05 12:48 - 00000072 _____ C:\Users\Tobi\Desktop\Fixlist.txt
2015-08-29 12:38 - 2015-09-05 12:49 - 00000000 ____D C:\Users\Tobi\Desktop\FRST-OlderVersion
2015-08-29 12:07 - 2015-08-13 14:34 - 19292160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-29 12:06 - 2015-08-13 13:02 - 14383616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-29 12:06 - 2015-08-13 12:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-29 12:06 - 2015-08-13 12:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-26 17:00 - 2015-08-26 17:00 - 00006909 _____ C:\Users\Tobias\Desktop\mbam2.txt
2015-08-26 16:42 - 2015-08-26 16:42 - 00054459 _____ C:\Users\Tobi\Desktop\Addition.txt
2015-08-26 13:48 - 2015-08-26 13:48 - 00001041 _____ C:\Users\Tobi\Desktop\JRT.txt
2015-08-26 11:45 - 2015-09-05 18:01 - 00018158 _____ C:\Users\Tobi\Desktop\FRST.txt
2015-08-26 11:43 - 2015-08-26 11:43 - 00001780 _____ C:\Users\Tobias\Desktop\JRT.txt
2015-08-26 11:16 - 2015-08-26 11:16 - 00005396 _____ C:\Users\Tobias\Desktop\AdwCleaner[C1].txt
2015-08-26 10:55 - 2015-08-26 11:18 - 00000000 ____D C:\AdwCleaner
2015-08-26 10:48 - 2015-08-26 10:48 - 00049926 _____ C:\Users\Tobias\Desktop\mbam1.txt
2015-08-26 09:57 - 2015-08-26 09:57 - 00319377 _____ C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus.htm
2015-08-26 09:57 - 2015-08-26 09:57 - 00000000 ____D C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus-Dateien
2015-08-26 08:58 - 2015-08-26 08:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-26 08:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-26 08:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-26 08:32 - 2015-08-26 08:32 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Tobias\Desktop\JRT.exe
2015-08-26 08:31 - 2015-08-26 08:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-22 19:39 - 2015-07-13 23:05 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-22 19:39 - 2015-07-13 23:05 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-22 19:39 - 2015-07-01 15:00 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 14:58 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-22 19:39 - 2015-07-01 13:42 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-22 19:39 - 2015-07-01 13:41 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-22 19:39 - 2015-06-27 15:46 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-22 19:39 - 2015-06-27 15:23 - 00694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\SysWOW64\locale.nls
2015-08-22 19:39 - 2015-04-30 15:44 - 00478296 _____ C:\Windows\system32\locale.nls
2015-08-22 19:38 - 2015-07-30 15:11 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-30 15:10 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-22 19:38 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-22 19:38 - 2015-07-28 16:13 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-22 19:38 - 2015-07-28 16:13 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-22 19:38 - 2015-07-28 15:12 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-22 19:38 - 2015-07-16 22:31 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-22 19:38 - 2015-07-16 21:06 - 02865664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-22 19:38 - 2015-07-09 23:46 - 05982208 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-22 19:38 - 2015-07-09 23:44 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-22 19:38 - 2015-07-09 22:17 - 05095424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-22 19:38 - 2015-07-09 22:16 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-22 19:38 - 2015-07-06 18:16 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-22 19:38 - 2015-07-06 16:32 - 00281944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-22 19:38 - 2015-06-29 15:27 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 01412608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-22 19:37 - 2015-07-29 16:45 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 01280000 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-22 19:37 - 2015-07-29 15:52 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-22 19:37 - 2015-07-28 00:42 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-22 19:37 - 2015-07-28 00:40 - 04064768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-22 19:37 - 2015-07-28 00:40 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-22 19:37 - 2015-07-16 22:32 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-22 19:37 - 2015-07-16 22:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-22 19:37 - 2015-07-16 22:30 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-22 19:37 - 2015-07-16 21:07 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 13774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-22 19:37 - 2015-07-16 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01744384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:23 - 01422336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 02340864 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-22 19:37 - 2015-07-13 23:05 - 01850880 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-22 19:37 - 2015-06-17 16:13 - 01150264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-22 19:37 - 2015-06-17 15:44 - 01567560 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:22 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:21 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-22 19:37 - 2015-06-15 17:20 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-22 19:37 - 2015-06-15 17:20 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-22 19:37 - 2015-06-15 17:19 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-22 19:37 - 2015-06-15 17:19 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-22 19:37 - 2015-06-11 22:29 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-22 19:37 - 2015-06-11 18:27 - 01024000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-22 19:37 - 2015-06-09 15:57 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-22 19:37 - 2015-06-09 15:09 - 00411133 _____ C:\Windows\system32\ApnDatabase.xml
