| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.12.2015, 16:10
| #1 |
 |  Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 Hallo, ich bekam seit dem 26.11.15 wiederkehrende Warnungen von Antivir vor „TR/FireHooker.1825“. Der Klick auf "Entfernen" bleib stets ohne Resultat. Die Warnung kam immer wieder. Auf Recherche im Internet hin (allerdings bevor ich mich in diesem Forum angemeldet habe), habe ich Malwarebytes' Anti Malware runtergeladen. Auch von diesem Programm bekam ich wieder kehrende Warnungen. Die Verschiebung von den angezeigten verdächtigen Programmen oder Dateien in "Quarantäne" hat auch nichts bewirkt. Die Logs von beiden Programmen füge ich bei. Habe mich auch ansonsten an sämtliche Schritte, die vor der Erstellung eines neuen Themas hier nötig sind, gehalten. Seit einer Stunde kann ich keine Internet-Verbindung mehr herstellen. Egal mit welchem Netz. Die Windows Netzwerkdiagnose sagt mir, dass evtl. ein Problem mit dem Treiber für den Adapter Drahtlosnetzwerkverbindung vorliegt. Wenn ich die Reparaturen als Administrator durchführe,werde ich an Windows-Hilfe und Support verwiesen. Gleichzeitig werde ich seit heute immer wieder zu einem Neustart aufgefordert, befürchte aber, dass der Trojaner irgendwas runtergeladen hat und will deshalb nicht Neustarten. Da mir von Antivir folgendes angezeigt wurde: "In der Datei 'C:\Windows\SysWOW64\nsisvc32.dll' wurde ein Virus oder unerwünschtes Programm 'TR/FireHooker.1825' [trojan] gefunden." habe ich versucht, die Datei manuell zu löschen, was anscheinend auch nichts gebracht hat. Das Log von Addition Frst Das Log von Addition Frst [CODE]Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:09-12-2015 durchgeführt von Tam (2015-12-10 12:01:48) Gestartet von C:\Users\Tam\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-10-25 16:23:56) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-1123646390-3674192649-2891681912-500 - Administrator - Disabled) Gast (S-1-5-21-1123646390-3674192649-2891681912-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1123646390-3674192649-2891681912-1003 - Limited - Enabled) Tam (S-1-5-21-1123646390-3674192649-2891681912-1001 - Administrator - Enabled) => C:\Users\Tam ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation) ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - ) ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft) ATI Catalyst Install Manager (HKLM\...\{9D86D954-38AF-2A73-7AF9-920D05B6784F}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team) Audials (HKLM-x32\...\{2E5052A2-8E3D-4229-A5EB-2465B260D917}) (Version: 8.0.54900.0 - RapidSolution Software AG) Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.125 - Avira Operations GmbH & Co. KG) Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications) Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant) Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd) DriverDoc (HKLM-x32\...\DriverDoc_is1) (Version: 10.0 - Driver-Soft Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden Druckerdeinstallation für EPSON SX125 Series (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) f4 3.1.0 (HKLM-x32\...\f4) (Version: 3.1.0 - MAXqda) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation) FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time) Free Disc Burner version 3.0.19.1125 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.19.1125 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.11.36.1130 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.36.1130 - DVDVideoSoft Ltd.) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle) Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - ) MP3 WAV WMA Converter (HKLM-x32\...\MP3 WAV WMA Converter) (Version: MP3 WAV WMA Converter - audio-converter.com) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation) OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version: - ) OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation) OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) Hidden OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation) Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation) Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation) PDF24 Creator 6.9.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.214.2 - Tracker Software Products Ltd) PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.199.0 - Tracker Software Products Ltd.) PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation) PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06140 - Sony Corporation) Hidden Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.) Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) SecureW2 EAP Suite 1.1.1 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - ) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.) Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.) Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation) VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.16020 - Sony Corporation) VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation) VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.00.06140 - Sony Corporation) VAIO - Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15070 - Sony Corporation) VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.1.03020 - Sony Corporation) VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation) VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation) VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation) VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation) VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation) VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.4.0.03240 - Sony Corporation) VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden VAIO Hero Screensaver - Summer 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Summer 2011 Screensaver) (Version: - ) VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.0.0.14150 - Sony Corporation) VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation) VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.10 - Sony Corporation) VAIO Quick Web Access (x32 Version: 1.4.5.10 - Sony Corporation) Hidden VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation) VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation) VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation) VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation) VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VESx64 (Version: 1.0.0 - Sony Corporation) Hidden VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VIS (HKLM-x32\...\VIS) (Version: - ) <==== ACHTUNG VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation) WinX DVD Ripper 5.5.7 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.) Zotero Standalone 4.0.11 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.11 (x86 en-US)) (Version: 4.0.11 - Zotero) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Елемент керування Windows Live Mesh ActiveX для віддалених підключень (HKLM-x32\...\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}) (Version: 15.4.5722.2 - Microsoft Corporation) Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP) CustomCLSID: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP) CustomCLSID: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP) ==================== Wiederherstellungspunkte ========================= 30-11-2015 22:14:56 Geplanter Prüfpunkt 10-12-2015 09:08:31 Windows Update ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 03:34 - 2015-07-29 06:44 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {00FFA2B5-F17D-47F8-862C-04C43C82660D} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient Task: {06E2A1E1-E790-4D90-B66A-D5CD61E79DBF} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation) Task: {09F5EB83-9D76-457F-8E9B-F9D94CA6A335} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {25B75D8B-BA82-46CA-B500-BF2EE87BC676} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated) Task: {33BF80C9-75BC-41B1-AD85-38F1E5F43D52} - System32\Tasks\{ADB48988-339B-44A7-9364-884627810899} => pcalua.exe -a "C:\Program Files (x86)\MP3 WAV WMA Converter\converter.exe" -d C:\Users\Tam\Desktop Task: {38575D90-88FA-4364-A36D-87E74A9725CB} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation) Task: {422536FB-599D-41CA-8969-AC4510C0D366} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation) Task: {42C19AA4-CCB5-47B0-9ED3-B2CA7D8B622A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-04] (Dropbox, Inc.) Task: {449D4FA2-C77E-458F-8EF5-BF25E5340DD1} - System32\Tasks\{C0BBE18C-A8FF-404A-A57C-9178169082A1} => pcalua.exe -a "C:\Users\Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8JHQFMF\epson326689eu.exe" -d C:\Users\Tam\Desktop Task: {4EE59B45-AFD5-4B95-A63D-8FF6DCD4D6CA} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation) Task: {56CB8C2D-9CD9-48EC-9712-C240E8943830} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation) Task: {73B580F9-9DA9-45F9-AF4E-A02FF863BDAD} - System32\Tasks\{773D83E4-8B8A-45A0-8587-2C442E210BCF} => pcalua.exe -a "C:\Users\Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2UIAVRU\AudialsRadiotrackerAvira (1).exe" -d C:\Users\Tam\Desktop Task: {83ACAE56-A029-4C5E-9450-4B1DCC44DBB5} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation) Task: {9305D884-7A14-4CAF-889B-856B67C5AB2A} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {99CFD7B9-46DD-484E-AF43-F423A4F71B12} - System32\Tasks\{8D8800EE-2ED1-492B-A7D4-0A8A5A95BD5C} => pcalua.exe -a C:\Users\Tam\Downloads\epson326689eu.exe -d C:\Users\Tam\Downloads Task: {A8D08F0B-D91D-4F26-AD80-82F964AA89B9} - System32\Tasks\NCH Software\SwitchDowngrade => C:\Program Files (x86)\NCH Software\Switch\switch.exe [2012-08-16] (NCH Software) Task: {B392A54D-18F5-432F-929A-37668E4EAD14} - System32\Tasks\{623876BF-5E53-4BFA-9381-A32235CE8142} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [2012-08-13] (OpenOffice.org) Task: {B818FE43-6FD2-4BE1-B150-F4FC26610286} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {BE657622-E802-4C61-863E-6C7FB8C3B2DE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-04] (Dropbox, Inc.) Task: {C4E04306-3721-4AC7-869B-E627C26672F0} - System32\Tasks\{8D6A47F0-69B5-4ED3-A534-11EEB3C8CE11} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [2012-08-13] (OpenOffice.org) Task: {DE6CFC4C-00B3-4636-A544-5D78BA0CF554} - System32\Tasks\{CC116342-76F6-4311-8957-9F46B29D7923} => pcalua.exe -a C:\Users\Tam\AppData\Local\Temp\Temp1_apgt100.zip\APGuitarSetup.EXE Task: {F4817D70-05A3-48C6-A7B3-08968526D9D4} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation) Task: {FBB955E2-2522-44BD-9F82-F749942F7A6F} - \Scheduled Update for Ask Toolbar -> Keine Datei <==== ACHTUNG Task: {FF6ED0AE-31F3-463E-B5CB-40282A03F1AD} - System32\Tasks\{AA6D0AE4-8530-4FC3-A1F3-04C84522779E} => pcalua.exe -a "C:\Users\Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6RFDAOW\yahoo_firefox_8.0_setup_de-browser1.exe" -d C:\Users\Tam\Desktop (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Public\Desktop\f4.lnk -> C:\Program Files (x86)\f4\f4.bat () <==== ACHTUNG ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2013-07-26 07:42 - 2013-07-26 07:42 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll 2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll 2011-05-24 22:18 - 2011-05-24 22:18 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-12-26 16:45 - 2015-10-26 10:04 - 00118784 _____ () C:\Windows\system32\KBDSW64.exe 2011-12-11 22:26 - 2011-02-25 17:14 - 00297472 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00070656 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00063488 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00215040 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00260608 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00059904 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00157696 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00138752 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll 2011-12-11 22:26 - 2011-02-25 17:14 - 00025600 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll 2014-10-16 00:48 - 2014-10-16 00:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2015-12-10 09:02 - 2015-12-10 09:02 - 00071168 _____ () c:\users\tam\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoyi06k.dll 2015-11-12 14:41 - 2015-09-03 01:11 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-11-12 14:41 - 2015-09-03 01:11 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-11-12 14:41 - 2015-09-03 01:11 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-11-12 14:41 - 2015-09-03 01:11 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2011-08-24 01:05 - 2011-03-05 15:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll 2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows\system32\KBDSW64.exe:IID ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 193.48.45.6 - 193.48.45.9 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: Download Protect => C:\ProgramData\dlprotect.exe MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{28074722-F19E-4DD1-9512-64AA72803985}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{DF18ABDC-6FE2-43CA-ABA6-455194B8B6C9}] => (Allow) LPort=2869 FirewallRules: [{6281D801-FEF2-4264-9B2A-400E04A48142}] => (Allow) LPort=1900 FirewallRules: [{83AE117E-9FA6-498F-8F62-C0D9A5F5A45D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{A9A9EA76-BE94-4ECD-BE00-8344C73C421D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{BC910AE5-0557-403D-A839-0C4E61AF3EDA}] => (Allow) LPort=5353 FirewallRules: [TCP Query User{C251BA9D-A538-486B-9CAF-AC1FD002BA0E}C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{B3DF7FC0-07A1-4E83-B664-8EE62DB8B8E4}C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{7EEFB0A4-7B06-42FE-9F3D-2FC77C593BC7}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [UDP Query User{AF5917B7-E0DB-4A2A-9FC4-8865238E1DFE}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe FirewallRules: [{8B55EF06-C18D-486E-AF39-2696392EE247}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe FirewallRules: [TCP Query User{D88511D2-BCFA-48C5-940F-07B04000BBDE}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe FirewallRules: [UDP Query User{1CB91B0B-6468-4C91-8B78-F4B4A20E93BF}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe FirewallRules: [TCP Query User{73E88033-E54A-4C0B-9898-4F28080D830C}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe FirewallRules: [UDP Query User{BFF41570-3525-4230-B49A-0FBC6F4AAF54}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe FirewallRules: [TCP Query User{98466724-70E8-4E3E-B547-FCB3FD686E38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{0163D01A-1B25-4E66-9939-27BF48E3B52D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{D8FEB1C3-A887-46CD-A4B3-13DB861F61B8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Fehlerhafte Geräte im Gerätemanager ============= Name: Atheros AR3011 Bluetooth(R) Adapter Description: Atheros AR3011 Bluetooth(R) Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (12/10/2015 09:03:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/10/2015 09:03:21 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000679c9 ID des fehlerhaften Prozesses: 0x5c0 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (12/10/2015 12:52:22 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/09/2015 10:38:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18098, Zeitstempel: 0x5633e44a Name des fehlerhaften Moduls: jscript9.dll, Version: 11.0.9600.18098, Zeitstempel: 0x5633ec21 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00135700 ID des fehlerhaften Prozesses: 0x1424 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (12/09/2015 10:37:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.18098, Zeitstempel: 0x5633e44a Name des fehlerhaften Moduls: jscript9.dll, Version: 11.0.9600.18098, Zeitstempel: 0x5633ec21 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d7b02 ID des fehlerhaften Prozesses: 0x1424 Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0 Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1 Pfad des fehlerhaften Moduls: IEXPLORE.EXE2 Berichtskennung: IEXPLORE.EXE3 Error: (12/09/2015 09:33:08 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/08/2015 09:08:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/08/2015 08:48:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/07/2015 08:56:08 AM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (12/07/2015 08:46:37 AM) (Source: Windows Backup) (EventID: 4103) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Systemfehler: ============= Error: (12/10/2015 11:54:45 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RSCHOLZ-TOSH", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7BC2E11B-69AE-4FFB-8BFC-876669CC2683}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (12/10/2015 11:42:44 AM) (Source: bowser) (EventID: 8003) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "RSCHOLZ-TOSH", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{7BC2E11B-69AE-4FFB-8BFC-876669CC2683}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (12/10/2015 10:36:42 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/10/2015 10:36:42 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (12/10/2015 10:18:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB3108381) Error: (12/10/2015 09:04:27 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (12/10/2015 09:04:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (12/10/2015 09:03:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/10/2015 09:03:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (12/10/2015 01:04:23 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ==================== Speicherinformationen =========================== Prozessor: AMD E-450 APU with Radeon(tm) HD Graphics Prozentuale Nutzung des RAM: 75% Installierter physikalischer RAM: 3690.9 MB Verfügbarer physikalischer RAM: 911.64 MB Summe virtueller Speicher: 7380.01 MB Verfügbarer virtueller Speicher: 4047.96 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:451.68 GB) (Free:287.44 GB) NTFS ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 443A14D9) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS) Weitere Logs poste ich in exxtra Beiträgen auf Grund ihrer Länge. Ich bin wahnsinnig für eure Hilfe dankbar und hoffe, dass die Situation noch zu retten ist! Log von Antivir Code:
ATTFilter Free Antivirus
Erstellungsdatum der Reportdatei: Mittwoch, 2. Dezember 2015 00:32
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Tam
Computername : TAM-VAIO
Versionsinformationen:
build.dat : 15.0.15.125 93076 Bytes 20.11.2015 15:36:00
AVSCAN.EXE : 15.0.15.122 1203832 Bytes 01.12.2015 14:53:31
AVSCANRC.DLL : 15.0.15.106 67688 Bytes 01.12.2015 14:53:31
LUKE.DLL : 15.0.15.106 69248 Bytes 01.12.2015 14:53:51
AVSCPLR.DLL : 15.0.15.122 106352 Bytes 01.12.2015 14:53:31
REPAIR.DLL : 15.0.15.106 493608 Bytes 01.12.2015 14:53:30
repair.rdf : 1.0.12.70 1378653 Bytes 01.12.2015 14:53:57
AVREG.DLL : 15.0.15.106 346312 Bytes 01.12.2015 14:53:29
avlode.dll : 15.0.15.106 701680 Bytes 01.12.2015 14:53:27
avlode.rdf : 14.0.5.6 84211 Bytes 31.08.2015 09:35:21
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:47
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:47
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:47
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:47
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:47
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 09:26:48
XBV00187.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:25
XBV00188.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:25
XBV00189.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:25
XBV00190.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:25
XBV00191.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:25
XBV00192.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00193.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00194.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00195.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00196.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00197.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00198.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00199.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00200.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00201.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00202.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00203.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00204.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00205.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00206.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00207.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00208.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00209.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00210.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00211.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00212.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00213.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00214.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00215.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:26