2015-08-22 19:37 - 2015-04-21 15:53 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-08-22 19:36 - 2015-07-15 18:09 - 06969688 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-22 19:36 - 2015-07-15 18:09 - 00095064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-22 19:36 - 2015-07-15 18:06 - 01824296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:49 - 01410000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-22 19:36 - 2015-07-15 15:29 - 01333248 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-22 19:36 - 2015-07-09 23:47 - 00243712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-22 19:36 - 2015-07-09 22:18 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-22 19:36 - 2015-06-27 18:36 - 00171352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-22 19:36 - 2015-06-27 15:56 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:55 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-08-22 19:36 - 2015-06-27 15:46 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-22 19:36 - 2015-06-25 20:29 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-22 19:36 - 2015-06-25 20:27 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-22 19:36 - 2015-01-07 06:25 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-22 19:26 - 2015-08-22 19:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-08-22 12:21 - 2015-08-26 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 12:20 - 2015-08-26 13:59 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 12:20 - 2015-08-22 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-22 12:19 - 2015-08-22 19:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2015-08-22 12:19 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-22 12:18 - 2015-08-22 12:18 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.09.2.1008.exe
2015-08-22 11:20 - 2015-08-22 11:20 - 00000000 ____D C:\Users\Tobi\workspace
2015-08-22 11:01 - 2015-08-22 11:01 - 00000491 _____ C:\Users\Tobias\Desktop\gmer.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-05 18:01 - 2015-06-13 14:01 - 00000000 ____D C:\FRST
2015-09-05 18:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2015-09-05 17:59 - 2015-03-17 15:07 - 00184770 _____ C:\Windows\diagwrn.xml
2015-09-05 17:59 - 2015-03-17 15:07 - 00184770 _____ C:\Windows\diagerr.xml
2015-09-05 17:59 - 2015-03-15 22:13 - 02704485 _____ C:\Windows\setupact.log
2015-09-05 17:57 - 2015-03-17 15:16 - 00004704 _____ C:\Windows\comsetup.log
2015-09-05 17:56 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\Registration
2015-09-05 17:55 - 2013-09-09 13:28 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3842866729-4066958523-73093308-1002
2015-09-05 17:51 - 2015-05-05 21:11 - 00009333 _____ C:\Windows\system32\lvcoinst.log
2015-09-05 17:50 - 2014-11-21 23:57 - 00000000 ___HD C:\$Windows.~BT
2015-09-05 17:38 - 2013-05-24 01:59 - 01181774 _____ C:\Windows\WindowsUpdate.log
2015-09-05 17:21 - 2014-01-04 15:19 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E80D6E94-9CEF-4628-8ECB-B0C8B87A83A8}
2015-09-05 13:08 - 2013-09-30 13:47 - 00000614 _____ C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
2015-09-05 13:00 - 2013-09-09 13:13 - 00000000 ____D C:\Update
2015-09-05 13:00 - 2013-05-24 03:09 - 00000000 ____D C:\Program Files (x86)\Sony
2015-09-05 13:00 - 2013-05-24 02:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-05 12:57 - 2013-05-24 03:09 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
2015-09-05 12:57 - 2013-05-24 02:49 - 00000000 ____D C:\Program Files\Sony
2015-09-05 12:55 - 2015-03-15 22:05 - 00013792 _____ C:\Windows\system32\Drivers\semav6thermal64ro.sys
2015-09-05 12:49 - 2015-06-13 10:41 - 02188800 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2015-08-29 12:41 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2015-08-29 12:07 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2015-08-26 13:36 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 13:35 - 2012-07-26 07:26 - 01048576 ___SH C:\Windows\system32\config\BBI
2015-08-26 11:46 - 2015-06-13 14:08 - 00037684 _____ C:\Users\Tobias\Desktop\FRST.txt
2015-08-26 11:29 - 2013-09-09 18:05 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3842866729-4066958523-73093308-1003
2015-08-26 11:12 - 2014-04-10 10:50 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-26 11:12 - 2013-09-09 12:53 - 00001009 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-26 11:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2015-08-26 10:51 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2015-08-26 09:58 - 2012-08-03 04:22 - 00122850 _____ C:\Windows\PFRO.log
2015-08-26 08:25 - 2015-03-19 20:22 - 00443416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-26 08:21 - 2015-04-19 10:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-26 08:21 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-22 20:19 - 2013-10-20 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-22 20:18 - 2013-09-10 11:24 - 00000000 ____D C:\Windows\system32\MRT
2015-08-22 19:54 - 2013-09-09 17:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-22 19:46 - 2012-07-26 07:26 - 00000199 _____ C:\Windows\win.ini
2015-08-22 11:20 - 2013-09-09 12:51 - 00000000 ____D C:\Users\Tobi
2015-08-22 11:19 - 2014-12-24 17:42 - 00000000 ____D C:\eclipse
2015-08-22 10:56 - 2015-06-13 14:08 - 00060056 _____ C:\Users\Tobias\Desktop\Addition.txt
2015-08-08 04:27 - 2014-11-15 10:39 - 00793544 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 04:27 - 2014-11-15 10:39 - 00177632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-09-05 20:21 - 2014-09-05 20:21 - 0000600 _____ () C:\Users\Tobi\AppData\Roaming\winscp.rnd
2014-09-05 15:33 - 2015-01-22 13:01 - 0000600 _____ () C:\Users\Tobi\AppData\Local\PUTTY.RND
2015-04-17 22:23 - 2015-04-17 22:23 - 0007607 _____ () C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg
2015-03-15 22:13 - 2015-03-15 22:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 17:06 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall404190.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\uninstall404190.exe
C:\Users\Public\Supercharger 1.1.0 Setup PC.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-01 03:00

==================== Ende von FRST.txt ============================
         
--- --- ---


BG,
Tobi

Alt 06.09.2015, 07:09   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Java und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Tobi\Downloads\Gmer-19357 - CHIP-Installer.exe

C:\Users\Tobias\Downloads\cbsidlm-cbsi188-Apowersoft_Free_Audio_Recorder-BP-75959668.exe

C:\Users\Tobias\Downloads\FileZilla_3.8.1_win32-setup.exe

C:\Users\Tobias\Downloads\Virtual CloneDrive - CHIP-Installer.exe

Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen




Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.09.2015, 19:50   #13
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hmm,
Ich habe gerade mein Rechner neu gestartet und dann hat er selbstständig Windows 8.1 Installiert. Jetzt ist er extrem langsam und nach einer Weile kam ein Bluescreen mit "Problem aufgetreten". Ich habe ihn nochmal hochgefahren und hab nochmal mit FRST durchlaufen lassen.

Hier ist das log:

FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
durchgeführt von Tobi (Administrator) auf TOBIAS (07-09-2015 20:01:26)
Gestartet von C:\Users\Tobi\Desktop
Geladene Profile: Tobi (Verfügbare Profile: UpdatusUser & Tobi & Tobias & Polina & Andere & Musik)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe
() C:\Program Files (x86)\MATLAB\R2012a Student\bin\win32\MATLABStartupAccelerator.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-02] (Broadcom Corporation.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782008 2015-08-06] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-10-31] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156256 2013-10-31] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tobias\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
Startup: C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-11-06]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5C743DE8-607E-44AE-8E5C-2EEA1C23DA25}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.de/
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3842866729-4066958523-73093308-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu
SearchScopes: HKU\S-1-5-21-3842866729-4066958523-73093308-1002 -> {6D0975D2-CE3D-4824-8F53-B200D58C7370} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-24] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-24] (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