XBV00216.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00217.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00218.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00219.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00220.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00221.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00222.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00223.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00224.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00225.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00226.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00227.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00228.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00229.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:27
XBV00230.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00231.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00232.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00233.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00234.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00235.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00236.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00237.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00238.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00239.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00240.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00241.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00242.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00243.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00244.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00245.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00246.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00247.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00248.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00249.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:28
XBV00250.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:29
XBV00251.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:29
XBV00252.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:29
XBV00253.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:29
XBV00254.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:29
XBV00255.VDF : 8.12.28.114 2048 Bytes 17.11.2015 17:46:29
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:49:55
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:40:08
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 16:06:15
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 14:26:24
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 19:36:17
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 13:20:52
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 16:29:52
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 15:53:11
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 09:26:46
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15.09.2014 10:12:18
XBV00010.VDF : 8.11.178.32 1581056 Bytes 14.10.2014 10:37:58
XBV00011.VDF : 8.11.184.50 2178560 Bytes 11.11.2014 13:01:53
XBV00012.VDF : 8.11.190.32 1876992 Bytes 03.12.2014 11:44:26
XBV00013.VDF : 8.11.201.28 2973696 Bytes 14.01.2015 12:08:20
XBV00014.VDF : 8.11.206.252 2695680 Bytes 04.02.2015 21:40:36
XBV00015.VDF : 8.11.213.84 3175936 Bytes 03.03.2015 15:31:46
XBV00016.VDF : 8.11.213.176 212480 Bytes 05.03.2015 17:23:57
XBV00017.VDF : 8.11.219.166 2033664 Bytes 25.03.2015 17:21:55
XBV00018.VDF : 8.11.225.88 2367488 Bytes 22.04.2015 22:11:12
XBV00019.VDF : 8.11.230.186 1674752 Bytes 13.05.2015 09:24:23
XBV00020.VDF : 8.11.237.30 4711936 Bytes 02.06.2015 19:04:28
XBV00021.VDF : 8.11.243.12 2747904 Bytes 26.06.2015 13:58:04
XBV00022.VDF : 8.11.248.172 2350592 Bytes 17.07.2015 19:29:25
XBV00023.VDF : 8.11.254.112 2570752 Bytes 07.08.2015 15:05:48
XBV00024.VDF : 8.12.3.6 2196480 Bytes 27.08.2015 14:24:27
XBV00025.VDF : 8.12.8.238 1951232 Bytes 16.09.2015 07:28:16
XBV00026.VDF : 8.12.16.180 2211328 Bytes 07.10.2015 07:43:27
XBV00027.VDF : 8.12.21.126 2252288 Bytes 27.10.2015 19:02:11
XBV00028.VDF : 8.12.28.114 2935296 Bytes 17.11.2015 17:46:17
XBV00042.VDF : 8.12.28.118 33792 Bytes 17.11.2015 17:46:17
XBV00043.VDF : 8.12.28.122 39424 Bytes 17.11.2015 17:46:17
XBV00044.VDF : 8.12.28.124 2048 Bytes 18.11.2015 17:46:18
XBV00045.VDF : 8.12.28.128 51712 Bytes 18.11.2015 17:46:18
XBV00046.VDF : 8.12.28.130 2048 Bytes 18.11.2015 17:46:18
XBV00047.VDF : 8.12.28.132 14336 Bytes 18.11.2015 17:46:18
XBV00048.VDF : 8.12.28.158 10752 Bytes 18.11.2015 17:46:18
XBV00049.VDF : 8.12.28.184 5632 Bytes 18.11.2015 17:46:18
XBV00050.VDF : 8.12.28.210 3584 Bytes 18.11.2015 17:46:18
XBV00051.VDF : 8.12.28.236 10240 Bytes 18.11.2015 17:46:18
XBV00052.VDF : 8.12.29.6 27136 Bytes 18.11.2015 17:46:18
XBV00053.VDF : 8.12.29.8 3072 Bytes 18.11.2015 17:46:18
XBV00054.VDF : 8.12.29.10 15360 Bytes 18.11.2015 19:45:42
XBV00055.VDF : 8.12.29.12 2048 Bytes 18.11.2015 19:45:42
XBV00056.VDF : 8.12.29.14 2048 Bytes 18.11.2015 19:45:42
XBV00057.VDF : 8.12.29.16 13312 Bytes 18.11.2015 19:45:42
XBV00058.VDF : 8.12.29.18 2048 Bytes 18.11.2015 19:45:42
XBV00059.VDF : 8.12.29.20 15360 Bytes 18.11.2015 13:22:30
XBV00060.VDF : 8.12.29.22 6144 Bytes 18.11.2015 13:22:31
XBV00061.VDF : 8.12.29.24 6144 Bytes 18.11.2015 13:22:31
XBV00062.VDF : 8.12.29.26 13312 Bytes 18.11.2015 13:22:31
XBV00063.VDF : 8.12.29.28 15872 Bytes 18.11.2015 13:22:31
XBV00064.VDF : 8.12.29.52 39424 Bytes 19.11.2015 13:22:31
XBV00065.VDF : 8.12.29.72 8192 Bytes 19.11.2015 13:22:31
XBV00066.VDF : 8.12.29.92 13824 Bytes 19.11.2015 13:22:31
XBV00067.VDF : 8.12.29.112 2048 Bytes 19.11.2015 13:22:31
XBV00068.VDF : 8.12.29.156 62464 Bytes 19.11.2015 08:30:44
XBV00069.VDF : 8.12.29.176 2048 Bytes 19.11.2015 08:30:44
XBV00070.VDF : 8.12.29.196 17408 Bytes 19.11.2015 08:30:44
XBV00071.VDF : 8.12.29.198 2048 Bytes 19.11.2015 08:30:44
XBV00072.VDF : 8.12.29.200 2048 Bytes 19.11.2015 08:30:44
XBV00073.VDF : 8.12.29.202 2048 Bytes 19.11.2015 08:30:44
XBV00074.VDF : 8.12.29.204 2048 Bytes 19.11.2015 08:30:44
XBV00075.VDF : 8.12.29.206 13312 Bytes 19.11.2015 08:30:44
XBV00076.VDF : 8.12.29.210 37888 Bytes 20.11.2015 15:08:32
XBV00077.VDF : 8.12.29.212 2048 Bytes 20.11.2015 15:08:32
XBV00078.VDF : 8.12.29.252 2048 Bytes 20.11.2015 15:08:32
XBV00079.VDF : 8.12.30.16 27136 Bytes 20.11.2015 15:08:32
XBV00080.VDF : 8.12.30.56 11776 Bytes 20.11.2015 10:10:28
XBV00081.VDF : 8.12.30.76 39936 Bytes 20.11.2015 10:10:28
XBV00082.VDF : 8.12.30.78 17920 Bytes 20.11.2015 10:10:29
XBV00083.VDF : 8.12.30.80 9728 Bytes 20.11.2015 10:10:29
XBV00084.VDF : 8.12.30.82 10240 Bytes 20.11.2015 10:10:29
XBV00085.VDF : 8.12.30.84 8704 Bytes 20.11.2015 10:10:29
XBV00086.VDF : 8.12.30.86 8192 Bytes 20.11.2015 10:10:29
XBV00087.VDF : 8.12.30.90 33792 Bytes 21.11.2015 10:10:29
XBV00088.VDF : 8.12.30.92 2048 Bytes 21.11.2015 10:10:29
XBV00089.VDF : 8.12.30.94 12288 Bytes 21.11.2015 10:10:29
XBV00090.VDF : 8.12.30.96 31744 Bytes 21.11.2015 12:09:32
XBV00091.VDF : 8.12.30.116 89600 Bytes 22.11.2015 12:09:32
XBV00092.VDF : 8.12.30.178 81920 Bytes 23.11.2015 08:41:38
XBV00093.VDF : 8.12.30.198 5120 Bytes 23.11.2015 08:41:38
XBV00094.VDF : 8.12.30.216 7168 Bytes 23.11.2015 08:41:38
XBV00095.VDF : 8.12.30.218 4096 Bytes 23.11.2015 08:41:38
XBV00096.VDF : 8.12.30.220 8704 Bytes 23.11.2015 10:41:16
XBV00097.VDF : 8.12.30.222 12288 Bytes 23.11.2015 10:41:16
XBV00098.VDF : 8.12.30.224 7168 Bytes 23.11.2015 12:41:25
XBV00099.VDF : 8.12.30.226 7168 Bytes 23.11.2015 16:08:45
XBV00100.VDF : 8.12.30.228 10752 Bytes 23.11.2015 16:08:45
XBV00101.VDF : 8.12.30.246 13824 Bytes 23.11.2015 16:08:45
XBV00102.VDF : 8.12.31.8 6144 Bytes 23.11.2015 16:08:45
XBV00103.VDF : 8.12.31.26 5120 Bytes 23.11.2015 22:19:47
XBV00104.VDF : 8.12.31.44 16384 Bytes 23.11.2015 22:19:47
XBV00105.VDF : 8.12.31.62 4096 Bytes 23.11.2015 22:19:47
XBV00106.VDF : 8.12.31.80 10752 Bytes 23.11.2015 22:19:47
XBV00107.VDF : 8.12.31.82 2048 Bytes 23.11.2015 22:19:47
XBV00108.VDF : 8.12.31.84 4608 Bytes 23.11.2015 07:49:48
XBV00109.VDF : 8.12.31.86 8192 Bytes 23.11.2015 07:49:48
XBV00110.VDF : 8.12.31.90 26624 Bytes 24.11.2015 07:49:48
XBV00111.VDF : 8.12.31.92 3072 Bytes 24.11.2015 07:49:48
XBV00112.VDF : 8.12.31.94 2048 Bytes 24.11.2015 07:49:48
XBV00113.VDF : 8.12.31.96 14336 Bytes 24.11.2015 07:49:48
XBV00114.VDF : 8.12.31.98 9216 Bytes 24.11.2015 09:49:37
XBV00115.VDF : 8.12.31.100 6656 Bytes 24.11.2015 11:49:38
XBV00116.VDF : 8.12.31.102 7168 Bytes 24.11.2015 11:49:38
XBV00117.VDF : 8.12.31.104 3072 Bytes 24.11.2015 16:32:23
XBV00118.VDF : 8.12.31.106 8704 Bytes 24.11.2015 16:32:23
XBV00119.VDF : 8.12.31.108 2048 Bytes 24.11.2015 16:32:23
XBV00120.VDF : 8.12.31.110 9728 Bytes 24.11.2015 20:23:48
XBV00121.VDF : 8.12.31.128 10752 Bytes 24.11.2015 22:23:30
XBV00122.VDF : 8.12.31.130 21504 Bytes 24.11.2015 22:23:30
XBV00123.VDF : 8.12.31.132 9216 Bytes 24.11.2015 08:25:15
XBV00124.VDF : 8.12.31.134 15872 Bytes 24.11.2015 08:25:15
XBV00125.VDF : 8.12.31.140 13824 Bytes 25.11.2015 08:25:15
XBV00126.VDF : 8.12.31.142 4608 Bytes 25.11.2015 08:25:15
XBV00127.VDF : 8.12.31.144 23552 Bytes 25.11.2015 12:24:53
XBV00128.VDF : 8.12.31.146 34816 Bytes 25.11.2015 12:24:53
XBV00129.VDF : 8.12.31.154 60416 Bytes 25.11.2015 20:59:21
XBV00130.VDF : 8.12.31.172 7680 Bytes 25.11.2015 22:59:28
XBV00131.VDF : 8.12.31.188 8192 Bytes 25.11.2015 22:59:28
XBV00132.VDF : 8.12.31.204 2048 Bytes 25.11.2015 22:59:28
XBV00133.VDF : 8.12.31.220 12288 Bytes 25.11.2015 12:35:53
XBV00134.VDF : 8.12.31.224 2048 Bytes 26.11.2015 12:35:53
XBV00135.VDF : 8.12.31.242 18944 Bytes 26.11.2015 12:35:53
XBV00136.VDF : 8.12.31.244 2048 Bytes 26.11.2015 12:35:53
XBV00137.VDF : 8.12.31.246 2048 Bytes 26.11.2015 12:35:53
XBV00138.VDF : 8.12.31.248 37888 Bytes 26.11.2015 12:35:53
XBV00139.VDF : 8.12.31.250 11264 Bytes 26.11.2015 12:35:53
XBV00140.VDF : 8.12.31.252 2048 Bytes 26.11.2015 12:35:53
XBV00141.VDF : 8.12.31.254 6144 Bytes 26.11.2015 12:35:53
XBV00142.VDF : 8.12.32.2 12800 Bytes 26.11.2015 08:26:58
XBV00143.VDF : 8.12.32.4 2560 Bytes 26.11.2015 08:26:58
XBV00144.VDF : 8.12.32.6 11776 Bytes 26.11.2015 08:26:58
XBV00145.VDF : 8.12.32.8 17920 Bytes 26.11.2015 08:26:59
XBV00146.VDF : 8.12.32.10 2048 Bytes 26.11.2015 08:26:59
XBV00147.VDF : 8.12.32.12 3584 Bytes 27.11.2015 08:26:59
XBV00148.VDF : 8.12.32.14 69632 Bytes 27.11.2015 12:44:31
XBV00149.VDF : 8.12.32.30 2048 Bytes 27.11.2015 12:44:31
XBV00150.VDF : 8.12.32.46 8192 Bytes 27.11.2015 12:44:31
XBV00151.VDF : 8.12.32.62 12800 Bytes 27.11.2015 08:23:54
XBV00152.VDF : 8.12.32.78 2048 Bytes 27.11.2015 08:23:54
XBV00153.VDF : 8.12.32.94 16896 Bytes 27.11.2015 08:23:54
XBV00154.VDF : 8.12.32.96 5632 Bytes 27.11.2015 08:23:55
XBV00155.VDF : 8.12.32.98 5120 Bytes 27.11.2015 08:23:55
XBV00156.VDF : 8.12.32.100 11776 Bytes 27.11.2015 08:23:55
XBV00157.VDF : 8.12.32.102 13312 Bytes 27.11.2015 08:23:55
XBV00158.VDF : 8.12.32.104 8704 Bytes 27.11.2015 08:23:55
XBV00159.VDF : 8.12.32.106 6144 Bytes 27.11.2015 08:23:55
XBV00160.VDF : 8.12.32.108 2048 Bytes 28.11.2015 08:23:55
XBV00161.VDF : 8.12.32.112 56832 Bytes 28.11.2015 08:23:55
XBV00162.VDF : 8.12.32.118 2048 Bytes 28.11.2015 08:23:55
XBV00163.VDF : 8.12.32.120 16384 Bytes 28.11.2015 08:23:55
XBV00164.VDF : 8.12.32.138 11264 Bytes 28.11.2015 08:23:55
XBV00165.VDF : 8.12.32.152 2048 Bytes 28.11.2015 08:23:55
XBV00166.VDF : 8.12.32.166 7168 Bytes 28.11.2015 07:21:01
XBV00167.VDF : 8.12.32.180 96768 Bytes 29.11.2015 07:21:01
XBV00168.VDF : 8.12.32.194 2048 Bytes 29.11.2015 07:21:01
XBV00169.VDF : 8.12.32.208 6144 Bytes 29.11.2015 07:21:01
XBV00170.VDF : 8.12.32.222 7168 Bytes 29.11.2015 07:21:01
XBV00171.VDF : 8.12.32.236 5120 Bytes 29.11.2015 07:21:01
XBV00172.VDF : 8.12.33.8 55808 Bytes 30.11.2015 09:20:16
XBV00173.VDF : 8.12.33.24 2048 Bytes 30.11.2015 09:20:16
XBV00174.VDF : 8.12.33.40 2048 Bytes 30.11.2015 09:20:16
XBV00175.VDF : 8.12.33.56 20992 Bytes 30.11.2015 15:38:01
XBV00176.VDF : 8.12.33.70 26112 Bytes 30.11.2015 15:38:01
XBV00177.VDF : 8.12.33.86 81920 Bytes 30.11.2015 15:38:02
XBV00178.VDF : 8.12.33.90 2048 Bytes 30.11.2015 15:38:02
XBV00179.VDF : 8.12.33.92 2048 Bytes 30.11.2015 15:38:02
XBV00180.VDF : 8.12.33.94 2560 Bytes 30.11.2015 15:38:02
XBV00181.VDF : 8.12.33.98 44032 Bytes 30.11.2015 22:25:30
XBV00182.VDF : 8.12.33.102 43520 Bytes 01.12.2015 07:24:16
XBV00183.VDF : 8.12.33.116 7680 Bytes 01.12.2015 14:53:56
XBV00184.VDF : 8.12.33.128 2048 Bytes 01.12.2015 14:53:56
XBV00185.VDF : 8.12.33.140 11776 Bytes 01.12.2015 14:53:56
XBV00186.VDF : 8.12.33.152 2048 Bytes 01.12.2015 14:53:56
LOCAL000.VDF : 8.12.33.152 146496512 Bytes 01.12.2015 14:55:15
Engineversion : 8.3.34.82
AEBB.DLL : 8.1.3.0 59296 Bytes 20.11.2015 08:30:39
AECORE.DLL : 8.3.9.0 249920 Bytes 12.11.2015 15:45:05
AEDROID.DLL : 8.4.3.348 1800104 Bytes 06.11.2015 11:48:02
AEEMU.DLL : 8.1.3.6 404328 Bytes 20.11.2015 08:30:39
AEEXP.DLL : 8.4.2.134 277360 Bytes 12.11.2015 15:45:09
AEGEN.DLL : 8.1.8.8 487480 Bytes 26.11.2015 14:36:08
AEHELP.DLL : 8.3.2.6 284584 Bytes 20.11.2015 08:30:39
AEHEUR.DLL : 8.1.4.2064 9923440 Bytes 26.11.2015 14:36:10
AEMOBILE.DLL : 8.1.8.10 301936 Bytes 26.11.2015 14:36:10
AEOFFICE.DLL : 8.3.1.56 408432 Bytes 19.10.2015 09:32:11
AEPACK.DLL : 8.4.1.18 802880 Bytes 27.10.2015 19:02:09
AERDL.DLL : 8.2.1.38 813928 Bytes 06.11.2015 11:48:01
AESBX.DLL : 8.2.21.2 1629032 Bytes 06.11.2015 11:48:01
AESCN.DLL : 8.3.4.0 141216 Bytes 12.11.2015 15:45:09
AESCRIPT.DLL : 8.3.0.4 542632 Bytes 20.11.2015 08:30:43
AEVDF.DLL : 8.3.2.4 141216 Bytes 20.11.2015 08:30:43
AVWINLL.DLL : 15.0.15.106 28632 Bytes 01.12.2015 14:53:22
AVPREF.DLL : 15.0.15.106 54896 Bytes 01.12.2015 14:53:29
AVREP.DLL : 15.0.15.106 225320 Bytes 01.12.2015 14:53:29
AVARKT.DLL : 15.0.15.106 231032 Bytes 01.12.2015 14:53:24
AVEVTLOG.DLL : 15.0.15.106 200632 Bytes 01.12.2015 14:53:25
SQLITE3.DLL : 15.0.15.106 460704 Bytes 01.12.2015 14:53:55
AVSMTP.DLL : 15.0.15.106 82120 Bytes 01.12.2015 14:53:32
NETNT.DLL : 15.0.15.106 18792 Bytes 01.12.2015 14:53:52
CommonImageRc.dll: 15.0.15.106 4309752 Bytes 01.12.2015 14:53:23
CommonTextRc.dll: 15.0.15.106 70784 Bytes 01.12.2015 14:53:23
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Prüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Mittwoch, 2. Dezember 2015 00:32
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '120' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '175' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ath_CoexAgent.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'adminservice.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'DlProtectSvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50STB.EXE' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50RPB.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIO Gate.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'RIconMan.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'GWX.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBDSW64.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.ServiceHost.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.Systray.exe' - '147' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'VSNService.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'VSNClient.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'VUAgent.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCPerfService.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCsystray.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCService.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCAgent.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'vds.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Admload.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '181' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_19_0_0_245.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_19_0_0_245.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\drivers\beep.sys'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Signiert -> 'C:\Windows\system32\imm32.dll'
Signiert -> 'C:\Windows\system32\dsound.dll'
Signiert -> 'C:\Windows\system32\aclui.dll'
Signiert -> 'C:\Windows\system32\msvcrt.dll'
Signiert -> 'C:\Windows\system32\d3d9.dll'
Signiert -> 'C:\Windows\system32\dnsapi.dll'
Signiert -> 'C:\Windows\system32\mshtml.dll'
Signiert -> 'C:\Windows\system32\regsvr32.exe'
Signiert -> 'C:\Windows\system32\rundll32.exe'
Signiert -> 'C:\Windows\system32\userinit.exe'
Signiert -> 'C:\Windows\system32\reg.exe'
Signiert -> 'C:\Windows\regedit.exe'
Die Systemdateien wurden durchsucht ('34' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '6275' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\Tam\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe
[0] Archivtyp: NSIS
--> [PluginsDir]/NSISEncrypt.dll
[FUND] Enthält Erkennungsmuster der Adware ADWARE/BrowseFox.Gen7
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tam\AppData\Local\DownloadGuide\Offers\vis-freeware.exe
[0] Archivtyp: ZIP SFX (self extracting)
--> Setup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.16711
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{0C9FA221-D8A1-4D79-93CA-2A617E3B7252}\{F1A2921F-6E16-4A9D-9270-BDDBEFF0CAB7}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{16286BD1-346E-4A37-8F09-AB51DBB736E4}\{E41C2F47-0118-4E1B-9C64-238E600DDB00}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{187BF036-84BD-4ADE-9402-F76716621F1A}\{820DB2B4-E899-4B00-9793-D894397DF1D9}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{19F29D62-0F1B-4639-8148-66D2CFD8E5AA}\{1C3158F7-45C4-44C9-A659-491A1BDD8F8E}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{2CFA6768-9122-4EF7-87C4-4C33F0202D62}\{8AE6A897-340B-429A-BECB-3343DB444270}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{71CBF70A-0120-4CE6-8BF6-3F1CFDC90F50}\{47274B4B-A23B-4194-B0F7-65F404BF69CF}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{929D8A4D-52E4-45F7-867B-9D4B784EC681}\{54BD1F59-D986-4A88-96B1-F15F828A31ED}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{92D23791-3D7F-43BA-A066-C0317DAFFCD9}\cghhmjcdnpbgimfjeikejgbogdfaodgnorx
[0] Archivtyp: CRX
--> dp.js
[FUND] Enthält Muster der Software PUA/DownProtect.ap
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> g.js
[FUND] Enthält Muster der Software PUA/DownProtect.js
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{9D45EE2D-9920-457E-93D8-5F485EDA42CF}\{C917D02E-3361-4273-ACB5-1C87958EF3CF}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{BACE025D-75D9-4C36-9F1C-E88D5B039CA5}\{2CBE57DC-1EC0-4C33-ACF3-FBA63AC7892B}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{DC303DE6-6A2C-4608-AEB5-D59389EDA073}\{366AFD83-283A-480F-9970-6FC9086E66CF}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{EF2D677C-8EDB-4B35-9DDF-85037863B36D}\{1EC492F9-CA90-4CCD-9106-ED564178ED7B}.xpi
[0] Archivtyp: ZIP
--> chrome/content/dp.js
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Windows\Installer\{FAB3DD9D-D415-4E9F-9645-F70975883931}\cffkjgjohmfpldollgjmgelgcbfjmppekrx
[0] Archivtyp: CRX
--> dp.js
[FUND] Enthält Muster der Software PUA/DownProtect.jd
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> g.js
[FUND] Enthält Muster der Software PUA/DownProtect.js
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Desinfektion:
C:\Windows\Installer\{FAB3DD9D-D415-4E9F-9645-F70975883931}\cffkjgjohmfpldollgjmgelgcbfjmppekrx
[FUND] Enthält Muster der Software PUA/DownProtect.js
[WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[WARNUNG] Fehler in der ARK Library
[HINWEIS] Die Datei wurde zum Löschen nach einem Neustart markiert.
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
C:\Windows\Installer\{EF2D677C-8EDB-4B35-9DDF-85037863B36D}\{1EC492F9-CA90-4CCD-9106-ED564178ED7B}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7f2046bb.qua' verschoben!
C:\Windows\Installer\{DC303DE6-6A2C-4608-AEB5-D59389EDA073}\{366AFD83-283A-480F-9970-6FC9086E66CF}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3a9b6b7b.qua' verschoben!
C:\Windows\Installer\{BACE025D-75D9-4C36-9F1C-E88D5B039CA5}\{2CBE57DC-1EC0-4C33-ACF3-FBA63AC7892B}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '45bd593d.qua' verschoben!
C:\Windows\Installer\{9D45EE2D-9920-457E-93D8-5F485EDA42CF}\{C917D02E-3361-4273-ACB5-1C87958EF3CF}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '093b7520.qua' verschoben!
C:\Windows\Installer\{92D23791-3D7F-43BA-A066-C0317DAFFCD9}\cghhmjcdnpbgimfjeikejgbogdfaodgnorx
[FUND] Enthält Muster der Software PUA/DownProtect.js
[WARNUNG] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[WARNUNG] Fehler in der ARK Library
[HINWEIS] Die Datei wurde zum Löschen nach einem Neustart markiert.
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
C:\Windows\Installer\{929D8A4D-52E4-45F7-867B-9D4B784EC681}\{54BD1F59-D986-4A88-96B1-F15F828A31ED}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58741bc7.qua' verschoben!
C:\Windows\Installer\{71CBF70A-0120-4CE6-8BF6-3F1CFDC90F50}\{47274B4B-A23B-4194-B0F7-65F404BF69CF}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41132073.qua' verschoben!
C:\Windows\Installer\{2CFA6768-9122-4EF7-87C4-4C33F0202D62}\{8AE6A897-340B-429A-BECB-3343DB444270}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '2d750c2e.qua' verschoben!
C:\Windows\Installer\{19F29D62-0F1B-4639-8148-66D2CFD8E5AA}\{1C3158F7-45C4-44C9-A659-491A1BDD8F8E}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5cca3595.qua' verschoben!
C:\Windows\Installer\{187BF036-84BD-4ADE-9402-F76716621F1A}\{820DB2B4-E899-4B00-9793-D894397DF1D9}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52e105be.qua' verschoben!
C:\Windows\Installer\{16286BD1-346E-4A37-8F09-AB51DBB736E4}\{E41C2F47-0118-4E1B-9C64-238E600DDB00}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '17ca7ca3.qua' verschoben!
C:\Windows\Installer\{0C9FA221-D8A1-4D79-93CA-2A617E3B7252}\{F1A2921F-6E16-4A9D-9270-BDDBEFF0CAB7}.xpi
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Lintrane.BV
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1ec4782d.qua' verschoben!