FireFox:
========
FF ProfilePath: C:\Users\Tobi\AppData\Roaming\Mozilla\Firefox\Profiles\a53njth5.default
FF Homepage: www.google.de
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-24] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-05-25] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-02-19] (Intel)
FF Plugin HKU\S-1-5-21-3842866729-4066958523-73093308-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-02-19] (Intel)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Tobi\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2228440 2013-05-16] (Broadcom Corporation.)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-05] (Sony Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2015-02-04] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-09-05] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-09-05] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170200 2013-05-16] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2015-04-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-09-05] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-09-05] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-09-05] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-09-05] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-07 19:58 - 2015-09-07 19:59 - 00293768 _____ C:\WINDOWS\Minidump\090715-38546-01.dmp
2015-09-07 19:58 - 2015-09-07 19:58 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-07 19:44 - 2015-09-07 19:44 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-09-07 19:35 - 2015-09-07 19:35 - 00001450 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-07 19:33 - 2015-09-07 19:33 - 00000020 ___SH C:\Users\Tobi\ntuser.ini
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-09-06 00:02 - 2015-09-06 00:02 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-09-05 23:54 - 2015-09-07 19:35 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-05 23:50 - 2015-09-05 23:50 - 00000000 ____D C:\Windows.old
2015-09-05 23:49 - 2015-09-05 23:49 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-09-05 23:49 - 2015-09-05 23:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-09-05 23:49 - 2015-09-05 23:49 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 01084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-09-05 23:49 - 2015-09-05 23:49 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-09-05 23:49 - 2015-09-05 23:49 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-09-05 23:49 - 2015-09-05 23:49 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-09-05 23:49 - 2015-09-05 23:49 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-09-05 23:49 - 2015-09-05 23:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-09-05 23:49 - 2015-09-05 23:49 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-09-05 23:49 - 2015-09-05 23:49 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-09-05 23:48 - 2015-09-05 23:48 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-09-05 23:47 - 2015-09-05 23:47 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-09-05 23:47 - 2015-09-05 23:47 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-09-05 23:47 - 2015-09-05 23:47 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-09-05 23:47 - 2015-09-05 23:47 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-09-05 23:47 - 2015-09-05 23:47 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-09-05 23:47 - 2015-09-05 23:47 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-09-05 23:47 - 2015-09-05 23:47 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-09-05 23:47 - 2015-09-05 23:47 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-09-05 23:47 - 2015-09-05 23:47 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-09-05 23:46 - 2015-09-05 23:46 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-09-05 23:46 - 2015-09-05 23:46 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-09-05 23:46 - 2015-09-05 23:46 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-09-05 23:46 - 2015-09-05 23:46 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-09-05 23:46 - 2015-09-05 23:46 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-09-05 23:46 - 2015-09-05 23:46 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-09-05 23:46 - 2015-09-05 23:46 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-09-05 23:46 - 2015-09-05 23:46 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-09-05 23:46 - 2015-09-05 23:46 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-09-05 23:46 - 2015-09-05 23:46 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-09-05 23:45 - 2015-09-05 23:45 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-05 23:45 - 2015-09-05 23:45 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-09-05 23:45 - 2015-09-05 23:45 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-09-05 23:45 - 2015-09-05 23:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-09-05 23:45 - 2015-09-05 23:45 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-09-05 23:45 - 2015-09-05 23:45 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-09-05 23:45 - 2015-09-05 23:45 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-09-05 23:45 - 2015-09-05 23:45 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-09-05 23:45 - 2015-09-05 23:45 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-09-05 23:44 - 2015-09-05 23:44 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-05 23:44 - 2015-09-05 23:44 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-05 23:44 - 2015-09-05 23:44 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-05 23:43 - 2015-09-05 23:43 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-05 23:43 - 2015-09-05 23:43 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-05 23:43 - 2015-09-05 23:43 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-05 23:43 - 2015-09-05 23:43 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-05 23:43 - 2015-09-05 23:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-09-05 23:42 - 2015-09-05 23:42 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-09-05 23:42 - 2015-09-05 23:42 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-05 23:42 - 2015-09-05 23:42 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-09-05 23:41 - 2015-09-07 19:35 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-09-05 23:41 - 2015-09-05 23:41 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-09-05 23:41 - 2015-09-05 23:41 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-09-05 23:41 - 2015-09-05 23:41 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-09-05 23:40 - 2015-09-05 23:40 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-09-05 23:40 - 2015-09-05 23:40 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-09-05 23:40 - 2015-09-05 23:40 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-09-05 23:40 - 2015-09-05 23:40 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-09-05 23:40 - 2015-09-05 23:40 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-09-05 23:39 - 2015-09-05 23:39 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-09-05 23:39 - 2015-09-05 23:39 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-09-05 23:39 - 2015-09-05 23:39 - 00239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-09-05 23:39 - 2015-09-05 23:39 - 00154432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-09-05 23:39 - 2015-09-05 23:39 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-09-05 23:39 - 2015-09-05 23:39 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-09-05 23:39 - 2015-09-05 23:39 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-09-05 23:38 - 2015-09-05 23:38 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-09-05 23:38 - 2015-09-05 23:38 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-09-05 23:38 - 2015-09-05 23:38 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-09-05 23:38 - 2015-09-05 23:38 - 00987848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-09-05 23:38 - 2015-09-05 23:38 - 00690016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2015-09-05 23:38 - 2015-09-05 23:38 - 00484552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2015-09-05 23:38 - 2015-09-05 23:38 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-09-05 23:37 - 2015-09-05 23:37 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-05 23:37 - 2015-09-05 23:37 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-05 23:37 - 2015-09-05 23:37 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-05 23:37 - 2015-09-05 23:37 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-05 23:37 - 2015-09-05 23:37 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-05 23:37 - 2015-09-05 23:37 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-09-05 23:37 - 2015-09-05 23:37 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-05 23:37 - 2015-09-05 23:37 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-09-05 23:37 - 2015-09-05 23:37 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-09-05 23:36 - 2015-09-05 23:36 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-09-05 23:36 - 2015-09-05 23:36 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-09-05 23:36 - 2015-09-05 23:36 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-09-05 23:35 - 2015-09-05 23:35 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00561928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-09-05 23:35 - 2015-09-05 23:35 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-09-05 23:35 - 2015-09-05 23:35 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00325464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-05 23:35 - 2015-09-05 23:35 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-09-05 23:35 - 2015-09-05 23:35 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-09-05 23:35 - 2015-09-05 23:35 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-09-05 23:35 - 2015-09-05 23:35 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-09-05 23:35 - 2015-09-05 23:35 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-09-05 23:34 - 2015-09-05 23:34 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-09-05 23:34 - 2015-09-05 23:34 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-09-05 23:34 - 2015-09-05 23:34 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-09-05 23:34 - 2015-09-05 23:34 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-09-05 23:33 - 2015-09-05 23:33 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-09-05 23:33 - 2015-09-05 23:33 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-09-05 23:33 - 2015-09-05 23:33 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-09-05 23:33 - 2015-09-05 23:33 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-09-05 23:33 - 2015-09-05 23:33 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-09-05 23:33 - 2015-09-05 23:33 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-09-05 23:33 - 2015-09-05 23:33 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-09-05 23:33 - 2015-09-05 23:33 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-09-05 23:33 - 2015-09-05 23:33 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-09-05 23:33 - 2015-09-05 23:33 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-09-05 23:33 - 2015-09-05 23:33 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-05 23:32 - 2015-09-05 23:32 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-09-05 23:32 - 2015-09-05 23:32 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-09-05 23:32 - 2015-09-05 23:32 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-09-05 23:32 - 2015-09-05 23:32 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-09-05 23:32 - 2015-09-05 23:32 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-09-05 23:32 - 2015-09-05 23:32 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-09-05 23:31 - 2015-09-05 23:31 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-09-05 23:31 - 2015-09-05 23:31 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-09-05 23:29 - 2015-09-05 23:29 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-09-05 23:29 - 2015-09-05 23:29 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00467776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-09-05 23:29 - 2015-09-05 23:29 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-05 23:29 - 2015-09-05 23:29 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-05 23:29 - 2015-09-05 23:29 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-09-05 23:29 - 2015-09-05 23:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-09-05 23:27 - 2015-09-05 23:27 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-05 23:27 - 2015-09-05 23:27 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-05 23:27 - 2015-09-05 23:27 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-09-05 23:27 - 2015-09-05 23:27 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-09-05 23:27 - 2015-09-05 23:27 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-09-05 23:27 - 2015-09-05 23:27 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-09-05 23:26 - 2015-09-05 23:26 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-09-05 23:26 - 2015-09-05 23:26 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-09-05 23:26 - 2015-09-05 23:26 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-09-05 23:26 - 2015-09-05 23:26 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-09-05 23:26 - 2015-09-05 23:26 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-05 23:25 - 2015-09-05 23:25 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-05 23:25 - 2015-09-05 23:25 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-05 23:25 - 2015-09-05 23:25 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-09-05 23:25 - 2015-09-05 23:25 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-09-05 23:25 - 2015-09-05 23:25 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-09-05 23:25 - 2015-09-05 23:25 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-09-05 23:25 - 2015-09-05 23:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-09-05 23:25 - 2015-09-05 23:25 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-09-05 23:23 - 2015-09-05 23:23 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-09-05 23:23 - 2015-09-05 23:23 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-09-05 23:22 - 2015-09-05 23:22 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-09-05 23:20 - 2015-09-05 23:20 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\Program Files\MSBuild
2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-09-05 23:16 - 2013-08-03 06:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-09-05 23:16 - 2013-08-03 06:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-09-05 23:16 - 2013-08-03 06:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-09-05 23:16 - 2013-08-03 06:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-09-05 23:15 - 2015-09-07 19:33 - 00000000 ____D C:\Users\Tobi
2015-09-05 23:15 - 2015-09-06 00:03 - 00076203 _____ C:\WINDOWS\diagwrn.xml
2015-09-05 23:15 - 2015-09-06 00:03 - 00076203 _____ C:\WINDOWS\diagerr.xml
2015-09-05 23:15 - 2015-09-05 23:58 - 00000000 ____D C:\Users\Polina
2015-09-05 23:15 - 2015-09-05 23:58 - 00000000 ____D C:\Users\Andere
2015-09-05 23:15 - 2015-09-05 23:57 - 00000000 ____D C:\Users\Musik
2015-09-05 23:15 - 2015-09-05 23:55 - 00000000 ____D C:\Users\Tobias
2015-09-05 23:15 - 2015-09-05 23:47 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:15 - 2015-09-05 23:47 - 00000000 ___RD C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:15 - 2015-09-05 23:47 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:15 - 2015-09-05 23:47 - 00000000 ___RD C:\Users\Polina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:15 - 2015-09-05 23:47 - 00000000 ___RD C:\Users\Musik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:15 - 2015-09-05 23:47 - 00000000 ___RD C:\Users\Andere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:15 - 2015-09-05 23:19 - 00000000 ___RD C:\Users\Polina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:15 - 2015-09-05 23:19 - 00000000 ___RD C:\Users\Musik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:15 - 2015-09-05 23:19 - 00000000 ___RD C:\Users\Musik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 23:15 - 2015-09-05 23:19 - 00000000 ___RD C:\Users\Andere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:15 - 2015-09-05 23:19 - 00000000 ___RD C:\Users\Andere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 23:15 - 2015-09-05 23:18 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:15 - 2015-09-05 23:18 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:15 - 2015-09-05 23:17 - 00000000 ___RD C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:15 - 2015-09-05 23:15 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-09-05 23:15 - 2015-09-05 23:15 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Vorlagen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Lokale Einstellungen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Eigene Dateien
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\UpdatusUser\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Vorlagen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Startmenü
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Netzwerkumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Lokale Einstellungen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Eigene Dateien
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Druckumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Documents\Eigene Musik
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Documents\Eigene Bilder
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\AppData\Local\Verlauf
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\AppData\Local\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobias\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Vorlagen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Startmenü
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Netzwerkumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Lokale Einstellungen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Eigene Dateien
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Druckumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Musik
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Documents\Eigene Bilder
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Verlauf