C:\Users\Tam\AppData\Local\DownloadGuide\Offers\vis-freeware.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/AgentCV.A.16711
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '46c36285.qua' verschoben!
C:\Users\Tam\AppData\Local\DownloadGuide\Offers\ResultsAlphaSetup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/BrowseFox.Gen7
[HINWEIS] Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
[HINWEIS] Die Datei existiert nicht!
|
|
10.12.2015, 16:20
| #2 |
| | Log von FRST 64Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015 durchgeführt von Tam (Administrator) auf TAM-VAIO (10-12-2015 11:59:12) Gestartet von C:\Users\Tam\Downloads Geladene Profile: Tam (Verfügbare Profile: Tam) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser nicht gefunden!) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Windows\System32\KBDSW64.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Microsoft Corporation) C:\Config.Msi\744af.rbf (Microsoft Corporation) C:\Windows\splwow64.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\Admload.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-05] (Dropbox, Inc.) HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated) HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {7270dc67-13c9-11e3-b088-ccaf78cc91e4} - F:\MotorolaDeviceManagerSetup.exe -a HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {7d81cc14-0249-11e1-a74a-ccaf78cc91e4} - D:\AutoRun.exe HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {87c4555e-b80e-11e2-8def-ccaf78cc91e4} - Iomega Encryption Utility.exe HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {a8485092-02f5-11e1-829d-ccaf78cc91e4} - F:\KODAK_Software_Downloader.exe HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {cd590083-ff1c-11e0-8ae2-ccaf78cc91e4} - D:\AutoRun.exe ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-05] (Dropbox, Inc.) Startup: C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2015-12-05] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () GroupPolicy: Beschränkung - Chrome <======= ACHTUNG CHR HKLM\SOFTWARE\Policies\Google: Beschränkung <======= ACHTUNG ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ACHTUNG (Beschränkung - ProxySettings) Tcpip\Parameters: [DhcpNameServer] 193.48.45.6 193.48.45.9 Tcpip\..\Interfaces\{7BC2E11B-69AE-4FFB-8BFC-876669CC2683}: [DhcpNameServer] 193.48.45.6 193.48.45.9 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope Wert fehlt SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt SearchScopes: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-24] (Sun Microsystems, Inc.) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-24] (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default FF DefaultSearchEngine: google FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF SelectedSearchEngine: google FF Homepage: hxxp://www.google.de?hl=de&gl=de FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-24] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-24] (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1123646390-3674192649-2891681912-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF user.js: detected! => C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\user.js [2015-12-10] FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\searchplugins\google-images.xml [2014-11-30] FF SearchPlugin: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\searchplugins\google-maps.xml [2014-11-30] FF SearchPlugin: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\searchplugins\startpage-https---deutsch.xml [2015-12-05] FF Extension: Kein Name - C:\Windows\Installer\{1584630C-09F3-4B21-A74F-CD4078213A12}\{F24DE3D2-6D6D-4CBF-B4B0-FA0E0C67727A}.xpi [nicht gefunden] FF Extension: Avira Browser Safety - C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\Extensions\abs@avira.com [2015-08-20] [ist nicht signiert] FF Extension: Yahoo! Toolbar - C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-12-05] [ist nicht signiert] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-12-24] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{DC1F2A69-B3D5-41A9-B1C1-65607140D310}] - C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}\{DC1F2A69-B3D5-41A9-B1C1-65607140D310}.xpi FF Extension: Download Protect - C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}\{DC1F2A69-B3D5-41A9-B1C1-65607140D310}.xpi [2015-12-10] Chrome: ======= CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-05-24] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-26] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-04-29] (Atheros Commnucations) [Datei ist nicht signiert] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-04] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-04] (Dropbox, Inc.) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [166400 2009-09-14] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [128512 2009-09-14] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-04-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert] S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [Datei ist nicht signiert] S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [Datei ist nicht signiert] R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [Datei ist nicht signiert] R2 taskengd; C:\Windows\system32\KBDSW64.exe [118784 2015-10-26] () [Datei ist nicht signiert] R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-31] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-10] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-09-09] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-09-09] (RapidSolution Software AG) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-10 11:59 - 2015-12-10 12:00 - 00027139 _____ C:\Users\Tam\Downloads\FRST.txt 2015-12-10 11:57 - 2015-12-10 11:57 - 02369024 _____ (Farbar) C:\Users\Tam\Downloads\FRST64.exe 2015-12-10 11:51 - 2015-12-10 11:51 - 00000000 _____ C:\Users\Tam\defogger_reenable 2015-12-10 11:50 - 2015-12-10 11:50 - 00050477 _____ C:\Users\Tam\Desktop\Defogger.exe 2015-12-10 00:53 - 2015-12-10 00:53 - 00000000 ____D C:\Program Files\{43FEEFF0-C6FC-42A2-9522-10F0159BFDAB} 2015-12-10 00:53 - 2015-12-10 00:53 - 00000000 ____D C:\Program Files (x86)\{E5613B1F-59E3-4815-8E0A-C5B25EAADC9A} 2015-12-09 17:06 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 17:06 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-09 10:04 - 2015-12-10 11:59 - 00000000 ____D C:\FRST 2015-12-09 10:03 - 2015-12-09 10:03 - 00000000 _____ C:\Users\Tam\Downloads\ProductivityBoss.f713b0e91eea4baf9468ac9a5f772b51.exe.rqsrwk9.partial 2015-12-09 09:33 - 2015-12-10 09:15 - 00005120 _____ C:\Windows\SysWOW64\nsisvc32.dll 2015-12-09 09:11 - 2015-12-09 09:11 - 00000000 ____D C:\Program Files\{B1A85666-B68F-46FC-862A-A160FFEC568F} 2015-12-09 09:11 - 2015-12-09 09:11 - 00000000 ____D C:\Program Files (x86)\{6F29A6AC-7201-46DD-89A7-6698B4C6E2BC} 2015-12-06 12:25 - 2015-12-06 12:25 - 00000000 ____D C:\Users\Tam\AppData\Roaming\TeamViewer 2015-12-06 12:23 - 2015-12-06 12:24 - 06944152 _____ (TeamViewer) C:\Users\Tam\Downloads\TeamViewerQS_de.exe 2015-12-05 13:36 - 2015-12-05 13:36 - 00077756 _____ C:\Users\Tam\Desktop\Antivir report.txt 2015-12-05 13:36 - 2015-12-05 13:36 - 00000000 ____D C:\avrescue 2015-12-05 12:03 - 2015-12-05 12:03 - 00001203 _____ C:\protokoll 2.txt 2015-12-05 11:55 - 2015-12-05 11:55 - 00001592 _____ C:\Users\Tam\Desktop\mbam.txt 2015-12-04 09:54 - 2015-12-10 11:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-04 09:53 - 2015-12-05 13:42 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-04 09:53 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-04 09:53 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-04 09:53 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-04 09:45 - 2015-12-04 09:45 - 22908888 _____ (Malwarebytes ) C:\Users\Tam\Desktop\mbam-setup-majorgeeks-2.2.0.1024.exe 2015-12-04 09:34 - 2015-12-04 09:34 - 00000000 ____D C:\Users\Tam\AppData\Local\{85077E3A-9A28-4042-A8AD-A852803F7116} 2015-11-30 23:57 - 2015-12-05 11:53 - 00000000 ____D C:\Users\Tam\Desktop\Cop 21-Programme 2015-11-27 13:40 - 2015-11-27 13:40 - 00000000 ____D C:\Users\Tam\AppData\Local\{97C58B6E-3239-43F7-B720-C965EFA83EC1} 2015-11-14 19:22 - 2015-11-14 19:22 - 00000000 ____D C:\Users\Tam\AppData\Local\{0205C6DD-7DDE-452C-98AE-ADD8CF20A2CD} 2015-11-12 15:17 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-12 14:41 - 2015-11-12 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-11-11 12:27 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-11 12:27 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-11 12:27 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-11 12:27 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-11 12:27 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-11 12:27 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-11 12:27 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-11 12:27 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-11 12:27 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-11 12:27 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-11 12:27 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-11 12:27 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-11 12:27 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-11 12:27 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-11 12:27 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-11 12:27 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-11 12:26 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-11 12:26 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-11 12:26 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-11 12:26 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-11 12:26 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-11 12:26 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-11 12:26 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-11 12:26 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-11 12:26 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-11 12:26 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-11 12:26 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-11 12:26 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-11 12:26 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-11 12:26 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-11 12:26 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-11 12:26 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-11 12:26 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-11 12:26 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-11 12:26 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-11 12:26 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-11 12:26 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-11 12:26 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-11 12:26 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-11 12:26 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-11 12:26 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-11 12:26 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-11 12:26 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-11 12:26 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-11 12:26 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-11 12:26 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-11 12:26 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-11 12:26 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-11 12:26 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-11 12:26 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-11 12:26 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-11 12:26 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-11 12:26 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-11 12:26 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-11 12:26 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-11 12:26 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-11 12:26 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-11 12:26 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-11 12:26 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-11 12:26 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-11 12:26 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-11 12:26 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-11 12:26 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-11 12:26 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-11 12:26 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-11 12:26 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-11 12:26 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-11 12:26 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-11 12:26 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-11 12:26 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-11 12:26 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-11 12:26 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-11 12:26 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-11 12:26 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-11 12:26 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-11 12:26 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-11 12:26 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-11 12:26 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-11 12:26 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-11 12:26 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-11 12:24 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-11 12:23 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-11 12:23 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-11 12:23 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-11 12:23 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-11 12:23 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-11 12:23 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-11 12:23 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-11 12:23 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-11 12:23 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-11 12:23 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-11 12:23 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-11 12:23 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-11 12:23 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-11 12:23 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-11 12:23 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-11 12:23 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-11 12:23 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-11 12:23 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-11 12:23 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-11 12:23 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-11 12:23 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-11 12:23 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-11 12:23 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-11 12:23 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-11 12:23 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-11 12:23 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-11 12:23 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-11 12:23 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-11 12:23 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-11 12:23 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-11 12:23 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-11 12:23 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-11 12:23 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-11 12:23 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-11 12:23 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-11 12:23 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-11 12:22 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll 2015-11-11 12:22 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll 2015-11-11 12:22 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe 2015-11-11 12:22 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll 2015-11-11 12:22 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll 2015-11-11 12:22 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2015-11-11 12:22 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe 2015-11-11 12:22 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-11 12:22 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-11 12:22 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-11 12:21 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-11 12:21 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-11 12:21 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-10 12:00 - 2013-12-26 16:47 - 00072479 _____ C:\Users\Tam\AppData\Local\Citavi Picker Internet Explorer Protocol.txt 2015-12-10 11:52 - 2015-11-04 08:46 - 00001208 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-12-10 11:51 - 2011-10-25 17:24 - 00000000 ____D C:\Users\Tam 2015-12-10 11:42 - 2009-07-14 05:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-10 11:42 - 2009-07-14 05:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-10 11:37 - 2013-03-07 16:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-10 09:38 - 2011-11-02 21:49 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 09:34 - 2012-05-12 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-10 09:31 - 2012-05-12 09:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-10 09:31 - 2012-05-12 09:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-10 09:15 - 2014-03-26 10:17 - 00000306 __RSH C:\ProgramData\ntuser.pol 2015-12-10 09:05 - 2011-11-24 19:50 - 00000000 ___RD C:\Users\Tam\Dropbox 2015-12-10 09:05 - 2011-11-24 19:47 - 00000000 ____D C:\Users\Tam\AppData\Roaming\Dropbox 2015-12-10 09:05 - 2011-10-25 17:31 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A4A2F9D1-3315-4A9F-ACCE-04F598F1F8D5} 2015-12-10 09:02 - 2015-11-04 08:46 - 00001204 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-12-10 09:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-09 16:05 - 2013-03-07 16:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-09 16:05 - 2013-03-07 16:48 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-09 16:05 - 2011-11-08 22:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-09 10:38 - 2012-03-08 11:32 - 00009318 _____ C:\test.xml 2015-12-09 10:38 - 2011-10-28 12:41 - 00000000 ____D C:\Users\Tam\AppData\Local\CrashDumps 2015-12-09 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-09 09:31 - 2012-06-26 11:07 - 00000000 ____D C:\Windows\cs 2015-12-08 11:24 - 2014-07-10 13:48 - 00000000 __SHD C:\Users\Tam\AppData\Local\EmieUserList 2015-12-08 11:24 - 2014-07-10 13:48 - 00000000 __SHD C:\Users\Tam\AppData\Local\EmieSiteList 2015-12-08 09:17 - 2013-12-24 16:20 - 00000000 ____D C:\Users\Tam\Documents\Citavi 4 2015-12-08 09:12 - 2015-11-07 13:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-08 09:12 - 2012-05-14 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-07 20:57 - 2011-11-24 10:46 - 00000000 ____D C:\Users\Tam\AppData\Roaming\Skype 2015-12-05 13:44 - 2012-08-16 09:03 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk 2015-12-05 13:44 - 2011-12-27 15:48 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk 2015-12-05 13:44 - 2011-12-11 22:27 - 00002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk 2015-12-05 13:44 - 2011-11-22 18:29 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk 2015-12-05 13:44 - 2011-10-25 17:25 - 00001965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited powered by Qriocity.lnk 2015-12-05 13:44 - 2011-08-24 02:24 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk 2015-12-05 13:44 - 2011-08-24 02:17 - 00002679 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Easy Connect.lnk 2015-12-05 13:44 - 2011-08-24 02:17 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk 2015-12-05 13:44 - 2011-08-24 02:12 - 00001189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Keyboard.lnk 2015-12-05 13:44 - 2011-08-24 01:56 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk 2015-12-05 13:44 - 2011-08-24 01:49 - 00001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk 2015-12-05 13:44 - 2011-08-24 01:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-12-05 13:44 - 2011-08-24 01:05 - 00001995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk 2015-12-05 13:44 - 2011-08-24 01:05 - 00001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk 2015-12-05 13:44 - 2011-08-24 00:30 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-12-05 13:44 - 2009-07-14 05:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-12-05 13:43 - 2014-09-09 18:34 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk 2015-12-05 13:43 - 2014-09-09 18:34 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk 2015-12-05 13:43 - 2013-05-18 22:24 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2015-12-05 13:43 - 2012-10-24 13:44 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk 2015-12-05 13:43 - 2011-10-25 17:26 - 00001425 _____ C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-05 13:43 - 2011-08-24 02:28 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Smart Network.lnk 2015-12-05 13:43 - 2011-08-24 02:27 - 00001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk 2015-12-05 13:43 - 2011-08-24 01:29 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-12-05 13:43 - 2011-08-24 01:29 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-12-05 13:43 - 2011-08-24 01:25 - 00001490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-12-05 13:43 - 2011-08-24 00:30 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-12-05 13:43 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-12-05 13:43 - 2009-07-14 05:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-05 13:43 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-12-05 13:43 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-12-05 13:43 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-12-05 13:43 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-12-05 13:42 - 2014-11-23 20:04 - 00001063 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk 2015-12-05 13:42 - 2013-12-25 13:41 - 00001202 _____ C:\Users\Tam\Desktop\Format Factory.lnk 2015-12-05 13:42 - 2013-12-24 16:17 - 00001949 _____ C:\Users\Public\Desktop\Citavi 4.lnk 2015-12-05 13:42 - 2012-08-16 09:03 - 00001126 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk 2015-12-05 13:42 - 2012-01-03 21:02 - 00001781 _____ C:\Users\Public\Desktop\f4.lnk 2015-12-05 13:42 - 2012-01-03 20:43 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-12-05 13:42 - 2011-11-24 19:50 - 00001218 _____ C:\Users\Tam\Desktop\Dropbox.lnk 2015-12-05 13:39 - 2011-08-24 01:13 - 00000000 ____D C:\Windows\PCHEALTH 2015-12-05 12:01 - 2015-05-21 07:36 - 00000000 ____D C:\Program Files\{38104C39-FBE7-4809-9CFB-8FF6E8631645} 2015-12-05 12:01 - 2015-05-21 07:36 - 00000000 ____D C:\Program Files (x86)\{26AEF786-1852-42A9-9476-32356CE62BEE} 2015-12-05 12:01 - 2012-11-19 22:59 - 00000000 ____D C:\Program Files (x86)\vGrabber-software 2015-12-04 09:44 - 2015-03-17 14:00 - 00000000 ____D C:\Users\Tam\Desktop\Sarsarale e.V 2015-12-03 15:23 - 2012-03-14 23:37 - 00000000 ____D C:\Users\Tam\Desktop\Tam-Ramsch 2015-12-02 00:07 - 2012-07-27 14:03 - 05351936 ___SH C:\Users\Tam\Desktop\Thumbs.db 2015-12-01 21:13 - 2013-10-19 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-12-01 21:12 - 2011-08-24 10:22 - 00699666 _____ C:\Windows\system32\perfh007.dat 2015-12-01 21:12 - 2011-08-24 10:22 - 00149774 _____ C:\Windows\system32\perfc007.dat 2015-12-01 21:12 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-01 21:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-01 15:53 - 2013-10-19 12:21 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-12-01 15:53 - 2013-10-19 12:21 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-12-01 15:53 - 2013-10-19 12:21 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-11-30 16:50 - 2015-01-23 09:33 - 00000000 ____D C:\Users\Tam\Desktop\EHESS 2015-11-23 19:41 - 2014-11-19 00:44 - 00000000 ____D C:\Users\Tam\Desktop\Auslandsaufenthalt 2015-11-22 20:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-22 13:29 - 2015-10-22 11:36 - 00000000 ____D C:\Users\Tam\Desktop\Visiter 2015-11-17 12:48 - 2009-07-14 05:45 - 00393872 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-12 14:42 - 2015-11-04 08:46 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-11-11 23:57 - 2011-02-11 00:03 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-11 23:51 - 2011-07-13 03:58 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-11 22:51 - 2014-08-15 12:57 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-11 18:46 - 2014-03-25 01:23 - 00000000 ____D C:\Users\Tam\Desktop\Neoness ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-11-11 18:17 - 2012-11-11 18:17 - 0065536 _____ () C:\Users\Tam\AppData\Roaming\hzewrx2i.default.dat 2013-12-26 16:47 - 2015-12-10 12:00 - 0072479 _____ () C:\Users\Tam\AppData\Local\Citavi Picker Internet Explorer Protocol.txt 2011-11-26 19:48 - 2011-11-26 19:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Einige Dateien in TEMP: ==================== C:\Users\Tam\AppData\Local\Temp\avgnt.exe C:\Users\Tam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoyi06k.