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\AppData\Local\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Tobi\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Vorlagen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Startmenü
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Netzwerkumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Lokale Einstellungen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Eigene Dateien
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Druckumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Documents\Eigene Musik
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Documents\Eigene Bilder
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\AppData\Local\Verlauf
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\AppData\Local\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Polina\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Vorlagen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Startmenü
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Netzwerkumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Lokale Einstellungen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Eigene Dateien
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Druckumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Documents\Eigene Musik
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Documents\Eigene Bilder
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\AppData\Local\Verlauf
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\AppData\Local\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Musik\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Vorlagen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Startmenü
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Netzwerkumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Lokale Einstellungen
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Eigene Dateien
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Druckumgebung
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Documents\Eigene Musik
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Documents\Eigene Bilder
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\AppData\Local\Verlauf
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\AppData\Local\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:15 - 00000000 _SHDL C:\Users\Andere\Anwendungsdaten
2015-09-05 23:15 - 2015-09-05 23:07 - 00000000 ____D C:\Recovery
2015-09-05 23:15 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 23:15 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 23:15 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 23:15 - 2014-11-21 12:52 - 00000000 ___RD C:\Users\Polina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Polina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Polina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Musik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Musik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Andere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-09-05 23:15 - 2014-11-21 05:42 - 00000369 _____ C:\Users\Andere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-09-05 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Polina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Musik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 23:15 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Andere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-05 23:01 - 2015-09-05 23:01 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-09-05 23:01 - 2015-09-05 23:01 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-09-05 23:01 - 2015-09-05 23:01 - 00000000 ____D C:\Program Files\Realtek
2015-09-05 23:00 - 2015-09-07 19:59 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-09-05 23:00 - 2015-09-07 19:59 - 00000000 ____D C:\WINDOWS\system32\NV
2015-09-05 23:00 - 2015-09-07 19:48 - 00300796 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-05 23:00 - 2015-09-05 23:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-05 23:00 - 2015-09-05 23:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-09-05 23:00 - 2013-10-29 01:39 - 06610720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-09-05 23:00 - 2013-10-29 01:39 - 03477280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-09-05 23:00 - 2013-10-29 01:38 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-09-05 23:00 - 2013-10-29 01:38 - 01042720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-09-05 23:00 - 2013-10-29 01:38 - 00920864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-09-05 23:00 - 2013-10-29 01:38 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-09-05 23:00 - 2013-10-29 01:38 - 00067072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-09-05 23:00 - 2013-10-29 01:38 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-09-05 23:00 - 2013-10-25 13:44 - 03435888 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-09-05 22:59 - 2015-09-05 23:32 - 00000000 ____D C:\ProgramData\Synaptics
2015-09-05 22:59 - 2015-09-05 23:32 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-09-05 22:59 - 2015-09-05 23:31 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-09-05 22:59 - 2015-09-05 22:59 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2015-09-05 22:59 - 2015-09-05 22:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-09-05 22:59 - 2015-09-05 22:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-09-05 22:59 - 2015-09-05 22:59 - 00000000 ____D C:\Program Files\Synaptics
2015-09-05 21:01 - 2015-09-05 21:02 - 00001594 _____ C:\WINDOWS\VPNUnInstall.MIF
2015-09-05 20:54 - 2015-09-05 20:54 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Avira
2015-09-05 20:46 - 2015-08-06 20:58 - 00148632 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-09-05 20:46 - 2015-08-06 20:58 - 00137288 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-09-05 20:46 - 2015-08-06 20:58 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-09-05 20:46 - 2015-08-06 20:58 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-09-05 20:42 - 2015-09-05 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-05 20:42 - 2015-09-05 20:46 - 00000000 ____D C:\ProgramData\Avira
2015-09-05 20:42 - 2015-09-05 20:46 - 00000000 ____D C:\Program Files (x86)\Avira
2015-09-05 20:42 - 2015-09-05 20:42 - 00001210 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-09-05 17:55 - 2015-09-05 17:56 - 00852704 _____ C:\Users\Tobi\Desktop\SecurityCheck.exe
2015-09-05 13:11 - 2015-09-05 13:11 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-05 12:58 - 2015-09-05 23:40 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-09-05 12:58 - 2015-09-05 12:58 - 00003124 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC
2015-09-05 12:58 - 2015-09-05 12:58 - 00002044 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-09-05 12:58 - 2015-09-05 12:58 - 00001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2015-09-05 12:48 - 2015-09-05 12:48 - 00000072 _____ C:\Users\Tobi\Desktop\Fixlist.txt
2015-08-29 12:38 - 2015-09-07 20:01 - 00000000 ____D C:\Users\Tobi\Desktop\FRST-OlderVersion
2015-08-26 17:00 - 2015-08-26 17:00 - 00006909 _____ C:\Users\Tobias\Desktop\mbam2.txt
2015-08-26 16:42 - 2015-08-26 16:42 - 00054459 _____ C:\Users\Tobi\Desktop\Addition.txt
2015-08-26 13:48 - 2015-08-26 13:48 - 00001041 _____ C:\Users\Tobi\Desktop\JRT.txt
2015-08-26 11:45 - 2015-09-07 20:01 - 00016692 _____ C:\Users\Tobi\Desktop\FRST.txt
2015-08-26 11:43 - 2015-08-26 11:43 - 00001780 _____ C:\Users\Tobias\Desktop\JRT.txt
2015-08-26 11:16 - 2015-08-26 11:16 - 00005396 _____ C:\Users\Tobias\Desktop\AdwCleaner[C1].txt
2015-08-26 10:55 - 2015-08-26 11:18 - 00000000 ____D C:\AdwCleaner
2015-08-26 10:48 - 2015-08-26 10:48 - 00049926 _____ C:\Users\Tobias\Desktop\mbam1.txt
2015-08-26 09:57 - 2015-08-26 09:57 - 00319377 _____ C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus.htm
2015-08-26 09:57 - 2015-08-26 09:57 - 00000000 ____D C:\Users\Tobias\Desktop\Windows 8  DirektPay Trojaner; nur abgesichter Modus-Dateien
2015-08-26 08:58 - 2015-08-26 08:58 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-08-26 08:58 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-26 08:58 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-26 08:32 - 2015-08-26 08:32 - 01798576 _____ (Malwarebytes Corporation) C:\Users\Tobias\Desktop\JRT.exe
2015-08-26 08:31 - 2015-08-26 08:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tobias\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-22 19:38 - 2015-07-28 18:25 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-22 19:26 - 2015-08-22 19:26 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tobias\Desktop\tdsskiller.exe
2015-08-22 12:21 - 2015-08-26 08:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-22 12:20 - 2015-08-26 13:59 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-22 12:20 - 2015-08-22 19:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-22 12:19 - 2015-08-22 19:37 - 00000000 ____D C:\Users\Tobias\Desktop\mbar
2015-08-22 12:19 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-22 12:18 - 2015-08-22 12:18 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Tobias\Desktop\mbar-1.09.2.1008.exe
2015-08-22 11:20 - 2015-08-22 11:20 - 00000000 ____D C:\Users\Tobi\workspace
2015-08-22 11:01 - 2015-08-22 11:01 - 00000491 _____ C:\Users\Tobias\Desktop\gmer.log