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-30 21:43 ==================== Ende von FRST.txt ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-12-10 12:29:33 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000074 TOSHIBA_ rev.GT00 465,76GB Running: gmer.exe; Driver: C:\Users\Tam\AppData\Local\Temp\pwldipow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000077501401 2 bytes JMP 7521b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000077501419 2 bytes JMP 7521b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000077501431 2 bytes JMP 75298fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007750144a 2 bytes CALL 751f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000775014dd 2 bytes JMP 752988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes JMP 75298aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007750150d 2 bytes JMP 752987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes JMP 75298b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007750153d 2 bytes JMP 7520fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000077501555 2 bytes JMP 752168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007750156d 2 bytes JMP 75299089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000077501585 2 bytes JMP 75298bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007750159d 2 bytes JMP 7529877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000775015b5 2 bytes JMP 7520fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000775015cd 2 bytes JMP 7521b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes JMP 75298f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Dropbox\Client\Dropbox.exe[2664] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes JMP 75298713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes JMP 7521b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes JMP 7521b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes JMP 75298fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes CALL 751f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes JMP 752988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes JMP 75298aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes JMP 752987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes JMP 75298b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes JMP 7520fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes JMP 752168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes JMP 75299089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes JMP 75298bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes JMP 7529877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes JMP 7520fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes JMP 7521b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes JMP 75298f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2868] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes JMP 75298713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077501401 2 bytes JMP 7521b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077501419 2 bytes JMP 7521b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077501431 2 bytes JMP 75298fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007750144a 2 bytes CALL 751f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000775014dd 2 bytes JMP 752988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes JMP 75298aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007750150d 2 bytes JMP 752987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes JMP 75298b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007750153d 2 bytes JMP 7520fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077501555 2 bytes JMP 752168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007750156d 2 bytes JMP 75299089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077501585 2 bytes JMP 75298bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007750159d 2 bytes JMP 7529877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000775015b5 2 bytes JMP 7520fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000775015cd 2 bytes JMP 7521b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes JMP 75298f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[2964] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes JMP 75298713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes JMP 7521b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes JMP 7521b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes JMP 75298fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes CALL 751f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes JMP 752988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes JMP 75298aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes JMP 752987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes JMP 75298b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes JMP 7520fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes JMP 752168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes JMP 75299089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes JMP 75298bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes JMP 7529877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes JMP 7520fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes JMP 7521b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes JMP 75298f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2124] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes JMP 75298713 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2124] entry point in ".rdata" section 0000000071d571e6 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes JMP 7521b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes JMP 7521b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes JMP 75298fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes CALL 751f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes JMP 752988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes JMP 75298aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes JMP 752987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes JMP 75298b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes JMP 7520fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes JMP 752168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes JMP 75299089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes JMP 75298bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes JMP 7529877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes JMP 7520fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes JMP 7521b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes JMP 75298f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes JMP 75298713 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077501401 2 bytes JMP 7521b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077501419 2 bytes JMP 7521b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077501431 2 bytes JMP 75298fd1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007750144a 2 bytes CALL 751f489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000775014dd 2 bytes JMP 752988c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000775014f5 2 bytes JMP 75298aa0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007750150d 2 bytes JMP 752987ba C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077501525 2 bytes JMP 75298b8a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007750153d 2 bytes JMP 7520fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077501555 2 bytes JMP 752168ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007750156d 2 bytes JMP 75299089 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077501585 2 bytes JMP 75298bea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007750159d 2 bytes JMP 7529877e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000775015b5 2 bytes JMP 7520fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000775015cd 2 bytes JMP 7521b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000775016b2 2 bytes JMP 75298f4c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000775016bd 2 bytes JMP 75298713 C:\Windows\syswow64\kernel32.dll ---- Processes - GMER 2.1 ---- Library c:\users\tam\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoyi06k.dll (*** suspicious ***) @ C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [2664](2015-12-10 08:02:46) 0000000069a00000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ????????Dropbox-Update-Service (dbupdatem)??????? 0?????????????????USB-Massenspeicherger?t?x\???????????????????????????????????-?????????????????????????????????????????????????????????????????????????????????????????r????????????3???????????6???????????5???????????????nettun.inf??????? \??????_??????ee??? ???????????????? ????,?????? ???u?????????????????????????????????? ???????1?????????????,??N?????$???<???????????????????????????????????? ????????????????????????????4???B8????????????????USB\VID_03F0&PID_AC11\CN28E2JGMF05QX?0??????????????????????\\?\USB#VID_03F0&PID_AC11#CN28E2JGMF05QX#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????????????????????????????????????????????????\\?\ROOT#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{0CB6D1F4-8AB0-4FBA-B88F-52417394C5BD}??????????????n??????????4a??172.16.5.58?????????????????????????\??\USB#VID_03F0&PID_AC11#CN28E2JGMF05QX#{a5dcbf10-6530-11d2-901f-00c04fb951ed}?????????????????????????? (?????????????????????????????????LocalSystem?????? ???????/????? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015830cbfeb Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78cc91e4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78cc91e4@c8844712578e 0x7F 0x72 0x05 0x6B ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015830cbfeb (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78cc91e4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78cc91e4@c8844712578e 0x7F 0x72 0x05 0x6B ... ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 09.12.2015 Suchlaufzeit: 06:16 Protokolldatei: mbam suchlaufprotokoll 9.12.2015.txt Administrator: Ja Version: 2.2.0.1024 Malware-Datenbank: v2015.12.09.01 Rootkit-Datenbank: v2015.12.07.01 Lizenz: Testversion Malware-Schutz: Aktiviert Schutz vor bösartigen Websites: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Tam Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 357901 Abgelaufene Zeit: 2 Std., 55 Min., 46 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 3 PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\APPID\DPBHO.DLL, In Quarantäne, [8322e9b988036bcb4b811edf57ac57a9], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\DPBHO.DLL, In Quarantäne, [693c3a68bdce4aec21ab50ada85b768a], PUP.Optional.DownloadProtect, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DPBHO.DLL, In Quarantäne, [861fe9b9b2d9a195efdddf1ee12205fb], Registrierungswerte: 1 PUP.Optional.DownloadProtectExtension, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{B4FBC71B-9DB1-44D6-A7DE-5E21F9E94EF6}, C:\Windows\Installer\{42F14BD7-A8B8-4C89-AFD5-7328BDC635C1}\{B4FBC71B-9DB1-44D6-A7DE-5E21F9E94EF6}.xpi, In Quarantäne, [04a1247ec0cba49273430a811be8dc24] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 4 PUP.Optional.DownloadProtect, C:\Windows\Installer\{0EA74D10-7346-45A9-BBED-873EA2D2C262}, In Quarantäne, [0b9a9b07632884b27a28bdcec93af709], PUP.Optional.DownloadProtect, C:\Windows\Installer\{27448042-A057-469F-B21A-D585D0F4A340}, In Quarantäne, [0c99adf572193afcc9d9ff8c659ec53b], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{1CE23C4B-E2F7-4B83-93D7-ED4BEFDC1BF8}, In Quarantäne, [bce97b27dab143f3d008c7dd4fb5d729], PUP.Optional.DownloadProtect, C:\Program Files\{FA5BD55B-39F3-456E-94D3-52869F5F35DC}, In Quarantäne, [d7ceb2f0f497072f5682465e10f42ad6], Dateien: 8 PUP.Optional.DownloadProtect, C:\Windows\Installer\{0EA74D10-7346-45A9-BBED-873EA2D2C262}\cjlopapilpegdpgceaifbbblfhbafbbdprx, In Quarantäne, [0b9a9b07632884b27a28bdcec93af709], PUP.Optional.DownloadProtect, C:\Windows\Installer\{0EA74D10-7346-45A9-BBED-873EA2D2C262}\xjlopapilpegdpgceaifbbblfhbafbbdpml, In Quarantäne, [0b9a9b07632884b27a28bdcec93af709], PUP.Optional.DownloadProtect, C:\Windows\Installer\{27448042-A057-469F-B21A-D585D0F4A340}\cifdkhfnifanihpjlbklabnieemgipibbrx, In Quarantäne, [0c99adf572193afcc9d9ff8c659ec53b], PUP.Optional.DownloadProtect, C:\Windows\Installer\{27448042-A057-469F-B21A-D585D0F4A340}\xifdkhfnifanihpjlbklabnieemgipibbml, In Quarantäne, [0c99adf572193afcc9d9ff8c659ec53b], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{1CE23C4B-E2F7-4B83-93D7-ED4BEFDC1BF8}\config.json, In Quarantäne, [bce97b27dab143f3d008c7dd4fb5d729], PUP.Optional.DownloadProtect, C:\Program Files (x86)\{1CE23C4B-E2F7-4B83-93D7-ED4BEFDC1BF8}\def.bin, In Quarantäne, [bce97b27dab143f3d008c7dd4fb5d729], PUP.Optional.DownloadProtect, C:\Program Files\{FA5BD55B-39F3-456E-94D3-52869F5F35DC}\config.json, In Quarantäne, [d7ceb2f0f497072f5682465e10f42ad6], PUP.Optional.DownloadProtect, C:\Program Files\{FA5BD55B-39F3-456E-94D3-52869F5F35DC}\def.bin, In Quarantäne, [d7ceb2f0f497072f5682465e10f42ad6], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:52 on 10/12/2015 (Tam)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
10.12.2015, 21:24
| #3 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
11.12.2015, 09:59
| #4 |
| | Log TDSS Killer GUten MOrgen, vielen Dank für die Schnelle Antwort! Hier das Log: Code:
ATTFilter 09:51:51.0248 0x0714 TDSS rootkit removing tool 3.1.0.8 Dec 5 2015 01:19:03
09:51:56.0115 0x0714 ============================================================
09:51:56.0115 0x0714 Current date / time: 2015/12/11 09:51:56.0115
09:51:56.0115 0x0714 SystemInfo:
09:51:56.0115 0x0714
09:51:56.0115 0x0714 OS Version: 6.1.7601 ServicePack: 1.0
09:51:56.0115 0x0714 Product type: Workstation
09:51:56.0115 0x0714 ComputerName: TAM-VAIO
09:51:56.0115 0x0714 UserName: Tam
09:51:56.0115 0x0714 Windows directory: C:\Windows
09:51:56.0115 0x0714 System windows directory: C:\Windows
09:51:56.0115 0x0714 Running under WOW64
09:51:56.0115 0x0714 Processor architecture: Intel x64
09:51:56.0115 0x0714 Number of processors: 2
09:51:56.0115 0x0714 Page size: 0x1000
09:51:56.0115 0x0714 Boot type: Normal boot
09:51:56.0115 0x0714 ============================================================
09:52:02.0230 0x0714 KLMD registered as C:\Windows\system32\drivers\36089136.sys
09:52:03.0322 0x0714 System UUID: {A9D9C761-086A-F11B-5DC2-D171BF3508FC}
09:52:05.0272 0x0714 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:52:05.0303 0x0714 Drive \Device\Harddisk1\DR1 - Size: 0xE9200000 ( 3.64 Gb ), SectorSize: 0x200, Cylinders: 0x1DB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:52:05.0303 0x0714 ============================================================
09:52:05.0303 0x0714 \Device\Harddisk0\DR0:
09:52:05.0303 0x0714 MBR partitions:
09:52:05.0303 0x0714 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BF6000, BlocksNum 0x32000
09:52:05.0303 0x0714 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C28000, BlocksNum 0x3875D830
09:52:05.0303 0x0714 \Device\Harddisk1\DR1:
09:52:05.0303 0x0714 MBR partitions:
09:52:05.0303 0x0714 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x318, BlocksNum 0x748CE8
09:52:05.0303 0x0714 ============================================================
09:52:05.0397 0x0714 C: <-> \Device\Harddisk0\DR0\Partition2
09:52:05.0397 0x0714 ============================================================
09:52:05.0397 0x0714 Initialize success
09:52:05.0397 0x0714 ============================================================
09:52:38.0875 0x1bd4 ============================================================
09:52:38.0875 0x1bd4 Scan started
09:52:38.0875 0x1bd4 Mode: Manual; SigCheck; TDLFS;
09:52:38.0875 0x1bd4 ============================================================
09:52:38.0875 0x1bd4 KSN ping started
09:52:43.0445 0x1bd4 KSN ping finished: true
09:52:46.0955 0x1bd4 ================ Scan system memory ========================
09:52:46.0955 0x1bd4 System memory - ok
09:52:46.0955 0x1bd4 ================ Scan services =============================
09:52:47.0377 0x1bd4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:52:48.0734 0x1bd4 1394ohci - ok
09:52:48.0874 0x1bd4 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:52:49.0093 0x1bd4 ACDaemon - ok
09:52:49.0139 0x1bd4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:52:49.0186 0x1bd4 ACPI - ok
09:52:49.0217 0x1bd4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:52:49.0592 0x1bd4 AcpiPmi - ok
09:52:49.0654 0x1bd4 [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
09:52:49.0701 0x1bd4 acsock - ok
09:52:49.0826 0x1bd4 [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:52:49.0966 0x1bd4 AdobeARMservice - ok
09:52:50.0122 0x1bd4 [ F54564025D2284AE498E51D7C139F971, AAA48F38B81DB894854E8C84DB2E1F5C8447AA982D27C0BB78FF2786D9F80F83 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:52:50.0216 0x1bd4 AdobeFlashPlayerUpdateSvc - ok
09:52:50.0278 0x1bd4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:52:50.0356 0x1bd4 adp94xx - ok
09:52:50.0403 0x1bd4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:52:50.0528 0x1bd4 adpahci - ok
09:52:50.0621 0x1bd4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:52:50.0653 0x1bd4 adpu320 - ok
09:52:50.0699 0x1bd4 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:52:50.0824 0x1bd4 AeLookupSvc - ok
09:52:50.0902 0x1bd4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
09:52:51.0058 0x1bd4 AFD - ok
09:52:51.0105 0x1bd4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:52:51.0121 0x1bd4 agp440 - ok
09:52:51.0167 0x1bd4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:52:51.0339 0x1bd4 ALG - ok
09:52:51.0386 0x1bd4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:52:51.0417 0x1bd4 aliide - ok
09:52:51.0495 0x1bd4 [ 514089CB4A7DF38DC4DD936ADE4114D3, 22941C8FE50C5BEFDDCF4C5A0AB7633DD692D432145738752EA446042B89CFA9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:52:51.0620 0x1bd4 AMD External Events Utility - ok
09:52:51.0698 0x1bd4 AMD FUEL Service - ok
09:52:51.0760 0x1bd4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:52:51.0776 0x1bd4 amdide - ok
09:52:51.0823 0x1bd4 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
09:52:51.0916 0x1bd4 amdiox64 - ok
09:52:51.0963 0x1bd4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:52:52.0462 0x1bd4 AmdK8 - ok
09:52:53.0102 0x1bd4 [ 9A4B92150A5E259A7159D914CC3A60D7, 86347094D75B2530B24F00B3ACF9D1F8C330938472D67AC38462742E98762484 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:52:53.0741 0x1bd4 amdkmdag - ok
09:52:53.0866 0x1bd4 [ 9DEB889D152F9C9DBA98BE8986084535, 0125ACA28B1043748DBF555D1935E271A398ACEB07E5C79932E7DC0D1A7028A1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:52:53.0975 0x1bd4 amdkmdap - ok
09:52:54.0085 0x1bd4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:52:54.0225 0x1bd4 AmdPPM - ok
09:52:54.0256 0x1bd4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:52:54.0334 0x1bd4 amdsata - ok
09:52:54.0365 0x1bd4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:52:54.0490 0x1bd4 amdsbs - ok