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-07 20:01 - 2015-06-13 14:01 - 00000000 ____D C:\FRST
2015-09-07 20:01 - 2015-06-13 10:41 - 02190336 _____ (Farbar) C:\Users\Tobi\Desktop\FRST64.exe
2015-09-07 20:01 - 2013-09-30 13:47 - 00000614 _____ C:\WINDOWS\Tasks\MATLAB R2012a Startup Accelerator.job
2015-09-07 19:59 - 2013-08-22 16:46 - 00480758 _____ C:\WINDOWS\setupact.log
2015-09-07 19:59 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-07 19:58 - 2015-05-22 17:24 - 437144112 _____ C:\WINDOWS\MEMORY.DMP
2015-09-07 19:49 - 2014-11-02 04:02 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-09-07 19:49 - 2013-08-22 15:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-09-07 19:48 - 2014-11-21 05:35 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-07 19:48 - 2014-11-21 04:45 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-09-07 19:48 - 2014-11-21 04:45 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-09-07 19:43 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-07 19:42 - 2013-09-09 13:28 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3842866729-4066958523-73093308-1002
2015-09-07 19:38 - 2013-09-09 12:51 - 00000000 ____D C:\Users\Tobi\AppData\Local\Packages
2015-09-07 18:00 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-06 00:06 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-06 00:04 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows NT
2015-09-06 00:04 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-09-06 00:03 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Registration
2015-09-06 00:02 - 2015-03-17 15:16 - 00011239 _____ C:\WINDOWS\comsetup.log
2015-09-05 23:59 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-09-05 23:59 - 2013-08-22 17:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-09-05 23:50 - 2013-08-22 17:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-09-05 23:50 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-09-05 23:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-09-05 23:49 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-09-05 23:47 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:47 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:44 - 2013-08-22 16:44 - 00495592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-05 23:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-09-05 23:41 - 2014-11-21 05:27 - 02473472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-09-05 23:41 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-09-05 23:40 - 2015-06-08 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-09-05 23:40 - 2015-05-25 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-09-05 23:40 - 2015-05-25 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-05 23:40 - 2015-05-25 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-05 23:40 - 2015-05-17 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mein CEWE FOTOBUCH
2015-09-05 23:40 - 2015-05-05 21:11 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-09-05 23:40 - 2015-04-26 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-09-05 23:40 - 2015-04-26 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2015-09-05 23:40 - 2015-04-17 22:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2015-09-05 23:40 - 2015-02-19 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-09-05 23:40 - 2014-11-21 05:13 - 00000000 ____D C:\WINDOWS\ShellNew
2015-09-05 23:40 - 2014-09-05 18:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-09-05 23:40 - 2014-08-16 13:59 - 00000000 ____D C:\ProgramData\regid.2003-04.com.caphyon
2015-09-05 23:40 - 2014-08-16 11:27 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TDM-GCC-64
2015-09-05 23:40 - 2014-08-16 11:21 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jack
2015-09-05 23:40 - 2014-04-18 17:20 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-09-05 23:40 - 2014-04-03 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-09-05 23:40 - 2013-12-19 03:14 - 00000000 ____D C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-09-05 23:40 - 2013-10-20 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-05 23:40 - 2013-09-30 14:44 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-05 23:40 - 2013-09-13 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-09-05 23:40 - 2013-09-11 18:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
2015-09-05 23:40 - 2013-09-09 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-09-05 23:40 - 2013-09-09 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2015-09-05 23:40 - 2013-09-09 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXnicCenter
2015-09-05 23:40 - 2013-09-09 12:52 - 00000000 ____D C:\WINDOWS\SysWOW64\VAIO Startup Setting Tool
2015-09-05 23:40 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-09-05 23:40 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-05 23:40 - 2013-05-24 03:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-05 23:40 - 2013-05-24 03:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2015-09-05 23:40 - 2013-05-24 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(R) center
2015-09-05 23:36 - 2013-08-22 17:37 - 00005217 _____ C:\WINDOWS\DtcInstall.log
2015-09-05 23:36 - 2012-07-26 07:37 - 00000000 ____D C:\Users\Default.migrated
2015-09-05 23:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-09-05 23:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-09-05 23:34 - 2014-11-21 04:45 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-09-05 23:34 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-09-05 23:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-09-05 23:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-05 23:34 - 2013-05-24 02:58 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-09-05 23:33 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:33 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-05 23:33 - 2013-08-22 17:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-05 23:33 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-05 23:33 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-05 23:32 - 2015-05-25 22:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main
2015-09-05 23:32 - 2015-03-14 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2015-09-05 23:32 - 2015-02-10 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2015-09-05 23:32 - 2014-12-18 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-09-05 23:32 - 2014-01-12 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
2015-09-05 23:32 - 2013-12-19 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-09-05 23:32 - 2013-09-30 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2015-09-05 23:32 - 2013-08-22 17:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-09-05 23:32 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-09-05 23:32 - 2013-08-22 17:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-09-05 23:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Resources
2015-09-05 23:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\IME
2015-09-05 23:32 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Help
2015-09-05 23:32 - 2012-08-03 04:25 - 00000000 ____D C:\ProgramData\PRICache
2015-09-05 23:31 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-05 23:26 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-05 23:25 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-05 23:23 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-09-05 23:20 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-09-05 23:19 - 2014-12-23 08:02 - 00000000 ____D C:\Users\Musik\AppData\Local\Packages
2015-09-05 23:19 - 2013-10-21 09:47 - 00000000 ____D C:\Users\Andere\AppData\Local\Packages
2015-09-05 23:19 - 2013-09-09 20:21 - 00000000 ____D C:\Users\Polina\AppData\Local\Packages
2015-09-05 23:18 - 2015-04-17 22:46 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Packages
2015-09-05 23:17 - 2013-09-09 17:58 - 00000000 ____D C:\Users\Tobias\AppData\Local\Packages
2015-09-05 23:01 - 2013-08-22 16:46 - 00000084 _____ C:\WINDOWS\setuperr.log
2015-09-05 22:56 - 2014-11-20 20:24 - 00004712 _____ C:\WINDOWS\PFRO.log
2015-09-05 21:57 - 2013-05-24 01:59 - 01539754 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-09-05 20:59 - 2015-05-21 15:44 - 00000000 ____D C:\Users\Tobias\AppData\Roaming\elsterformular
2015-09-05 20:59 - 2015-05-21 15:38 - 00000000 ____D C:\ProgramData\elsterformular
2015-09-05 20:42 - 2013-05-24 02:44 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-05 18:25 - 2015-05-05 21:11 - 00009929 _____ C:\WINDOWS\system32\lvcoinst.log
2015-09-05 18:25 - 2014-11-21 23:57 - 00000000 ___HD C:\$Windows.~BT
2015-09-05 17:45 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-09-05 17:21 - 2014-01-04 15:19 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E80D6E94-9CEF-4628-8ECB-B0C8B87A83A8}
2015-09-05 13:00 - 2013-09-09 13:13 - 00000000 ____D C:\Update
2015-09-05 13:00 - 2013-05-24 03:09 - 00000000 ____D C:\Program Files (x86)\Sony
2015-09-05 13:00 - 2013-05-24 02:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-05 12:57 - 2013-05-24 03:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Sony Corporation
2015-09-05 12:57 - 2013-05-24 02:49 - 00000000 ____D C:\Program Files\Sony
2015-09-05 12:55 - 2015-03-15 22:05 - 00013792 _____ C:\WINDOWS\system32\Drivers\semav6thermal64ro.sys
2015-08-29 12:07 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-26 11:46 - 2015-06-13 14:08 - 00037684 _____ C:\Users\Tobias\Desktop\FRST.txt
2015-08-26 11:29 - 2013-09-09 18:05 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3842866729-4066958523-73093308-1003
2015-08-26 11:12 - 2014-04-10 10:50 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-26 08:23 - 2013-10-20 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-22 20:18 - 2013-09-10 11:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-22 19:54 - 2013-09-09 17:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-22 19:46 - 2012-07-26 07:26 - 00000199 _____ C:\WINDOWS\win.ini
2015-08-22 11:19 - 2014-12-24 17:42 - 00000000 ____D C:\eclipse
2015-08-22 10:56 - 2015-06-13 14:08 - 00060056 _____ C:\Users\Tobias\Desktop\Addition.txt