09:52:54.0553 0x1bd4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:52:54.0599 0x1bd4 amdxata - ok
09:52:54.0646 0x1bd4 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7, B8953CC6B833E76F1483EFDB0198F14FA43E530D1A9FEA33260FD2EDB811B230 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
09:52:54.0724 0x1bd4 amd_sata - ok
09:52:54.0771 0x1bd4 [ 23726116B4FBCC84FC45B95157C08F5F, BCF1762FFB36D3846628917DC86CF26A83BDFE7D3DE54F8D6B1B1D3AC3E73F02 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
09:52:54.0865 0x1bd4 amd_xata - ok
09:52:55.0099 0x1bd4 [ 81E02299B534F61E104C1235519C37B3, B389458C13A0E0717365B7CE371A6B768EB2F98C4CDBAA6DCBBBDE3A2B1D8B14 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
09:52:55.0255 0x1bd4 AntiVirMailService - ok
09:52:55.0379 0x1bd4 [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
09:52:55.0489 0x1bd4 AntiVirSchedulerService - ok
09:52:55.0567 0x1bd4 [ 3CBE5047BB08BD363420D68364F9E829, 7A6C59E9B98C1A50CB5FB895050127C5A433BA825D3832FC6DDA2A41AE986543 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
09:52:55.0723 0x1bd4 AntiVirService - ok
09:52:55.0863 0x1bd4 [ B667AB46FA82FC246F9069D81BB1065C, CC3ADE01E745B6A4F425E41C5C380BF0D06121B3823BDF0A8DF2973DA59F86EA ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
09:52:56.0113 0x1bd4 AntiVirWebService - ok
09:52:56.0159 0x1bd4 [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID C:\Windows\system32\drivers\appid.sys
09:52:56.0284 0x1bd4 AppID - ok
09:52:56.0300 0x1bd4 [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:52:56.0393 0x1bd4 AppIDSvc - ok
09:52:56.0471 0x1bd4 [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo C:\Windows\System32\appinfo.dll
09:52:56.0612 0x1bd4 Appinfo - ok
09:52:56.0674 0x1bd4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
09:52:56.0752 0x1bd4 arc - ok
09:52:56.0783 0x1bd4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:52:56.0830 0x1bd4 arcsas - ok
09:52:56.0861 0x1bd4 [ C130BC4A51B1382B2BE8E44579EC4C0A, CC1FD33ED7CAD87A504D8678F8482CAECACD18C727BB97FFB86F39255563EEF2 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:52:56.0971 0x1bd4 ArcSoftKsUFilter - ok
09:52:57.0095 0x1bd4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:52:57.0127 0x1bd4 aspnet_state - ok
09:52:57.0142 0x1bd4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:52:57.0563 0x1bd4 AsyncMac - ok
09:52:57.0641 0x1bd4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:52:57.0673 0x1bd4 atapi - ok
09:52:57.0751 0x1bd4 [ 50F257E19554421B6891E3F998EDCA90, 32D368632B714864D77C700B1115F4404EAA72C5F734BF6A2B96F48C3935A5D9 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
09:52:57.0844 0x1bd4 AthBTPort - ok
09:52:57.0953 0x1bd4 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF, 99AD83993D724538687F084318404DBF314C2249AB593AF9DD3783B0AB6B3B25 ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
09:52:58.0109 0x1bd4 Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic ( 1 )
09:53:01.0027 0x1bd4 Detect skipped due to KSN trusted
09:53:01.0027 0x1bd4 Atheros Bt&Wlan Coex Agent - ok
09:53:01.0073 0x1bd4 [ EBC3119394C9074A9CD87578A435050D, 4AE141D02DDE33574CC899BBEDCCC311867FB98CEDBB3E556409B018F8F795E5 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
09:53:01.0120 0x1bd4 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:53:04.0724 0x1bb0 Object required for P2P: [ 81E02299B534F61E104C1235519C37B3 ] AntiVirMailService
09:53:04.0755 0x1bd4 Detect skipped due to KSN trusted
09:53:04.0755 0x1bd4 AtherosSvc - ok
09:53:05.0020 0x1bd4 [ E8E1AE3CAA4C7286D40715336D8A11D4, 5269BB1C8E69787618F75AA5EC64F7B8298B9DB70A88FFB0C2C9411401BD9FFB ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:53:05.0363 0x1bd4 athr - ok
09:53:05.0457 0x1bd4 [ CBD14F698DEF12EE3557604B726CB8EB, 45EDD88B18F2DE9024851BFDE9DC0CA943692DD306CB3A0822F4A5C0C3D7CDD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:53:05.0488 0x1bd4 AtiHDAudioService - ok
09:53:05.0644 0x1bd4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:53:06.0268 0x1bd4 AudioEndpointBuilder - ok
09:53:06.0346 0x1bd4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:53:06.0487 0x1bd4 AudioSrv - ok
09:53:06.0549 0x1bd4 [ 29E019B4607E410BFE4DB778C3300BC5, 32D1A5A5836152BAAA168B4A06AC6F52DBC19150D339B5F87E8E3A1E1EE580C3 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
09:53:06.0658 0x1bd4 avgntflt - ok
09:53:06.0705 0x1bd4 [ 1AD2C8F543F261F0AB90AD80767AB21D, 364DA0D0B8A91688CE39FEDF68EB93260819849097444F6A10A3F95CC32F9EA5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
09:53:06.0736 0x1bd4 avipbb - ok
09:53:06.0877 0x1bd4 [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
09:53:07.0001 0x1bd4 Avira.ServiceHost - ok
09:53:07.0064 0x1bd4 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
09:53:07.0282 0x1bd4 avkmgr - ok
09:53:07.0345 0x1bd4 [ 99672CCD11058D6E2F627473B773F971, 4EF2BCDA4678F9ECE499F216AC0F8105F37D2AB0320064741A8DFB5C39E5048C ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
09:53:07.0454 0x1bd4 avnetflt - ok
09:53:07.0516 0x1bd4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:53:07.0641 0x1bb0 Object send P2P result: true
09:53:07.0641 0x1bb0 Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirSchedulerService
09:53:07.0688 0x1bd4 AxInstSV - ok
09:53:07.0781 0x1bd4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:53:07.0953 0x1bd4 b06bdrv - ok
09:53:08.0015 0x1bd4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:53:08.0062 0x1bd4 b57nd60a - ok
09:53:08.0187 0x1bd4 [ 01A24B415926BB5F772DBE12459D97DE, 1FA2EEF283025D788051E6145DAEF26CB481F87F641156FC4D89B8DEE4B244A5 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:53:08.0234 0x1bd4 BBSvc - ok
09:53:08.0327 0x1bd4 [ 785DE7ABDA13309D6065305542829E76, 78F49A5349B66042836615EF99B4EB70FA708369D315D105513C04F33070D297 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:53:08.0359 0x1bd4 BBUpdate - ok
09:53:08.0390 0x1bd4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:53:08.0483 0x1bd4 BDESVC - ok
09:53:08.0546 0x1bd4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:53:08.0639 0x1bd4 Beep - ok
09:53:08.0764 0x1bd4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:53:08.0936 0x1bd4 BFE - ok
09:53:09.0045 0x1bd4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
09:53:09.0513 0x1bd4 BITS - ok
09:53:09.0575 0x1bd4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:53:09.0934 0x1bd4 blbdrive - ok
09:53:09.0965 0x1bd4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:53:10.0075 0x1bd4 bowser - ok
09:53:10.0106 0x1bd4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:53:10.0137 0x1bd4 BrFiltLo - ok
09:53:10.0184 0x1bd4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:53:10.0277 0x1bd4 BrFiltUp - ok
09:53:10.0324 0x1bd4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:53:10.0418 0x1bd4 Browser - ok
09:53:10.0480 0x1bd4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:53:10.0621 0x1bd4 Brserid - ok
09:53:10.0621 0x1bb0 Object send P2P result: true
09:53:10.0621 0x1bb0 Object required for P2P: [ 3CBE5047BB08BD363420D68364F9E829 ] AntiVirService
09:53:10.0667 0x1bd4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:53:10.0839 0x1bd4 BrSerWdm - ok
09:53:10.0870 0x1bd4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:53:10.0933 0x1bd4 BrUsbMdm - ok
09:53:10.0948 0x1bd4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:53:11.0011 0x1bd4 BrUsbSer - ok
09:53:11.0135 0x1bd4 [ B3BCD755FA9A359D10208CC9F09847CC, 8DE11815A2C76051DFF0F68BC8CF38CADD7BCA3A75EED4CC03B38DEB9F658296 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
09:53:11.0323 0x1bd4 BTATH_A2DP - ok
09:53:11.0369 0x1bd4 [ 9BBBA9D6DBDEFC8A6542BC7A6EBAF710, EE6932310F97F9DC07F8EC66B3939BA73FF8B7C7B9D84CE9852C85B770681A60 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
09:53:11.0447 0x1bd4 btath_avdt - ok
09:53:11.0494 0x1bd4 [ D838DD1BCB328EFCFAD7A52DE9E3CAFD, A364C50240069D7606119E4FD3BC839F307947F680295C3A68AE1CE42B9A6108 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
09:53:11.0619 0x1bd4 BTATH_BUS - ok
09:53:11.0666 0x1bd4 [ A441B800E04CF8443FAF519207563ABB, AAA865453E000B38D4DCCB435731F3843394FFA224F577B88DBBB31256F1BC39 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
09:53:11.0775 0x1bd4 BTATH_HCRP - ok
09:53:11.0837 0x1bd4 [ B16F8429A35BBA2A8EF9DB2E08675B97, B38952519A8AC2E0A211F685CB4AC453AA2885AA0DA39DBF92CE61FE649BC309 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
09:53:11.0993 0x1bd4 BTATH_LWFLT - ok
09:53:12.0103 0x1bd4 [ C24231C6BDFE21735930084A22089AAB, DF5104AC26A8D3E1C204D479F32204FE66B225DBA7EFDAC7149A02D0B5CEB714 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
09:53:12.0368 0x1bd4 BTATH_RCP - ok
09:53:12.0430 0x1bd4 [ 3632FA4C6B3CE9EC827690DEAC266D8C, 46D34968DA1BE0D793518506D4FCA094C3F15ACF530DB3660C7CD6ECCBF3C1BD ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
09:53:12.0555 0x1bd4 BtFilter - ok
09:53:12.0633 0x1bd4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
09:53:13.0023 0x1bd4 BthEnum - ok
09:53:13.0070 0x1bd4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:53:13.0117 0x1bd4 BTHMODEM - ok
09:53:13.0179 0x1bd4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:53:13.0273 0x1bd4 BthPan - ok
09:53:13.0382 0x1bd4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
09:53:13.0538 0x1bd4 BTHPORT - ok
09:53:13.0600 0x1bd4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:53:13.0616 0x1bb0 Object send P2P result: true
09:53:13.0881 0x1bd4 bthserv - ok
09:53:13.0959 0x1bd4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
09:53:14.0037 0x1bd4 BTHUSB - ok
09:53:14.0115 0x1bd4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:53:14.0209 0x1bd4 cdfs - ok
09:53:14.0255 0x1bd4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:53:14.0349 0x1bd4 cdrom - ok
09:53:14.0396 0x1bd4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:53:14.0552 0x1bd4 CertPropSvc - ok
09:53:14.0583 0x1bd4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
09:53:14.0645 0x1bd4 circlass - ok
09:53:14.0723 0x1bd4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
09:53:14.0755 0x1bd4 CLFS - ok
09:53:14.0848 0x1bd4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:53:14.0879 0x1bd4 clr_optimization_v2.0.50727_32 - ok
09:53:15.0067 0x1bd4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:53:15.0098 0x1bd4 clr_optimization_v2.0.50727_64 - ok
09:53:15.0347 0x1bd4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:53:15.0394 0x1bd4 clr_optimization_v4.0.30319_32 - ok
09:53:15.0488 0x1bd4 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:53:15.0519 0x1bd4 clr_optimization_v4.0.30319_64 - ok
09:53:15.0535 0x1bd4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:53:15.0956 0x1bd4 CmBatt - ok
09:53:15.0971 0x1bd4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:53:16.0003 0x1bd4 cmdide - ok
09:53:16.0065 0x1bd4 [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG C:\Windows\system32\Drivers\cng.sys
09:53:16.0127 0x1bd4 CNG - ok
09:53:16.0252 0x1bd4 [ 1F394DF3714ED4280047810790E6DF69, 92AD804E0F0559BF76EA8DAE038B4CDE4EBB4C4BD7A53913B714BF936B03B85E ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
09:53:16.0377 0x1bd4 CnxtHdAudService - ok
09:53:16.0408 0x1bd4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:53:16.0439 0x1bd4 Compbatt - ok
09:53:16.0471 0x1bd4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:53:17.0048 0x1bd4 CompositeBus - ok
09:53:17.0141 0x1bd4 COMSysApp - ok
09:53:17.0360 0x1bd4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:53:17.0453 0x1bd4 crcdisk - ok
09:53:17.0609 0x1bd4 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:53:17.0781 0x1bd4 CryptSvc - ok
09:53:17.0875 0x1bd4 dbupdate - ok
09:53:17.0906 0x1bd4 dbupdatem - ok
09:53:18.0031 0x1bd4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:53:18.0187 0x1bd4 DcomLaunch - ok
09:53:18.0311 0x1bd4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:53:18.0421 0x1bd4 defragsvc - ok
09:53:18.0483 0x1bd4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:53:18.0592 0x1bd4 DfsC - ok
09:53:18.0701 0x1bd4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:53:18.0779 0x1bd4 Dhcp - ok
09:53:19.0107 0x1bd4 [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack C:\Windows\system32\diagtrack.dll
09:53:19.0247 0x1bd4 DiagTrack - ok
09:53:19.0294 0x1bd4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:53:19.0419 0x1bd4 discache - ok
09:53:19.0497 0x1bd4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
09:53:19.0528 0x1bd4 Disk - ok
09:53:19.0622 0x1bd4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:53:19.0700 0x1bd4 Dnscache - ok
09:53:19.0809 0x1bd4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:53:19.0903 0x1bd4 dot3svc - ok
09:53:19.0981 0x1bd4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:53:20.0480 0x1bd4 DPS - ok
09:53:20.0620 0x1bd4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:53:20.0745 0x1bd4 drmkaud - ok
09:53:20.0839 0x1bd4 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:53:20.0885 0x1bd4 dtsoftbus01 - ok
09:53:21.0026 0x1bd4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:53:21.0182 0x1bd4 DXGKrnl - ok
09:53:21.0260 0x1bd4 [ 50AD8FC1DC800FF36087994C8F7FDFF2, E3DA8DCE76599E0E1F0D80AA1483D6BECFE0F7242147D986A6AF3A4362FC2C80 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
09:53:21.0369 0x1bd4 e1yexpress - ok
09:53:21.0416 0x1bd4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:53:21.0509 0x1bd4 EapHost - ok
09:53:21.0743 0x1bd4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:53:22.0352 0x1bd4 ebdrv - ok
09:53:22.0399 0x1bd4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS C:\Windows\System32\lsass.exe
09:53:22.0445 0x1bd4 EFS - ok
09:53:22.0539 0x1bd4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:53:22.0789 0x1bd4 ehRecvr - ok
09:53:22.0804 0x1bd4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:53:22.0898 0x1bd4 ehSched - ok
09:53:23.0069 0x1bd4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:53:23.0132 0x1bd4 elxstor - ok
09:53:23.0335 0x1bd4 [ 7DB097F4F6786307168C0DDDEC43A565, 963C0D3D88FB4BF9C2FBCB296B03603E2F8AA8B4E8976162842863B7538C1A9F ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
09:53:23.0397 0x1bd4 EPSON_EB_RPCV4_04 - detected UnsignedFile.Multi.Generic ( 1 )
09:53:27.0609 0x1bd4 Detect skipped due to KSN trusted
09:53:27.0609 0x1bd4 EPSON_EB_RPCV4_04 - ok
09:53:27.0687 0x1bd4 [ 258AA65A0862E19B7DE6981FDA3758AD, C090F19BEDC2CFB0B5265BCE48BD52102E06CBC15EEFE4CDB747D44F2E42D545 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
09:53:27.0749 0x1bd4 EPSON_PM_RPCV4_04 - detected UnsignedFile.Multi.Generic ( 1 )
09:53:30.0885 0x0118 Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
09:53:30.0994 0x1bd4 Detect skipped due to KSN trusted
09:53:30.0994 0x1bd4 EPSON_PM_RPCV4_04 - ok
09:53:31.0025 0x1bd4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:53:31.0072 0x1bd4 ErrDev - ok
09:53:31.0244 0x1bd4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:53:31.0384 0x1bd4 EventSystem - ok
09:53:31.0478 0x1bd4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:53:31.0571 0x1bd4 exfat - ok
09:53:31.0618 0x1bd4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:53:31.0759 0x1bd4 fastfat - ok
09:53:31.0915 0x1bd4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:53:32.0024 0x1bd4 Fax - ok
09:53:32.0071 0x1bd4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
09:53:32.0289 0x1bd4 fdc - ok
09:53:32.0336 0x1bd4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:53:32.0476 0x1bd4 fdPHost - ok
09:53:32.0507 0x1bd4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:53:32.0663 0x1bd4 FDResPub - ok
09:53:32.0695 0x1bd4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:53:32.0819 0x1bd4 FileInfo - ok
09:53:32.0835 0x1bd4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:53:32.0960 0x1bd4 Filetrace - ok
09:53:33.0053 0x1bd4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:53:33.0116 0x1bd4 flpydisk - ok
09:53:33.0163 0x1bd4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:53:33.0194 0x1bd4 FltMgr - ok
09:53:33.0381 0x1bd4 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
09:53:33.0615 0x1bd4 FontCache - ok
09:53:33.0693 0x1bd4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:53:33.0771 0x1bd4 FontCache3.0.0.0 - ok
09:53:33.0802 0x1bd4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:53:33.0833 0x1bd4 FsDepends - ok
09:53:33.0865 0x0118 Object send P2P result: true
09:53:33.0896 0x1bd4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:53:34.0021 0x1bd4 Fs_Rec - ok
09:53:34.0052 0x1bd4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:53:34.0114 0x1bd4 fvevol - ok
09:53:34.0145 0x1bd4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:53:34.0255 0x1bd4 gagp30kx - ok
09:53:34.0348 0x1bd4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:53:34.0535 0x1bd4 gpsvc - ok
09:53:34.0567 0x1bd4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:53:34.0707 0x1bd4 hcw85cir - ok
09:53:34.0754 0x1bd4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:53:34.0863 0x1bd4 HdAudAddService - ok
09:53:34.0894 0x1bd4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:53:35.0003 0x1bd4 HDAudBus - ok
09:53:35.0019 0x1bd4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:53:35.0050 0x1bd4 HidBatt - ok
09:53:35.0128 0x1bd4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:53:35.0206 0x1bd4 HidBth - ok
09:53:35.0222 0x1bd4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
09:53:35.0315 0x1bd4 HidIr - ok
09:53:35.0347 0x1bd4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
09:53:35.0534 0x1bd4 hidserv - ok
09:53:35.0627 0x1bd4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:53:35.0737 0x1bd4 HidUsb - ok
09:53:35.0768 0x1bd4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:53:35.0939 0x1bd4 hkmsvc - ok
09:53:35.0986 0x1bd4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:53:36.0189 0x1bd4 HomeGroupListener - ok
09:53:36.0361 0x1bd4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:53:36.0454 0x1bd4 HomeGroupProvider - ok
09:53:36.0485 0x1bd4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:53:36.0532 0x1bd4 HpSAMD - ok
09:53:36.0641 0x1bd4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:53:36.0766 0x1bd4 HTTP - ok
09:53:36.0797 0x1bd4 hwdatacard - ok
09:53:36.0829 0x1bd4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:53:36.0922 0x1bd4 hwpolicy - ok
09:53:36.0953 0x1bd4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:53:37.0016 0x1bd4 i8042prt - ok
09:53:37.0064 0x1bd4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:53:37.0173 0x1bd4 iaStorV - ok
09:53:37.0391 0x1bd4 [ 3A0FF117B4ADC5ABE4D968E26A337158, 95F4EB09158DD9B4927F71F83BE3A10DDD99C131C28D9683A7CCBB8C30769AB8 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:53:37.0641 0x1bd4 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
09:53:40.0464 0x1bd4 Detect skipped due to KSN trusted
09:53:40.0464 0x1bd4 IconMan_R - ok
09:53:40.0636 0x1bd4 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:53:40.0698 0x1bd4 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
09:53:43.0694 0x1bd4 Detect skipped due to KSN trusted
09:53:43.0694 0x1bd4 IDriverT - ok
09:53:43.0818 0x1bd4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:53:43.0990 0x1bd4 idsvc - ok
09:53:44.0021 0x1bd4 IEEtwCollectorService - ok
09:53:44.0052 0x1bd4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:53:44.0099 0x1bd4 iirsp - ok
09:53:44.0208 0x1bd4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
09:53:44.0333 0x1bd4 IKEEXT - ok
09:53:44.0380 0x1bd4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:53:44.0411 0x1bd4 intelide - ok
09:53:44.0442 0x1bd4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:53:44.0536 0x1bd4 intelppm - ok
09:53:44.0583 0x1bd4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:53:44.0801 0x1bd4 IPBusEnum - ok
09:53:44.0832 0x1bd4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:53:45.0004 0x1bd4 IpFilterDriver - ok
09:53:45.0082 0x1bd4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:53:45.0222 0x1bd4 iphlpsvc - ok
09:53:45.0285 0x1bd4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:53:45.0332 0x1bd4 IPMIDRV - ok
09:53:45.0378 0x1bd4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:53:45.0472 0x1bd4 IPNAT - ok
09:53:45.0503 0x1bd4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:53:45.0597 0x1bd4 IRENUM - ok
09:53:45.0628 0x1bd4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:53:45.0737 0x1bd4 isapnp - ok
09:53:45.0800 0x1bd4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:53:45.0893 0x1bd4 iScsiPrt - ok
09:53:45.0924 0x1bd4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:53:45.0971 0x1bd4 kbdclass - ok
09:53:46.0018 0x1bd4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:53:46.0158 0x1bd4 kbdhid - ok
09:53:46.0190 0x1bd4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso C:\Windows\system32\lsass.exe
09:53:46.0268 0x1bd4 KeyIso - ok
09:53:46.0299 0x1bd4 [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:53:46.0377 0x1bd4 KSecDD - ok
09:53:46.0392 0x1bd4 [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:53:46.0486 0x1bd4 KSecPkg - ok
09:53:46.0517 0x1bd4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:53:46.0642 0x1bd4 ksthunk - ok
09:53:46.0704 0x1bd4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:53:46.0907 0x1bd4 KtmRm - ok
09:53:47.0032 0x1bd4 [ 173666119D217E3739205C169E2BF0E5, 19F6E5B4496DB4151A6C68F58C42E73361D24F6D56FF9F375015515BF36B0309 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
09:53:47.0235 0x1bd4 L1C - ok
09:53:47.0297 0x1bd4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:53:47.0516 0x1bd4 LanmanServer - ok
09:53:47.0547 0x1bd4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:53:47.0672 0x1bd4 LanmanWorkstation - ok
09:53:47.0734 0x1bd4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:53:47.0890 0x1bd4 lltdio - ok
09:53:47.0952 0x1bd4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:53:48.0155 0x1bd4 lltdsvc - ok
09:53:48.0171 0x1bd4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:53:48.0311 0x1bd4 lmhosts - ok
09:53:48.0342 0x1bd4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:53:48.0420 0x1bd4 LSI_FC - ok
09:53:48.0452 0x1bd4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:53:48.0530 0x1bd4 LSI_SAS - ok
09:53:48.0561 0x1bd4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:53:48.0608 0x1bd4 LSI_SAS2 - ok
09:53:48.0639 0x1bd4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:53:48.0717 0x1bd4 LSI_SCSI - ok
09:53:48.0764 0x1bd4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:53:48.0904 0x1bd4 luafv - ok
09:53:48.0951 0x1bd4 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:53:49.0091 0x1bd4 MBAMProtector - ok
09:53:49.0263 0x1bd4 [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
09:53:49.0419 0x1bd4 MBAMScheduler - ok
09:53:49.0559 0x1bd4 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
09:53:49.0715 0x1bd4 MBAMService - ok
09:53:49.0824 0x1bd4 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
09:53:49.0934 0x1bd4 MBAMSwissArmy - ok
09:53:49.0996 0x1bd4 [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:53:50.0058 0x1bd4 MBAMWebAccessControl - ok
09:53:50.0105 0x1bd4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:53:50.0199 0x1bd4 Mcx2Svc - ok
09:53:50.0308 0x1bd4 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
09:53:50.0636 0x1bd4 MDM - detected UnsignedFile.Multi.Generic ( 1 )
09:53:55.0331 0x1bd4 Detect skipped due to KSN trusted
09:53:55.0331 0x1bd4 MDM - ok
09:53:55.0409 0x1bd4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
09:53:55.0441 0x1bd4 megasas - ok
09:53:55.0487 0x1bd4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:53:55.0534 0x1bd4 MegaSR - ok
09:53:55.0597 0x1bd4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:53:56.0033 0x1bd4 MMCSS - ok
09:53:56.0065 0x1bd4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:53:56.0673 0x1bd4 Modem - ok
09:53:56.0720 0x1bd4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:53:56.0782 0x1bd4 monitor - ok
09:53:56.0813 0x1bd4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:53:56.0860 0x1bd4 mouclass - ok
09:53:56.0891 0x1bd4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:53:57.0016 0x1bd4 mouhid - ok
09:53:57.0063 0x1bd4 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:53:57.0141 0x1bd4 mountmgr - ok
09:53:57.0297 0x1bd4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:53:57.0391 0x1bd4 mpio - ok
09:53:57.0500 0x1bd4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:53:57.0625 0x1bd4 mpsdrv - ok
09:53:57.0734 0x1bd4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:53:57.0952 0x1bd4 MpsSvc - ok
09:53:57.0999 0x1bd4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:53:58.0061 0x1bd4 MRxDAV - ok
09:53:58.0124 0x1bd4 [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:53:58.0295 0x1bd4 mrxsmb - ok
09:53:58.0342 0x1bd4 [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:53:58.0451 0x1bd4 mrxsmb10 - ok
09:53:58.0514 0x1bd4 [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:53:58.0623 0x1bd4 mrxsmb20 - ok
09:53:58.0670 0x1bd4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:53:58.0717 0x1bd4 msahci - ok
09:53:58.0841 0x1bd4 [ 8E46A7BAC823DD82D4FB2A34C3DF4C1D, FEA8FB1B8752660EC6174542B24D234A61EBFF8318A5855B3E5C91DB86856CAB ] MSCSPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
09:53:58.0888 0x1bd4 MSCSPTISRV - detected UnsignedFile.Multi.Generic ( 1 )
09:54:01.0883 0x1bd4 Detect skipped due to KSN trusted
09:54:01.0883 0x1bd4 MSCSPTISRV - ok
09:54:01.0946 0x1bd4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:54:01.0993 0x1bd4 msdsm - ok
09:54:02.0071 0x1bd4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:54:02.0305 0x1bd4 MSDTC - ok
09:54:02.0367 0x1bd4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:54:02.0445 0x1bd4 Msfs - ok
09:54:02.0476 0x1bd4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:54:02.0554 0x1bd4 mshidkmdf - ok
09:54:02.0663 0x1bd4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:54:02.0695 0x1bd4 msisadrv - ok
09:54:02.0929 0x1bd4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:54:03.0053 0x1bd4 MSiSCSI - ok
09:54:03.0069 0x1bd4 msiserver - ok
09:54:03.0131 0x1bd4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:54:03.0209 0x1bd4 MSKSSRV - ok
09:54:03.0256 0x1bd4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:54:03.0350 0x1bd4 MSPCLOCK - ok
09:54:03.0397 0x1bd4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:54:03.0475 0x1bd4 MSPQM - ok
09:54:03.0568 0x1bd4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:54:03.0740 0x1bd4 MsRPC - ok
09:54:03.0787 0x1bd4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:54:03.0958 0x1bd4 mssmbios - ok
09:54:03.0974 0x1bd4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:54:04.0114 0x1bd4 MSTEE - ok
09:54:04.0114 0x1bd4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:54:04.0192 0x1bd4 MTConfig - ok
09:54:04.0223 0x1bd4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:54:04.0270 0x1bd4 Mup - ok
09:54:04.0348 0x1bd4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:54:04.0535 0x1bd4 napagent - ok
09:54:04.0613 0x1bd4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:54:04.0816 0x1bd4 NativeWifiP - ok
09:54:04.0988 0x1bd4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:54:05.0128 0x1bd4 NDIS - ok
09:54:05.0175 0x1bd4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:54:05.0315 0x1bd4 NdisCap - ok
09:54:05.0362 0x1bd4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:54:05.0549 0x1bd4 NdisTapi - ok
09:54:05.0596 0x1bd4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:54:05.0690 0x1bd4 Ndisuio - ok
09:54:05.0721 0x1bd4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:54:05.0877 0x1bd4 NdisWan - ok
09:54:05.0908 0x1bd4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:54:06.0064 0x1bd4 NDProxy - ok
09:54:06.0095 0x1bd4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:54:06.0267 0x1bd4 NetBIOS - ok
09:54:06.0314 0x1bd4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:54:06.0485 0x1bd4 NetBT - ok
09:54:06.0501 0x1bd4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon C:\Windows\system32\lsass.exe
09:54:06.0563 0x1bd4 Netlogon - ok
09:54:06.0673 0x1bd4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:54:06.0891 0x1bd4 Netman - ok
09:54:06.0938 0x1bd4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:07.0047 0x1bd4 NetMsmqActivator - ok
09:54:07.0063 0x1bd4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:07.0156 0x1bd4 NetPipeActivator - ok
09:54:07.0219 0x1bd4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:54:07.0640 0x1bd4 netprofm - ok
09:54:07.0749 0x1bd4 [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
09:54:07.0936 0x1bd4 netr28ux - ok
09:54:07.0967 0x1bd4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:08.0014 0x1bd4 NetTcpActivator - ok
09:54:08.0045 0x1bd4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:54:08.0108 0x1bd4 NetTcpPortSharing - ok
09:54:08.0217 0x1bd4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:54:08.0248 0x1bd4 nfrd960 - ok
09:54:08.0357 0x1bd4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:54:08.0467 0x1bd4 NlaSvc - ok
09:54:08.0513 0x1bd4 NMSAccess - ok
09:54:08.0545 0x1bd4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:54:08.0623 0x1bd4 Npfs - ok
09:54:08.0654 0x1bd4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
09:54:08.0872 0x1bd4 nsi - ok
09:54:08.0919 0x1bd4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:54:08.0997 0x1bd4 nsiproxy - ok
09:54:09.0184 0x1bd4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:54:09.0387 0x1bd4 Ntfs - ok
09:54:09.0434 0x1bd4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:54:09.0527 0x1bd4 Null - ok
09:54:10.0900 0x1bd4 [ DD81FBC57AB9134CDDC5CE90880BFD80, 16DF4D9645238D1014FA9189FF171DCF7B7C7573F759B5AC73025518139D86B1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:54:12.0101 0x1bd4 nvlddmkm - ok
09:54:12.0195 0x1bd4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:54:12.0304 0x1bd4 nvraid - ok
09:54:12.0335 0x1bd4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:54:12.0367 0x1bd4 nvstor - ok
09:54:12.0413 0x1bd4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:54:12.0476 0x1bd4 nv_agp - ok
09:54:12.0616 0x1bd4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:54:12.0663 0x1bd4 odserv - ok
09:54:12.0710 0x1bd4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:54:12.0835 0x1bd4 ohci1394 - ok
09:54:12.0881 0x1bd4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:54:12.0959 0x1bd4 ose - ok
09:54:13.0022 0x1bd4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:54:13.0178 0x1bd4 p2pimsvc - ok
09:54:13.0271 0x1bd4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:54:13.0459 0x1bd4 p2psvc - ok
09:54:13.0661 0x1bd4 [ 753A8F339F231D2B857E2CCD51A6E6CA, 59510E69D623B9DA725A8097A44FD210FCF05BB3BA27D5296EA4610359DA0831 ] PACSPTISVR C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
09:54:13.0739 0x1bd4 PACSPTISVR - detected UnsignedFile.Multi.Generic ( 1 )
09:54:16.0610 0x1bd4 Detect skipped due to KSN trusted
09:54:16.0610 0x1bd4 PACSPTISVR - ok
09:54:16.0688 0x1bd4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
09:54:16.0797 0x1bd4 Parport - ok
09:54:16.0844 0x1bd4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:54:16.0969 0x1bd4 partmgr - ok
09:54:17.0015 0x1bd4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:54:17.0156 0x1bd4 PcaSvc - ok
09:54:17.0203 0x1bd4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:54:17.0281 0x1bd4 pci - ok
09:54:17.0312 0x1bd4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:54:17.0343 0x1bd4 pciide - ok
09:54:17.0374 0x1bd4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:54:17.0421 0x1bd4 pcmcia - ok
09:54:17.0483 0x1bd4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:54:17.0499 0x1bd4 pcw - ok
09:54:17.0655 0x1bd4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:54:17.0795 0x1bd4 PEAUTH - ok
09:54:17.0905 0x1bd4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:54:17.0967 0x1bd4 PerfHost - ok
09:54:18.0107 0x1bd4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:54:18.0310 0x1bd4 pla - ok
09:54:18.0451 0x1bd4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:54:18.0544 0x1bd4 PlugPlay - ok
09:54:18.0685 0x1bd4 [ 63694C307273062A2167AE4CE80730EF, 788E762D02A8BE9802143361A5768364A994B20E769A9733FA5827F526432893 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
09:54:18.0747 0x1bd4 PMBDeviceInfoProvider - ok
09:54:18.0809 0x1bd4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:54:18.0965 0x1bd4 PNRPAutoReg - ok
09:54:19.0012 0x1bd4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:54:19.0090 0x1bd4 PNRPsvc - ok
09:54:19.0153 0x1bd4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:54:19.0387 0x1bd4 PolicyAgent - ok
09:54:19.0433 0x1bd4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:54:19.0652 0x1bd4 Power - ok
09:54:19.0699 0x1bd4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:54:19.0855 0x1bd4 PptpMiniport - ok
09:54:19.0886 0x1bd4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
09:54:19.0979 0x1bd4 Processor - ok
09:54:20.0057 0x1bd4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
09:54:20.0229 0x1bd4 ProfSvc - ok
09:54:20.0245 0x1bd4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:54:20.0307 0x1bd4 ProtectedStorage - ok
09:54:20.0338 0x1bd4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:54:20.0416 0x1bd4 Psched - ok
09:54:20.0463 0x1bd4 [ 5D6C8E778F0218FCD2CCA0EFBC9766CA, 55B9BD7D168790883E748D9C09DA64E4FEEAC36EC172371DCD108F7F148887B3 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:54:20.0588 0x1bd4 PxHlpa64 - ok
09:54:20.0728 0x1bd4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:54:20.0853 0x1bd4 ql2300 - ok
09:54:20.0915 0x1bd4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:54:20.0947 0x1bd4 ql40xx - ok
09:54:20.0993 0x1bd4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:54:21.0103 0x1bd4 QWAVE - ok
09:54:21.0134 0x1bd4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:54:21.0196 0x1bd4 QWAVEdrv - ok
09:54:21.0227 0x1bd4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:54:21.0352 0x1bd4 RasAcd - ok
09:54:21.0383 0x1bd4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:54:21.0508 0x1bd4 RasAgileVpn - ok
09:54:21.0539 0x1bd4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:54:21.0680 0x1bd4 RasAuto - ok
09:54:21.0711 0x1bd4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:54:21.0929 0x1bd4 Rasl2tp - ok
09:54:21.0976 0x1bd4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:54:22.0117 0x1bd4 RasMan - ok
09:54:22.0148 0x1bd4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:54:22.0522 0x1bd4 RasPppoe - ok
09:54:22.0553 0x1bd4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:54:22.0647 0x1bd4 RasSstp - ok
09:54:22.0709 0x1bd4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:54:22.0912 0x1bd4 rdbss - ok
09:54:22.0928 0x1bd4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
09:54:23.0037 0x1bd4 rdpbus - ok
09:54:23.0084 0x1bd4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:54:23.0177 0x1bd4 RDPCDD - ok
09:54:23.0224 0x1bd4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:54:23.0380 0x1bd4 RDPENCDD - ok
09:54:23.0411 0x1bd4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:54:23.0614 0x1bd4 RDPREFMP - ok
09:54:23.0661 0x1bd4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:54:23.0817 0x1bd4 RDPWD - ok
09:54:23.0942 0x1bd4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:54:24.0067 0x1bd4 rdyboost - ok
09:54:24.0145 0x1bd4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:54:24.0379 0x1bd4 RemoteAccess - ok
09:54:24.0425 0x1bd4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:54:24.0597 0x1bd4 RemoteRegistry - ok
09:54:24.0659 0x1bd4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:54:24.0753 0x1bd4 RFCOMM - ok
09:54:24.0815 0x1bd4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:54:24.0971 0x1bd4 RpcEptMapper - ok
09:54:25.0003 0x1bd4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:54:25.0081 0x1bd4 RpcLocator - ok
09:54:25.0159 0x1bd4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:54:25.0377 0x1bd4 RpcSs - ok
09:54:25.0439 0x1bd4 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675, 2CDE31DEB899BAC801A9E4EFE15582B80D9B35921C4B92CB2E1E6BEFB7E3EB9C ] RRNetCap C:\Windows\system32\DRIVERS\rrnetcap.sys
09:54:25.0533 0x1bd4 RRNetCap - ok
09:54:25.0533 0x1bd4 [ 2ABD2B3BA2EF0C3BA82284C2A5E28675, 2CDE31DEB899BAC801A9E4EFE15582B80D9B35921C4B92CB2E1E6BEFB7E3EB9C ] RRNetCapMP C:\Windows\system32\DRIVERS\rrnetcap.sys
09:54:25.0627 0x1bd4 RRNetCapMP - ok
09:54:25.0705 0x1bd4 [ 9D21618E7A3B2C75CF1A2ECBBE723730, BE9BDAA4EC1265A557F25AB368BE05ED72873C4AE45B6CC9111C0D12DB887F59 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
09:54:25.0829 0x1bd4 RSPCIESTOR - ok
09:54:25.0892 0x1bd4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:54:26.0063 0x1bd4 rspndr - ok
09:54:26.0157 0x1bd4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs C:\Windows\system32\lsass.exe
09:54:26.0204 0x1bd4 SamSs - ok
09:54:26.0251 0x1bd4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:54:26.0313 0x1bd4 sbp2port - ok
09:54:26.0360 0x1bd4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:54:26.0500 0x1bd4 SCardSvr - ok
09:54:26.0531 0x1bd4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:54:26.0719 0x1bd4 scfilter - ok
09:54:26.0812 0x1bd4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
09:54:27.0031 0x1bd4 Schedule - ok
09:54:27.0093 0x1bd4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:54:27.0452 0x1bd4 SCPolicySvc - ok
09:54:27.0530 0x1bd4 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:54:27.0655 0x1bd4 sdbus - ok
09:54:27.0686 0x1bd4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:54:27.0779 0x1bd4 SDRSVC - ok
09:54:27.0826 0x1bd4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:54:27.0889 0x1bd4 secdrv - ok
09:54:27.0935 0x1bd4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:54:28.0154 0x1bd4 seclogon - ok
09:54:28.0169 0x1bd4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
09:54:28.0294 0x1bd4 SENS - ok
09:54:28.0341 0x1bd4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:54:28.0435 0x1bd4 SensrSvc - ok
09:54:28.0466 0x1bd4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:54:28.0622 0x1bd4 Serenum - ok
09:54:28.0669 0x1bd4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
09:54:28.0809 0x1bd4 Serial - ok
09:54:28.0825 0x1bd4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:54:28.0887 0x1bd4 sermouse - ok
09:54:28.0934 0x1bd4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:54:29.0121 0x1bd4 SessionEnv - ok
09:54:29.0152 0x1bd4 [ 286D3889E6AB5589646FF8A63CB928AE, 98D9D34521328F4F0B0B7C2CAB97BA0EC998B9F3F996B5ED08E17292F1CD9452 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
09:54:29.0261 0x1bd4 SFEP - ok
09:54:29.0339 0x1bd4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:54:29.0729 0x1bd4 sffdisk - ok
09:54:29.0776 0x1bd4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:54:29.0854 0x1bd4 sffp_mmc - ok
09:54:29.0854 0x1bd4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:54:29.0932 0x1bd4 sffp_sd - ok
09:54:29.0948 0x1bd4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:54:30.0088 0x1bd4 sfloppy - ok
09:54:30.0166 0x1bd4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:54:30.0307 0x1bd4 SharedAccess - ok
09:54:30.0353 0x1bd4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:54:30.0494 0x1bd4 ShellHWDetection - ok
09:54:30.0525 0x1bd4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:54:30.0665 0x1bd4 SiSRaid2 - ok
09:54:30.0681 0x1bd4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:54:30.0712 0x1bd4 SiSRaid4 - ok
09:54:30.0884 0x1bd4 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:54:30.0977 0x1bd4 SkypeUpdate - ok
09:54:31.0024 0x1bd4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:54:31.0133 0x1bd4 Smb - ok
09:54:31.0196 0x1bd4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:54:31.0305 0x1bd4 SNMPTRAP - ok
09:54:31.0367 0x1bd4 [ DDF2EC98AF6FC70608A4F9CE4DB52758, A3F18822C9D0EE508CCAA5323937D631950320D9642C46FD93DB764A06A78F0D ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
09:54:31.0414 0x1bd4 SOHCImp - ok
09:54:31.0445 0x1bd4 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C, E99AD063DA8E89ECD2993D1B1AAB346A3EB4E48D687E7378C03037DD00600BB8 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
09:54:31.0477 0x1bd4 SOHDs - ok
09:54:31.0633 0x1bd4 [ 65E5659E9C2A0762D05657C0E22A7CA2, A6EE72878CFA901A94485C7BEC7675702ED207DB54F5A8ED70835B6A8A8F5754 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
09:54:31.0742 0x1bd4 SpfService - ok
09:54:31.0773 0x1bd4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:54:31.0820 0x1bd4 spldr - ok
09:54:31.0898 0x1bd4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:54:32.0054 0x1bd4 Spooler - ok
09:54:32.0319 0x1bd4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:54:32.0756 0x1bd4 sppsvc - ok
09:54:32.0803 0x1bd4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:54:32.0974 0x1bd4 sppuinotify - ok
09:54:33.0005 0x1bd4 [ E3E6C96B0EF4492C3C8FD0DEEF4E35A1, BDCCF36D760B8B92BD8DF54C6F2992D66B76EBA1999623F60F0D68CD91D3CEE1 ] SPTISRV C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
09:54:33.0068 0x1bd4 SPTISRV - detected UnsignedFile.Multi.Generic ( 1 )
09:54:35.0923 0x1bd4 Detect skipped due to KSN trusted
09:54:35.0923 0x1bd4 SPTISRV - ok
09:54:35.0985 0x1bd4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:54:36.0157 0x1bd4 srv - ok
09:54:36.0219 0x1bd4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:54:36.0313 0x1bd4 srv2 - ok
09:54:36.0375 0x1bd4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:54:36.0515 0x1bd4 srvnet - ok
09:54:36.0593 0x1bd4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:54:36.0812 0x1bd4 SSDPSRV - ok
09:54:36.0874 0x1bd4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:54:36.0999 0x1bd4 SstpSvc - ok
09:54:37.0061 0x1bd4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:54:37.0124 0x1bd4 stexstor - ok
09:54:37.0217 0x1bd4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:54:37.0467 0x1bd4 stisvc - ok
09:54:37.0514 0x1bd4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:54:37.0561 0x1bd4 swenum - ok
09:54:37.0654 0x1bd4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:54:37.0810 0x1bd4 swprv - ok
09:54:37.0935 0x1bd4 [ C43E3CA9C672B2EC30B66CCE0B89BD36, 3EF3244504389F4434109DF2C0AB4FC499008205DA1E0435AB2751DCB609C89F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:54:38.0091 0x1bd4 SynTP - ok
09:54:38.0247 0x1bd4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
09:54:38.0481 0x1bd4 SysMain - ok
09:54:38.0528 0x1bd4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:54:38.0621 0x1bd4 TabletInputService - ok
09:54:38.0715 0x1bd4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:54:38.0855 0x1bd4 TapiSrv - ok
09:54:38.0918 0x1bd4 [ AE8EA3ACB77D44ECE855D7CC9B9B9C9B, D4D7B07F37580604A6138AE80130E49081E25A2D57A90D9C657653F313298EA5 ] taskengd C:\Windows\system32\KBDSW64.exe
09:54:39.0152 0x1bd4 taskengd - detected UnsignedFile.Multi.Generic ( 1 )
09:54:42.0381 0x1bd4 taskengd ( UnsignedFile.Multi.Generic ) - warning
09:54:42.0381 0x1bd4 Force sending object to P2P due to detect: taskengd
09:54:45.0361 0x1bd4 Object send P2P result: true
09:54:48.0434 0x1bd4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:54:48.0512 0x1bd4 TBS - ok
09:54:48.0761 0x1bd4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:54:48.0933 0x1bd4 Tcpip - ok
09:54:49.0120 0x1bd4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:54:49.0323 0x1bd4 TCPIP6 - ok
09:54:49.0385 0x1bd4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:54:49.0448 0x1bd4 tcpipreg - ok
09:54:49.0510 0x1bd4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:54:49.0619 0x1bd4 TDPIPE - ok
09:54:49.0666 0x1bd4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:54:49.0744 0x1bd4 TDTCP - ok
09:54:49.0822 0x1bd4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:54:49.0900 0x1bd4 tdx - ok
09:54:49.0963 0x1bd4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:54:49.0994 0x1bd4 TermDD - ok
09:54:50.0072 0x1bd4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
09:54:50.0384 0x1bd4 TermService - ok
09:54:50.0431 0x1bd4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:54:50.0493 0x1bd4 Themes - ok
09:54:50.0540 0x1bd4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:54:50.0665 0x1bd4 THREADORDER - ok