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-09-05 20:21 - 2014-09-05 20:21 - 0000600 _____ () C:\Users\Tobi\AppData\Roaming\winscp.rnd
2014-09-05 15:33 - 2015-01-22 13:01 - 0000600 _____ () C:\Users\Tobi\AppData\Local\PUTTY.RND
2015-04-17 22:23 - 2015-04-17 22:23 - 0007607 _____ () C:\Users\Tobi\AppData\Local\Resmon.ResmonCfg
2015-09-05 23:01 - 2015-09-05 23:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-18 17:06 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall404190.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\uninstall404190.exe
C:\Users\Public\Supercharger 1.1.0 Setup PC.exe


Einige Dateien in TEMP:
====================
C:\Users\Tobi\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-05 22:56

==================== Ende von FRST.txt ============================
         
--- --- ---

Alt 08.09.2015, 17:46   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Lade Dir bitte Bluescreenview und installiere es:
BlueScreenView - Download - Filepony

Öffnen und den aktuellsten Dump analysieren lassen (macht das Tool automatisch).
Output hier posten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.09.2015, 18:32   #15
TobiB
 
Windows 8: DirektPay Trojaner; nur abgesichter Modus - Standard

Windows 8: DirektPay Trojaner; nur abgesichter Modus



Hallo,
Es gibt 2 Dump Files:

Code:
ATTFilter
==================================================
Dump File         : 091015-57953-01.dmp
Crash Time        : 07.09.2015 22:28:51
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1       : fffff6fc`00c500d8
Parameter 2       : ffffffff`c000000e
Parameter 3       : 00000000`1f793860
Parameter 4       : fffff801`8a01b000
Caused By Driver  : spaceport.sys
Caused By Address : spaceport.sys+3000
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14f9a0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\091015-57953-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 299.624
Dump File Time    : 10.09.2015 19:17:42
==================================================
         
Code:
ATTFilter
==================================================
Dump File         : 090715-38546-01.dmp
Crash Time        : 07.09.2015 19:52:50
Bug Check String  : CRITICAL_PROCESS_DIED
Bug Check Code    : 0x000000ef
Parameter 1       : ffffe001`a5fa18c0
Parameter 2       : 00000000`00000000
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14f9a0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14f9a0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\090715-38546-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 293.768
Dump File Time    : 07.09.2015 19:59:37
==================================================
         
Beste Grüße,
Tobi

Antwort

Themen zu Windows 8: DirektPay Trojaner; nur abgesichter Modus
administrator, adobe, adware, browser, cpu, defender, device driver, entfernen, explorer, homepage, iexplore.exe, mozilla, musik, newtab, problem, realtek, registry, security, services.exe, software, spark, svchost.exe, system, temp, trojaner, udp, virtualbox, windows, winlogon.exe, xperia




Ähnliche Themen: Windows 8: DirektPay Trojaner; nur abgesichter Modus


  1. Windows funktioniert nur noch im Abgesicherten Modus mit Netzwerkeingabe. Im normalen Modus hängt er sich nach ein par Minuten auf.
    Log-Analyse und Auswertung - 25.10.2014 (9)
  2. Trojaner Interpol mit Sperrbildschirm - Abgesichter Modus nicht möglich
    Log-Analyse und Auswertung - 25.10.2013 (13)
  3. GVU Trojaner Windows 7, kein Abgesicherter Modus
    Log-Analyse und Auswertung - 03.09.2013 (19)
  4. GZV Trojaner - abgesichter Modus startet nicht - Schritt 1 bis 4 erledigt
    Log-Analyse und Auswertung - 03.09.2013 (7)
  5. GUV Trojaner - kein abgesichter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (33)
  6. GVU Trojaner Abgesichter Modus funktioniert nicht! FRST Scan durchgeführt.
    Log-Analyse und Auswertung - 15.07.2013 (5)
  7. W7 Home Premium. Weisser Bildschirm, nur abgesichter Modus mit Eingabeaufforderung moeglich
    Plagegeister aller Art und deren Bekämpfung - 29.05.2013 (9)
  8. GVU Trojaner / abgesichter Modus blockiert
    Log-Analyse und Auswertung - 14.05.2013 (2)
  9. GVU-Trojaner, Mai 2013, Administratorzugang eingefroren, abgesichter Modus funktioniert noch
    Log-Analyse und Auswertung - 06.05.2013 (15)
  10. GVU trojaner eingefangen, kein abgesichter Modus moeglich. OTLlog auswerten
    Log-Analyse und Auswertung - 24.02.2013 (4)
  11. Und noch ein GVU Trojaner! Abgesichter Modus nicht verfügbar
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (1)
  12. GVU Trojaner in Windows 7 - auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (18)
  13. GVU-Trojaner auch im abgesicherten Modus - Windows XP
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (8)
  14. Bluescreen nach Kaspersky Rescue Scan (10h) -> normal und abgesichter Modus
    Diskussionsforum - 05.08.2012 (9)
  15. Windows Verschlüsselungs-Trojaner...kein Systemzugriff...kein abgesichter Modus
    Log-Analyse und Auswertung - 05.07.2012 (7)
  16. Rechner ist sehr langsam und Abgesichter MOdus geht nicht
    Log-Analyse und Auswertung - 21.12.2007 (6)
  17. Abgesichter Modus
    Alles rund um Windows - 15.12.2007 (5)

Zum Thema Windows 8: DirektPay Trojaner; nur abgesichter Modus - Hallo Liebes Trojaner-Board Team, Ich habe mir einen DirektPay Trojaner eingefangen. Es werden ganz viele Programme gestartet und windows läuft nicht mehr richtig. Alle Scans wurden daher imabgesicherten Modus erstellt. - Windows 8: DirektPay Trojaner; nur abgesichter Modus...
Archiv
Du betrachtest: Windows 8: DirektPay Trojaner; nur abgesichter Modus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.