09:54:50.0774 0x1bd4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:54:50.0961 0x1bd4 TrkWks - ok
09:54:51.0164 0x1bd4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:54:51.0257 0x1bd4 TrustedInstaller - ok
09:54:51.0335 0x1bd4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:54:51.0382 0x1bd4 tssecsrv - ok
09:54:51.0429 0x1bd4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:54:51.0585 0x1bd4 TsUsbFlt - ok
09:54:51.0616 0x1bd4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:54:51.0757 0x1bd4 TsUsbGD - ok
09:54:51.0803 0x1bd4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:54:51.0897 0x1bd4 tunnel - ok
09:54:51.0928 0x1bd4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:54:51.0959 0x1bd4 uagp35 - ok
09:54:52.0053 0x1bd4 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC, 30BD61BA46955BD6A48EC78538FAAB46026DD048347F8280352335EB0ECE16AD ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:54:52.0256 0x1bd4 uCamMonitor - ok
09:54:52.0318 0x1bd4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:54:52.0412 0x1bd4 udfs - ok
09:54:52.0474 0x1bd4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:54:52.0552 0x1bd4 UI0Detect - ok
09:54:52.0583 0x1bd4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:54:52.0615 0x1bd4 uliagpkx - ok
09:54:52.0724 0x1bd4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:54:52.0771 0x1bd4 umbus - ok
09:54:52.0802 0x1bd4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
09:54:52.0880 0x1bd4 UmPass - ok
09:54:52.0973 0x1bd4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:54:53.0192 0x1bd4 upnphost - ok
09:54:53.0223 0x1bd4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:54:53.0301 0x1bd4 usbccgp - ok
09:54:53.0363 0x1bd4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:54:53.0519 0x1bd4 usbcir - ok
09:54:53.0566 0x1bd4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:54:53.0597 0x1bd4 usbehci - ok
09:54:53.0675 0x1bd4 [ 76E2FFAD301490BA27B947C6507752FB, A4C6FC5C3BF428C624D0792873CB01C8F16F49B0E8B36422025A1094F0AAE231 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:54:53.0707 0x1bd4 usbfilter - ok
09:54:53.0800 0x1bd4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:54:53.0878 0x1bd4 usbhub - ok
09:54:53.0925 0x1bd4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:54:53.0956 0x1bd4 usbohci - ok
09:54:54.0019 0x1bd4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:54:54.0050 0x1bd4 usbprint - ok
09:54:54.0112 0x1bd4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:54:54.0143 0x1bd4 usbscan - ok
09:54:54.0190 0x1bd4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:54:54.0268 0x1bd4 USBSTOR - ok
09:54:54.0315 0x1bd4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:54:54.0346 0x1bd4 usbuhci - ok
09:54:54.0455 0x1bd4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:54:54.0533 0x1bd4 usbvideo - ok
09:54:54.0627 0x1bd4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:54:54.0705 0x1bd4 UxSms - ok
09:54:54.0783 0x1bd4 [ DCB1F83AD167D16D263CE57C94E9EEDF, 2389268A1F83F0D354111553FB5F48E77A8FE4C0A1C22376A313A961252ED259 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
09:54:54.0814 0x1bd4 VAIO Event Service - ok
09:54:54.0845 0x1bd4 [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc C:\Windows\system32\lsass.exe
09:54:54.0877 0x1bd4 VaultSvc - ok
09:54:54.0986 0x1bd4 [ D00058C1FFF3F3DE990444A5734E9639, 450192C5F458888D71328994E29A6CB0E04F387BF63D49E7EABA1E1AECD680F9 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:54:55.0064 0x1bd4 VCFw - ok
09:54:55.0189 0x1bd4 [ F19275655B42086C884ABCDAE2C659AE, D5D36DFF2D316C390E0336B51EE9C4B23705A52A3BBCCB13CC0B95FCF5761344 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:54:55.0267 0x1bd4 VcmIAlzMgr - ok
09:54:55.0345 0x1bd4 [ 2F06D134554BA84FE253DBC481DCFE6D, A88780610A1B4FAFF1818CF3D86AC83B27DDDCD9CDB9F1A38C5BBFEE5632CF5E ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
09:54:55.0407 0x1bd4 VcmINSMgr - ok
09:54:55.0501 0x1bd4 [ 32A3735F6874B7783C6209ED5CA36D9D, B6DA3D749A000D99B6F0BF475C47AC0867595B634CC6502C8758B241759F531C ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
09:54:55.0547 0x1bd4 VcmXmlIfHelper - ok
09:54:55.0719 0x1bd4 [ D347D3ABE070AA09C22FC37121555D52, EE62F6A3489AAA54A5E3BD6264C473EF091CF848F9047A8446D2947D79B0A672 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
09:54:55.0735 0x1bd4 VCService - ok
09:54:55.0781 0x1bd4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:54:55.0813 0x1bd4 vdrvroot - ok
09:54:55.0875 0x1bd4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:54:56.0281 0x1bd4 vds - ok
09:54:56.0359 0x1bd4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:54:56.0764 0x1bd4 vga - ok
09:54:56.0795 0x1bd4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:54:57.0622 0x1bd4 VgaSave - ok
09:54:57.0638 0x1bd4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:54:57.0669 0x1bd4 vhdmp - ok
09:54:57.0731 0x1bd4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:54:57.0747 0x1bd4 viaide - ok
09:54:57.0778 0x1bd4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:54:57.0809 0x1bd4 volmgr - ok
09:54:57.0856 0x1bd4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:54:57.0903 0x1bd4 volmgrx - ok
09:54:58.0231 0x1bd4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:54:58.0293 0x1bd4 volsnap - ok
09:54:58.0511 0x1bd4 [ 6C60B5B5E6510BBC0CC3BA78722E8C80, F9E445566C314FF2F22382C051A090083741E86986729E905F07767DD9B84ABE ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
09:54:58.0605 0x1bd4 vpnagent - ok
09:54:58.0667 0x1bd4 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\Windows\system32\DRIVERS\vpnva64-6.sys
09:54:58.0792 0x1bd4 vpnva - ok
09:54:58.0823 0x1bd4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:54:58.0870 0x1bd4 vsmraid - ok
09:54:59.0042 0x1bd4 [ 0ED394BFBA3EB4740F063E0BA5EC7104, F8555E976DC72423D760322107A4470A7938CEAC8BE81E4B83EFCD2FA4A21816 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
09:54:59.0198 0x1bd4 VSNService - ok
09:54:59.0463 0x1bd4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:54:59.0744 0x1bd4 VSS - ok
09:55:00.0009 0x1bd4 [ D2D646D4D686C6996BA1FF96E11BE570, BAED2162928F9590597911DCBD92C10CC5516E35BD7ACB26150A879D2ABEC023 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
09:55:00.0149 0x1bd4 VUAgent - ok
09:55:00.0196 0x1bd4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:55:00.0352 0x1bd4 vwifibus - ok
09:55:00.0383 0x1bd4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:55:00.0446 0x1bd4 vwififlt - ok
09:55:00.0508 0x1bd4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:55:00.0649 0x1bd4 vwifimp - ok
09:55:00.0727 0x1bd4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:55:00.0914 0x1bd4 W32Time - ok
09:55:00.0945 0x1bd4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:55:01.0007 0x1bd4 WacomPen - ok
09:55:01.0070 0x1bd4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:55:01.0210 0x1bd4 WANARP - ok
09:55:01.0226 0x1bd4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:55:01.0366 0x1bd4 Wanarpv6 - ok
09:55:01.0522 0x1bd4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:55:01.0694 0x1bd4 WatAdminSvc - ok
09:55:02.0068 0x1bd4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:55:02.0583 0x1bd4 wbengine - ok
09:55:02.0739 0x1bd4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:55:02.0786 0x1bd4 WbioSrvc - ok
09:55:02.0864 0x1bd4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:55:02.0957 0x1bd4 wcncsvc - ok
09:55:02.0989 0x1bd4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:55:03.0035 0x1bd4 WcsPlugInService - ok
09:55:03.0067 0x1bd4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
09:55:03.0098 0x1bd4 Wd - ok
09:55:03.0254 0x1bd4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:55:03.0363 0x1bd4 Wdf01000 - ok
09:55:03.0410 0x1bd4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:55:03.0597 0x1bd4 WdiServiceHost - ok
09:55:03.0613 0x1bd4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:55:03.0722 0x1bd4 WdiSystemHost - ok
09:55:03.0784 0x1bd4 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
09:55:03.0893 0x1bd4 WebClient - ok
09:55:03.0940 0x1bd4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:55:04.0065 0x1bd4 Wecsvc - ok
09:55:04.0096 0x1bd4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:55:04.0315 0x1bd4 wercplsupport - ok
09:55:04.0361 0x1bd4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:55:04.0439 0x1bd4 WerSvc - ok
09:55:04.0471 0x1bd4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:55:04.0658 0x1bd4 WfpLwf - ok
09:55:04.0705 0x1bd4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:55:04.0767 0x1bd4 WIMMount - ok
09:55:04.0798 0x1bd4 WinDefend - ok
09:55:04.0814 0x1bd4 WinHttpAutoProxySvc - ok
09:55:04.0923 0x1bd4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:55:05.0157 0x1bd4 Winmgmt - ok
09:55:05.0375 0x1bd4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
09:55:05.0703 0x1bd4 WinRM - ok
09:55:05.0797 0x1bd4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
09:55:05.0843 0x1bd4 WinUsb - ok
09:55:05.0953 0x1bd4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:55:06.0233 0x1bd4 Wlansvc - ok
09:55:06.0296 0x1bd4 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:55:06.0358 0x1bd4 wlcrasvc - ok
09:55:06.0655 0x1bd4 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:55:06.0935 0x1bd4 wlidsvc - ok
09:55:06.0998 0x1bd4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:55:07.0045 0x1bd4 WmiAcpi - ok
09:55:07.0154 0x1bd4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:55:07.0357 0x1bd4 wmiApSrv - ok
09:55:07.0388 0x1bd4 WMPNetworkSvc - ok
09:55:07.0435 0x1bd4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:55:07.0528 0x1bd4 WPCSvc - ok
09:55:07.0575 0x1bd4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:55:07.0731 0x1bd4 WPDBusEnum - ok
09:55:07.0762 0x1bd4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:55:07.0903 0x1bd4 ws2ifsl - ok
09:55:07.0934 0x1bd4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
09:55:08.0121 0x1bd4 wscsvc - ok
09:55:08.0121 0x1bd4 WSearch - ok
09:55:08.0433 0x1bd4 [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv C:\Windows\system32\wuaueng.dll
09:55:08.0823 0x1bd4 wuauserv - ok
09:55:08.0901 0x1bd4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:55:08.0979 0x1bd4 WudfPf - ok
09:55:09.0057 0x1bd4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:55:09.0197 0x1bd4 WUDFRd - ok
09:55:09.0244 0x1bd4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:55:09.0322 0x1bd4 wudfsvc - ok
09:55:09.0385 0x1bd4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
09:55:09.0556 0x1bd4 WwanSvc - ok
09:55:09.0697 0x1bd4 ================ Scan global ===============================
09:55:09.0728 0x1bd4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
09:55:09.0790 0x1bd4 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
09:55:09.0853 0x1bd4 [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
09:55:09.0899 0x1bd4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:55:09.0946 0x1bd4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
09:55:09.0977 0x1bd4 [ Global ] - ok
09:55:09.0977 0x1bd4 ================ Scan MBR ==================================
09:55:09.0993 0x1bd4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:55:10.0508 0x1bd4 \Device\Harddisk0\DR0 - ok
09:55:10.0508 0x1bd4 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
09:55:10.0726 0x1bd4 \Device\Harddisk1\DR1 - ok
09:55:10.0726 0x1bd4 ================ Scan VBR ==================================
09:55:10.0742 0x1bd4 [ 4D290D039A425DCD0ACB2215C34299FC ] \Device\Harddisk0\DR0\Partition1
09:55:10.0742 0x1bd4 \Device\Harddisk0\DR0\Partition1 - ok
09:55:10.0757 0x1bd4 [ 3A37E56280B4629967180C96AD7FF527 ] \Device\Harddisk0\DR0\Partition2
09:55:10.0757 0x1bd4 \Device\Harddisk0\DR0\Partition2 - ok
09:55:10.0789 0x1bd4 [ 6D2774E0BE3B19DCFCC7BACE4CE35C55 ] \Device\Harddisk1\DR1\Partition1
09:55:10.0789 0x1bd4 \Device\Harddisk1\DR1\Partition1 - ok
09:55:10.0789 0x1bd4 ================ Scan generic autorun ======================
09:55:10.0960 0x1bd4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:55:11.0179 0x1bd4 Sidebar - ok
09:55:11.0225 0x1bd4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:55:11.0335 0x1bd4 mctadmin - ok
09:55:11.0475 0x1bd4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:55:11.0631 0x1bd4 Sidebar - ok
09:55:11.0678 0x1bd4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:55:11.0725 0x1bd4 mctadmin - ok
09:55:11.0943 0x1bd4 [ 6C46E68DF1DB9CA3D036410C4F4B9C4C, AD2571D11B2ED313A3BA0332570CA9FA2658457F5B9D6CD72A9E757515CD4B49 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
09:55:12.0083 0x1bd4 Adobe Reader Synchronizer - ok
09:55:12.0177 0x1bd4 [ B22CB67919EBAD88B0E8BB9CDA446010, 2F744FEAC48EDE7D6B6D2727F7DDFA80B26D9E3B0009741B00992B19AD85E128 ] C:\Windows\System32\StikyNot.exe
09:55:12.0458 0x1bd4 RESTART_STICKY_NOTES - ok
09:55:12.0458 0x1bd4 Waiting for KSN requests completion. In queue: 102
09:55:13.0472 0x1bd4 Waiting for KSN requests completion. In queue: 102
09:55:14.0486 0x1bd4 Waiting for KSN requests completion. In queue: 102
09:55:15.0500 0x1bd4 Waiting for KSN requests completion. In queue: 102
09:55:17.0014 0x1bd4 AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.15.106 ), 0x41000 ( enabled : updated )
09:55:17.0326 0x1bd4 Win FW state via NFP2: enabled ( trusted )
09:55:20.0243 0x1bd4 ============================================================
09:55:20.0243 0x1bd4 Scan finished
09:55:20.0243 0x1bd4 ============================================================
09:55:20.0274 0x0de8 Detected object count: 1
09:55:20.0274 0x0de8 Actual detected object count: 1
09:55:56.0093 0x0de8 taskengd ( UnsignedFile.Multi.Generic ) - skipped by user
09:55:56.0093 0x0de8 taskengd ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:56:21.0162 0x1720 Deinitialize success
|
|
11.12.2015, 11:31
| #5 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 Hi, ist die Datei noch vorhanden oder hast Du sie gelöscht. Im Log war sie noch da. Avira Echtzeitschutz deaktivieren: Schritt 1 Bitte lasse die Datei aus der Code-Box bei  überprüfen.
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
12.12.2015, 01:59
| #6 |
| | Adressezeile https://www.virustotal.com/de/file/327b36c8718224e596a033275166b4342840ed6901bcda280fb02f1566b8ad91/analysis/1449881795/ |
|
12.12.2015, 14:06
| #7 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 Gut gemacht. Bitte gleiches Spiel mit dieser Datei: C:\Windows\System32\KBDSW64.exe Danke!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
12.12.2015, 19:58
| #8 |
| | C:\Windows\System32\KBDSW64.exe Hallo, VirusTotal findet die Datei nicht..was tun? DAnke! |
|
12.12.2015, 20:03
| #9 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 Schritt 1  
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
12.12.2015, 20:25
| #10 |
| | Search FRSTCode:
ATTFilter Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
durchgeführt von Tam (2015-12-12 20:16:09)
Gestartet von C:\Users\Tam\Downloads
Start-Modus: Normal
================== Datei-Suche: "KBDSW64.exe" =============
C:\Windows\System32\KBDSW64.exe
[2013-12-26 16:45][2015-10-26 10:04] 0118784 ____A () AE8EA3ACB77D44ECE855D7CC9B9B9C9B [Datei ist nicht signiert]
====== Ende von Suche ======
|
|
12.12.2015, 20:29
| #11 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 OK. Machen morgen weiter...PC am besten nicht nutzen.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
13.12.2015, 09:54
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 Schritt 1  Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Beschränkung - Chrome
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
FF user.js: detected! => C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\user.js [2015-12-10]
FF Extension: Kein Name - C:\Windows\Installer\{1584630C-09F3-4B21-A74F-CD4078213A12}\{F24DE3D2-6D6D-4CBF-B4B0-FA0E0C67727A}.xpi [nicht gefunden]
FF HKLM-x32\...\Firefox\Extensions: [{DC1F2A69-B3D5-41A9-B1C1-65607140D310}] - C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}\{DC1F2A69-B3D5-41A9-B1C1-65607140D310}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}\{DC1F2A69-B3D5-41A9-B1C1-65607140D310}.xpi [2015-12-10]
R2 taskengd; C:\Windows\system32\KBDSW64.exe
C:\Windows\system32\KBDSW64.exe
C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}
2015-12-09 09:33 - 2015-12-10 09:15 - 00005120 _____ C:\Windows\SysWOW64\nsisvc32.dll
2015-12-09 09:11 - 2015-12-09 09:11 - 00000000 ____D C:\Program Files\{B1A85666-B68F-46FC-862A-A160FFEC568F}
2015-12-09 09:11 - 2015-12-09 09:11 - 00000000 ____D C:\Program Files (x86)\{6F29A6AC-7201-46DD-89A7-6698B4C6E2BC}
Task: {449D4FA2-C77E-458F-8EF5-BF25E5340DD1} - System32\Tasks\{C0BBE18C-A8FF-404A-A57C-9178169082A1} =>
Task: {DE6CFC4C-00B3-4636-A544-5D78BA0CF554} - System32\Tasks\{CC116342-76F6-4311-8957-9F46B29D7923} =>
Task: {FBB955E2-2522-44BD-9F82-F749942F7A6F} - \Scheduled Update for Ask Toolbar -> Keine Datei
Task: {FF6ED0AE-31F3-463E-B5CB-40282A03F1AD} - System32\Tasks\{AA6D0AE4-8530-4FC3-A1F3-04C84522779E} =>
AlternateDataStreams: C:\Windows\system32\KBDSW64.exe:IID
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Download Protect
Schritt 2  Bitte starte FRST erneut, und drücke auf Untersuchen. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
14.12.2015, 10:32
| #13 |
| | FRST Logs Hallo, sorry, dass es so lange gedauert hat... Fixlog: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-12-2015
durchgeführt von Tam (2015-12-14 10:18:42) Run:1
Gestartet von C:\Users\Tam\Downloads\FRST-OlderVersion\FRST-OlderVersion
Geladene Profile: Tam (Verfügbare Profile: Tam)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Beschränkung - Chrome
CHR HKLM\SOFTWARE\Policies\Google: Beschränkung
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung
SearchScopes: HKLM -> DefaultScope Wert fehlt
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
FF user.js: detected! => C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\user.js [2015-12-10]
FF Extension: Kein Name - C:\Windows\Installer\{1584630C-09F3-4B21-A74F-CD4078213A12}\{F24DE3D2-6D6D-4CBF-B4B0-FA0E0C67727A}.xpi [nicht gefunden]
FF HKLM-x32\...\Firefox\Extensions: [{DC1F2A69-B3D5-41A9-B1C1-65607140D310}] - C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}\{DC1F2A69-B3D5-41A9-B1C1-65607140D310}.xpi
FF Extension: Download Protect - C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}\{DC1F2A69-B3D5-41A9-B1C1-65607140D310}.xpi [2015-12-10]
R2 taskengd; C:\Windows\system32\KBDSW64.exe
C:\Windows\system32\KBDSW64.exe
C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}
2015-12-09 09:33 - 2015-12-10 09:15 - 00005120 _____ C:\Windows\SysWOW64\nsisvc32.dll
2015-12-09 09:11 - 2015-12-09 09:11 - 00000000 ____D C:\Program Files\{B1A85666-B68F-46FC-862A-A160FFEC568F}
2015-12-09 09:11 - 2015-12-09 09:11 - 00000000 ____D C:\Program Files (x86)\{6F29A6AC-7201-46DD-89A7-6698B4C6E2BC}
Task: {449D4FA2-C77E-458F-8EF5-BF25E5340DD1} - System32\Tasks\{C0BBE18C-A8FF-404A-A57C-9178169082A1} =>
Task: {DE6CFC4C-00B3-4636-A544-5D78BA0CF554} - System32\Tasks\{CC116342-76F6-4311-8957-9F46B29D7923} =>
Task: {FBB955E2-2522-44BD-9F82-F749942F7A6F} - \Scheduled Update for Ask Toolbar -> Keine Datei
Task: {FF6ED0AE-31F3-463E-B5CB-40282A03F1AD} - System32\Tasks\{AA6D0AE4-8530-4FC3-A1F3-04C84522779E} =>
AlternateDataStreams: C:\Windows\system32\KBDSW64.exe:IID
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Download Protect
*****************
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Wert erfolgreich entfernt
C:\Windows\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\Windows\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
"HKLM\SOFTWARE\Policies\Google" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => Wert erfolgreich entfernt
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Schlüssel nicht gefunden.
C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\user.js => erfolgreich verschoben
C:\Windows\Installer\{1584630C-09F3-4B21-A74F-CD4078213A12}\{F24DE3D2-6D6D-4CBF-B4B0-FA0E0C67727A}.xpi => Pfad erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{DC1F2A69-B3D5-41A9-B1C1-65607140D310} => Wert nicht gefunden.
C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}\{DC1F2A69-B3D5-41A9-B1C1-65607140D310}.xpi => nicht gefunden.
taskengd => Dienst erfolgreich entfernt
C:\Windows\system32\KBDSW64.exe => erfolgreich verschoben
"C:\Windows\Installer\{5809724A-865F-4D8D-9816-89DB908C75BF}" => nicht gefunden.
C:\Windows\SysWOW64\nsisvc32.dll => erfolgreich verschoben
C:\Program Files\{B1A85666-B68F-46FC-862A-A160FFEC568F} => erfolgreich verschoben
C:\Program Files (x86)\{6F29A6AC-7201-46DD-89A7-6698B4C6E2BC} => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{449D4FA2-C77E-458F-8EF5-BF25E5340DD1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{449D4FA2-C77E-458F-8EF5-BF25E5340DD1}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{C0BBE18C-A8FF-404A-A57C-9178169082A1} => => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C0BBE18C-A8FF-404A-A57C-9178169082A1} => => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE6CFC4C-00B3-4636-A544-5D78BA0CF554}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE6CFC4C-00B3-4636-A544-5D78BA0CF554}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{CC116342-76F6-4311-8957-9F46B29D7923} => => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CC116342-76F6-4311-8957-9F46B29D7923} => => Schlüssel nicht gefunden.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBB955E2-2522-44BD-9F82-F749942F7A6F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBB955E2-2522-44BD-9F82-F749942F7A6F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FF6ED0AE-31F3-463E-B5CB-40282A03F1AD}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF6ED0AE-31F3-463E-B5CB-40282A03F1AD}" => Schlüssel erfolgreich entfernt
C:\Windows\System32\Tasks\{AA6D0AE4-8530-4FC3-A1F3-04C84522779E} => => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AA6D0AE4-8530-4FC3-A1F3-04C84522779E} => => Schlüssel nicht gefunden.
"C:\Windows\system32\KBDSW64.exe" => ":IID" ADS nicht gefunden.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Download Protect => Schlüssel erfolgreich entfernt
Das System musste neu gestartet werden.
==== Ende von Fixlog 10:18:48 ====
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015 durchgeführt von Tam (Administrator) auf TAM-VAIO (14-12-2015 10:25:21) Gestartet von C:\Users\Tam\Downloads\FRST-OlderVersion\FRST-OlderVersion Geladene Profile: Tam (Verfügbare Profile: Tam) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser nicht gefunden!) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (AMD) C:\Windows\System32\atiesrxx.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-10-16] (Cisco Systems, Inc.) HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.) HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated) HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {7270dc67-13c9-11e3-b088-ccaf78cc91e4} - F:\MotorolaDeviceManagerSetup.exe -a HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {7d81cc14-0249-11e1-a74a-ccaf78cc91e4} - D:\AutoRun.exe HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {87c4555e-b80e-11e2-8def-ccaf78cc91e4} - Iomega Encryption Utility.exe HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {a8485092-02f5-11e1-829d-ccaf78cc91e4} - F:\KODAK_Software_Downloader.exe HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\...\MountPoints2: {cd590083-ff1c-11e0-8ae2-ccaf78cc91e4} - D:\AutoRun.exe ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.) Startup: C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2015-12-05] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{7BC2E11B-69AE-4FFB-8BFC-876669CC2683}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q= HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q= SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-24] (Sun Microsystems, Inc.) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-21] (Microsoft Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-04-29] (Atheros Commnucations) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-24] (Sun Microsystems, Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.) FireFox: ======== FF ProfilePath: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default FF DefaultSearchEngine: google FF DefaultSearchUrl: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF SelectedSearchEngine: google FF Homepage: hxxp://www.google.de?hl=de&gl=de FF Keyword.URL: hxxp://www.google.de/search?hl=de&gl=de&lr=&ie=utf-8&oe=utf-8&meta=lr=lang_de&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-24] (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-24] (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1123646390-3674192649-2891681912-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\searchplugins\google-images.xml [2014-11-30] FF SearchPlugin: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\searchplugins\google-maps.xml [2014-11-30] FF SearchPlugin: C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\searchplugins\startpage-https---deutsch.xml [2015-12-05] FF Extension: Avira Browser Safety - C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\Extensions\abs@avira.com [2015-08-20] [ist nicht signiert] FF Extension: Yahoo! Toolbar - C:\Users\Tam\AppData\Roaming\Mozilla\Firefox\Profiles\hzewrx2i.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-12-05] [ist nicht signiert] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-07] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-12-24] [ist nicht signiert] FF HKLM-x32\...\Firefox\Extensions: [{7B73F69D-F330-478D-B3D2-FF20B088250F}] - C:\Windows\Installer\{E6AB1FDB-EDF7-47F8-8028-E145F19A46FE}\{7B73F69D-F330-478D-B3D2-FF20B088250F}.xpi FF Extension: Download Protect - C:\Windows\Installer\{E6AB1FDB-EDF7-47F8-8028-E145F19A46FE}\{7B73F69D-F330-478D-B3D2-FF20B088250F}.xpi [2015-12-14] Chrome: ======= CHR Profile: C:\Users\Tam\AppData\Local\Google\Chrome\User Data\Default CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-05-24] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG) S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1212048 2015-08-26] (Avira Operations GmbH & Co. KG) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [Datei ist nicht signiert] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-04-29] (Atheros Commnucations) [Datei ist nicht signiert] R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [250648 2015-11-18] (Avira Operations GmbH & Co. KG) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-04] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-04] (Dropbox, Inc.) R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [166400 2009-09-14] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [128512 2009-09-14] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-04-14] (Realsil Microelectronics Inc.) [Datei ist nicht signiert] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Datei ist nicht signiert] S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation) [Datei ist nicht signiert] S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] () [Datei ist nicht signiert] R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation) [Datei ist nicht signiert] R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 NMSAccess; "C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe" [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-31] (DT Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-14] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-09-09] (RapidSolution Software AG) R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [37480 2011-09-09] (RapidSolution Software AG) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc.) S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-14 10:07 - 2015-12-14 10:07 - 00000000 ____D C:\Program Files\{17A0B810-B0B1-4E79-AD09-423F91E0F1A1} 2015-12-14 10:07 - 2015-12-14 10:07 - 00000000 ____D C:\Program Files (x86)\{BD889E96-1276-4D0A-A1C7-F3934B211AFD} 2015-12-12 20:16 - 2015-12-14 10:17 - 00000000 ____D C:\Users\Tam\Downloads\FRST-OlderVersion 2015-12-12 19:55 - 2015-12-12 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-11 09:48 - 2015-12-11 09:51 - 00218746 _____ C:\TDSSKiller.3.1.0.8_11.12.2015_09.48.45_log.txt 2015-12-10 12:07 - 2015-12-10 12:08 - 00380416 _____ C:\Users\Tam\Downloads\gmer.exe 2015-12-10 11:57 - 2015-12-12 20:16 - 02369536 _____ (Farbar) C:\Users\Tam\Downloads\FRST64.exe 2015-12-10 11:51 - 2015-12-10 11:51 - 00000000 _____ C:\Users\Tam\defogger_reenable 2015-12-10 11:50 - 2015-12-10 11:50 - 00050477 _____ C:\Users\Tam\Desktop\Defogger.exe 2015-12-09 17:17 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 17:17 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 17:17 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 17:17 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 17:17 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 17:17 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 17:17 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 17:17 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-09 17:17 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 17:17 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 17:16 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 17:16 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-09 17:16 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-09 17:16 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 17:16 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 17:16 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 17:16 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-09 17:16 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 17:16 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 17:16 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 17:16 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 17:16 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 17:16 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 17:16 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 17:16 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 17:16 - 2015-10-09 00:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-12-09 17:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 17:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 17:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 17:16 - 2015-10-09 00:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 17:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 17:16 - 2015-10-09 00:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 17:16 - 2015-10-09 00:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-12-09 17:16 - 2015-10-08 20:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 17:16 - 2015-10-08 19:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-12-09 17:15 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 17:15 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 17:15 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 17:15 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 17:15 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 17:15 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 17:15 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 17:15 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 17:15 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 17:15 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 17:15 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 17:15 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-09 17:15 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 17:15 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 17:15 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 17:15 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 17:15 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 17:15 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-09 17:15 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 17:15 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 17:15 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 17:15 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 17:15 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 17:15 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-09 17:15 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 17:15 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-09 17:15 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 17:15 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 17:15 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 17:15 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 17:15 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 17:15 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 17:15 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 17:15 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 17:15 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 17:15 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 17:15 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 17:15 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 17:15 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 17:15 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 17:15 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 17:15 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 17:15 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 17:15 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 17:15 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 17:15 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 17:15 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 17:15 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 17:15 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 17:15 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 17:15 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 17:15 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 17:15 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 17:15 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 17:15 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 17:15 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 17:15 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 17:15 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 17:15 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 17:15 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 17:15 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 17:15 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 17:15 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 17:15 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 17:06 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 17:06 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-09 10:04 - 2015-12-14 10:25 - 00000000 ____D C:\FRST 2015-12-09 10:03 - 2015-12-09 10:03 - 00000000 _____ C:\Users\Tam\Downloads\ProductivityBoss.f713b0e91eea4baf9468ac9a5f772b51.exe.rqsrwk9.partial 2015-12-06 12:25 - 2015-12-06 12:25 - 00000000 ____D C:\Users\Tam\AppData\Roaming\TeamViewer 2015-12-06 12:23 - 2015-12-06 12:24 - 06944152 _____ (TeamViewer) C:\Users\Tam\Downloads\TeamViewerQS_de.exe 2015-12-05 13:36 - 2015-12-05 13:36 - 00000000 ____D C:\avrescue 2015-12-05 12:03 - 2015-12-05 12:03 - 00001203 _____ C:\protokoll 2.txt 2015-12-04 09:54 - 2015-12-14 10:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-04 09:53 - 2015-12-05 13:42 - 00001106 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-12-04 09:53 - 2015-12-04 09:53 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-12-04 09:53 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-12-04 09:53 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-12-04 09:53 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-12-04 09:45 - 2015-12-04 09:45 - 22908888 _____ (Malwarebytes ) C:\Users\Tam\Desktop\mbam-setup-majorgeeks-2.2.0.1024.exe 2015-12-04 09:34 - 2015-12-04 09:34 - 00000000 ____D C:\Users\Tam\AppData\Local\{85077E3A-9A28-4042-A8AD-A852803F7116} 2015-11-30 23:57 - 2015-12-05 11:53 - 00000000 ____D C:\Users\Tam\Desktop\Cop 21-Programme 2015-11-27 13:40 - 2015-11-27 13:40 - 00000000 ____D C:\Users\Tam\AppData\Local\{97C58B6E-3239-43F7-B720-C965EFA83EC1} 2015-11-14 19:22 - 2015-11-14 19:22 - 00000000 ____D C:\Users\Tam\AppData\Local\{0205C6DD-7DDE-452C-98AE-ADD8CF20A2CD} ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-12-14 10:25 - 2011-10-25 17:31 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A4A2F9D1-3315-4A9F-ACCE-04F598F1F8D5} 2015-12-14 10:23 - 2013-12-26 16:47 - 00121940 _____ C:\Users\Tam\AppData\Local\Citavi Picker Internet Explorer Protocol.txt 2015-12-14 10:22 - 2011-11-24 19:50 - 00000000 ___RD C:\Users\Tam\Dropbox 2015-12-14 10:22 - 2011-11-24 19:47 - 00000000 ____D C:\Users\Tam\AppData\Roaming\Dropbox 2015-12-14 10:20 - 2015-11-04 08:46 - 00001204 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-12-14 10:20 - 2014-03-26 10:17 - 00000008 __RSH C:\ProgramData\ntuser.pol 2015-12-14 10:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-14 10:18 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2015-12-14 10:16 - 2009-07-14 05:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-14 10:16 - 2009-07-14 05:45 - 00028848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-14 00:05 - 2013-03-07 16:49 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-14 00:03 - 2015-11-04 08:46 - 00001208 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-12-12 20:08 - 2011-08-24 10:22 - 00699666 _____ C:\Windows\system32\perfh007.dat 2015-12-12 20:08 - 2011-08-24 10:22 - 00149774 _____ C:\Windows\system32\perfc007.dat 2015-12-12 20:08 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-12 20:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2015-12-12 19:56 - 2015-11-04 08:46 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-12-12 01:51 - 2014-08-15 12:57 - 00000000 ____D C:\ProgramData\Package Cache 2015-12-12 01:50 - 2013-10-19 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-12-11 10:01 - 2012-03-14 23:37 - 00000000 ____D C:\Users\Tam\Desktop\Tam-Ramsch 2015-12-11 09:42 - 2009-07-14 05:45 - 00393872 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-11 09:40 - 2012-05-12 09:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-11 09:40 - 2012-05-12 09:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-10 15:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2015-12-10 15:05 - 2011-11-30 23:37 - 00000000 ____D C:\Users\Tam\AppData\Local\ElevatedDiagnostics 2015-12-10 12:06 - 2012-05-22 22:42 - 00501760 ___SH C:\Users\Tam\Downloads\Thumbs.db 2015-12-10 12:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows 2015-12-10 11:51 - 2011-10-25 17:24 - 00000000 ____D C:\Users\Tam 2015-12-10 09:38 - 2011-11-02 21:49 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-12-10 09:34 - 2012-05-12 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-09 16:05 - 2013-03-07 16:49 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-09 16:05 - 2013-03-07 16:48 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-09 16:05 - 2011-11-08 22:50 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-09 10:38 - 2012-03-08 11:32 - 00009318 _____ C:\test.xml 2015-12-09 10:38 - 2011-10-28 12:41 - 00000000 ____D C:\Users\Tam\AppData\Local\CrashDumps 2015-12-09 09:31 - 2012-06-26 11:07 - 00000000 ____D C:\Windows\cs 2015-12-08 11:24 - 2014-07-10 13:48 - 00000000 __SHD C:\Users\Tam\AppData\Local\EmieUserList 2015-12-08 11:24 - 2014-07-10 13:48 - 00000000 __SHD C:\Users\Tam\AppData\Local\EmieSiteList 2015-12-08 09:17 - 2013-12-24 16:20 - 00000000 ____D C:\Users\Tam\Documents\Citavi 4 2015-12-08 09:12 - 2015-11-07 13:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-12-08 09:12 - 2012-05-14 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-12-07 20:57 - 2011-11-24 10:46 - 00000000 ____D C:\Users\Tam\AppData\Roaming\Skype 2015-12-05 13:44 - 2012-08-16 09:03 - 00001138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk 2015-12-05 13:44 - 2011-12-27 15:48 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk 2015-12-05 13:44 - 2011-12-11 22:27 - 00002061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk 2015-12-05 13:44 - 2011-11-22 18:29 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audials TV.lnk 2015-12-05 13:44 - 2011-10-25 17:25 - 00001965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited powered by Qriocity.lnk 2015-12-05 13:44 - 2011-08-24 02:24 - 00002072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk 2015-12-05 13:44 - 2011-08-24 02:17 - 00002679 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Easy Connect.lnk 2015-12-05 13:44 - 2011-08-24 02:17 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk 2015-12-05 13:44 - 2011-08-24 02:12 - 00001189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Keyboard.lnk 2015-12-05 13:44 - 2011-08-24 01:56 - 00001139 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk 2015-12-05 13:44 - 2011-08-24 01:49 - 00001303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk 2015-12-05 13:44 - 2011-08-24 01:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-12-05 13:44 - 2011-08-24 01:05 - 00001995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk 2015-12-05 13:44 - 2011-08-24 01:05 - 00001521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk 2015-12-05 13:44 - 2011-08-24 00:30 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-12-05 13:44 - 2009-07-14 05:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk 2015-12-05 13:43 - 2014-09-09 18:34 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Neues Microsoft Office-Dokument.lnk 2015-12-05 13:43 - 2014-09-09 18:34 - 00002633 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Microsoft Office-Dokument öffnen.lnk 2015-12-05 13:43 - 2013-05-18 22:24 - 00001145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk 2015-12-05 13:43 - 2012-10-24 13:44 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zotero Standalone.lnk 2015-12-05 13:43 - 2011-10-25 17:26 - 00001425 _____ C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-12-05 13:43 - 2011-08-24 02:28 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Smart Network.lnk 2015-12-05 13:43 - 2011-08-24 02:27 - 00001275 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk 2015-12-05 13:43 - 2011-08-24 01:29 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk 2015-12-05 13:43 - 2011-08-24 01:29 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk 2015-12-05 13:43 - 2011-08-24 01:25 - 00001490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2015-12-05 13:43 - 2011-08-24 00:30 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2015-12-05 13:43 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk 2015-12-05 13:43 - 2009-07-14 05:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2015-12-05 13:43 - 2009-07-14 05:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk 2015-12-05 13:43 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk 2015-12-05 13:43 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk 2015-12-05 13:43 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk 2015-12-05 13:42 - 2014-11-23 20:04 - 00001063 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk 2015-12-05 13:42 - 2013-12-25 13:41 - 00001202 _____ C:\Users\Tam\Desktop\Format Factory.lnk 2015-12-05 13:42 - 2013-12-24 16:17 - 00001949 _____ C:\Users\Public\Desktop\Citavi 4.lnk 2015-12-05 13:42 - 2012-08-16 09:03 - 00001126 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk 2015-12-05 13:42 - 2012-01-03 21:02 - 00001781 _____ C:\Users\Public\Desktop\f4.lnk 2015-12-05 13:42 - 2012-01-03 20:43 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-12-05 13:42 - 2011-11-24 19:50 - 00001218 _____ C:\Users\Tam\Desktop\Dropbox.lnk 2015-12-05 13:39 - 2011-08-24 01:13 - 00000000 ____D C:\Windows\PCHEALTH 2015-12-05 12:01 - 2015-05-21 07:36 - 00000000 ____D C:\Program Files\{38104C39-FBE7-4809-9CFB-8FF6E8631645} 2015-12-05 12:01 - 2015-05-21 07:36 - 00000000 ____D C:\Program Files (x86)\{26AEF786-1852-42A9-9476-32356CE62BEE} 2015-12-05 12:01 - 2012-11-19 22:59 - 00000000 ____D C:\Program Files (x86)\vGrabber-software 2015-12-04 09:44 - 2015-03-17 14:00 - 00000000 ____D C:\Users\Tam\Desktop\Sarsarale e.V 2015-12-02 00:07 - 2012-07-27 14:03 - 05351936 ___SH C:\Users\Tam\Desktop\Thumbs.db 2015-12-01 15:53 - 2013-10-19 12:21 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-12-01 15:53 - 2013-10-19 12:21 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-12-01 15:53 - 2013-10-19 12:21 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-11-30 16:50 - 2015-01-23 09:33 - 00000000 ____D C:\Users\Tam\Desktop\EHESS 2015-11-23 19:41 - 2014-11-19 00:44 - 00000000 ____D C:\Users\Tam\Desktop\Auslandsaufenthalt 2015-11-22 20:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-11-22 13:29 - 2015-10-22 11:36 - 00000000 ____D C:\Users\Tam\Desktop\Visiter ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2012-11-11 18:17 - 2012-11-11 18:17 - 0065536 _____ () C:\Users\Tam\AppData\Roaming\hzewrx2i.default.dat 2013-12-26 16:47 - 2015-12-14 10:23 - 0121940 _____ () C:\Users\Tam\AppData\Local\Citavi Picker Internet Explorer Protocol.txt 2011-11-26 19:48 - 2011-11-26 19:48 - 0000056 ____H () C:\ProgramData\ezsidmv.dat Einige Dateien in TEMP: ==================== C:\Users\Tam\AppData\Local\Temp\avgnt.exe C:\Users\Tam\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdwuttm.dll ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-12-10 16:23 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-12-2015
durchgeführt von Tam (2015-12-14 10:28:05)
Gestartet von C:\Users\Tam\Downloads\FRST-OlderVersion\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-25 16:23:56)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1123646390-3674192649-2891681912-500 - Administrator - Disabled)
Gast (S-1-5-21-1123646390-3674192649-2891681912-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1123646390-3674192649-2891681912-1003 - Limited - Enabled)
Tam (S-1-5-21-1123646390-3674192649-2891681912-1001 - Administrator - Enabled) => C:\Users\Tam
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ActiveX контрола на Windows Live Mesh за отдалечени връзки (HKLM-x32\...\{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}) (Version: 15.4.5722.2 - Microsoft Corporation)
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh (HKLM-x32\...\{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}) (Version: 15.4.5722.2 - Microsoft Corporation)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AP Tuner 3.08 (HKLM-x32\...\AP Tuner 3.08) (Version: - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.142 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{9D86D954-38AF-2A73-7AF9-920D05B6784F}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Audials (HKLM-x32\...\{2E5052A2-8E3D-4229-A5EB-2465B260D917}) (Version: 8.0.54900.0 - RapidSolution Software AG)
Audials TV (HKLM-x32\...\{24EE4523-711A-4BD1-95EA-F73A8A6950D3}) (Version: 1.3.10803.300 - RapidSolution Software AG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.125 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{5b07d59f-99e0-4c52-ad25-965f7e38d6ac}) (Version: 1.1.51.19070 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.51.19070 - Avira Operations GmbH & Co. KG) Hidden
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.3.0.100 - Atheros Communications)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05187 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05187 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.0.53 - Conexant)
Control ActiveX Windows Live Mesh pentru conexiuni la distanță (HKLM-x32\...\{260E3D78-94E6-47EC-8E29-46301572BB1E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
DriverDoc (HKLM-x32\...\DriverDoc_is1) (Version: 10.0 - Driver-Soft Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Druckerdeinstallation für EPSON SX125 Series (HKLM\...\EPSON SX125 Series) (Version: - SEIKO EPSON Corporation)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
f4 3.1.0 (HKLM-x32\...\f4) (Version: 3.1.0 - MAXqda)
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free Disc Burner version 3.0.19.1125 (HKLM-x32\...\Free Disc Burner_is1) (Version: 3.0.19.1125 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.36.1130 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.36.1130 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Java(TM) 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Gallery (Version: 1.5.0.16020 - Your Company Name) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
MP3 WAV WMA Converter (HKLM-x32\...\MP3 WAV WMA Converter) (Version: MP3 WAV WMA Converter - audio-converter.com)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenMG Limited Patch 4.7-07-14-05-01 (HKLM-x32\...\OpenMG HotFix4.7-07-13-22-01) (Version: - )
OpenMG Secure Module 4.7.00 (HKLM-x32\...\InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}) (Version: 4.7.00.12140 - Sony Corporation)
OpenMG Secure Module 4.7.00 (x32 Version: 4.7.00.12140 - Sony Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení (HKLM-x32\...\{B6190387-0036-4BEB-8D74-A0AFC5F14706}) (Version: 15.4.5722.2 - Microsoft Corporation)
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia (HKLM-x32\...\{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}) (Version: 15.4.5722.2 - Microsoft Corporation)
PDF24 Creator 6.9.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-XChange Lite 4 (HKLM\...\{B860298B-CE03-4DE2-B92E-422F2C20A2D8}_is1) (Version: 4.0.214.2 - Tracker Software Products Ltd)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.199.0 - Tracker Software Products Ltd.)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.5.02.12220 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.6.00.06030 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (Version: 1.5.10.05300 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06010 - Sony Corporation) Hidden
PMB VAIO Edition Plug-in (x32 Version: 1.6.00.06140 - Sony Corporation) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.1.1.03020 - Sony Corporation) Hidden
Remote Play with PlayStation 3 (x32 Version: 1.1.0.15070 - Sony Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SecureW2 EAP Suite 1.1.1 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Sony Corporation (Version: 1.0.0 - Default Company Name) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.9.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (HKLM-x32\...\{241E7104-937A-4366-AD57-8FDDDB003939}) (Version: 15.4.5722.2 - Microsoft Corporation)
VAIO - Media Gallery (HKLM-x32\...\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}) (Version: 1.5.0.16020 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}) (Version: 1.6.00.06030 - Sony Corporation)
VAIO - PMB VAIO Edition Plug-in (HKLM-x32\...\InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}) (Version: 1.6.00.06140 - Sony Corporation)
VAIO - Remote Play mit PlayStation®3 (HKLM-x32\...\{07441A52-E208-478A-92B7-5C337CA8C131}) (Version: 1.1.0.15070 - Sony Corporation)
VAIO - Remote-Tastatur (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.0.1.03020 - Sony Corporation)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 6.4.2.11150 - Sony Corporation)
VAIO Care (x32 Version: 6.4.2.11150 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.5.0.03040 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.6.0.13140 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.6.0.13140 - Sony Corporation) Hidden
VAIO Easy Connect (HKLM-x32\...\InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}) (Version: 1.1.2.01120 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{73D8886A-D416-4687-B609-0D3836BA410C}) (Version: 5.5.0.03040 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 2.3.0.11090 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 2.4.0.03240 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 4.2.0.14280 - Sony Corporation) Hidden
VAIO Hero Screensaver - Summer 2011 Screensaver (HKLM-x32\...\VAIO Hero Screensaver - Summer 2011 Screensaver) (Version: - )
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 1.0.0.14150 - Sony Corporation)
VAIO Improvement Validation (HKLM\...\{75C95C84-264F-4CC7-8A7E-346444E6C7C1}) (Version: 1.0.4.01190 - Sony Corporation)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.4.5.10 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.4.5.10 - Sony Corporation) Hidden
VAIO Sample Contents (HKLM-x32\...\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}) (Version: 1.4.2.09010 - Sony Corporation)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.5.0.02280 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.1.1.10250 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 2.0.0.02250 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.4.0.14230 - Sony Corporation)
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VESx64 (Version: 1.0.0 - Sony Corporation) Hidden
VESx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIS (HKLM-x32\...\VIS) (Version: - ) <==== ACHTUNG
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger (HKLM-x32\...\{09B7C7EB-3140-4B5E-842F-9C79A7137139}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Meshin etäyhteyksien ActiveX-komponentti (HKLM-x32\...\{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinX DVD Ripper 5.5.7 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.)
Zotero Standalone 4.0.11 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.11 (x86 en-US)) (Version: 4.0.11 - Zotero)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Елемент керування Windows Live Mesh ActiveX для віддалених підключень (HKLM-x32\...\{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}) (Version: 15.4.5722.2 - Microsoft Corporation)
Основи Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотоколекція Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001_Classes\CLSID\{3A999A50-AB25-4A20-90A9-08F71FCE320F}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001_Classes\CLSID\{98087D89-B93F-4BCF-A998-AE4D9F607C14}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
CustomCLSID: HKU\S-1-5-21-1123646390-3674192649-2891681912-1001_Classes\CLSID\{B286F068-5B17-4AE8-989B-8F9A199C47BA}\InprocServer32 -> C:\Windows\system32\spool\DRIVERS\x64\3\HPCDMC64.DLL (HP)
==================== Wiederherstellungspunkte =========================
30-11-2015 22:14:56 Geplanter Prüfpunkt
10-12-2015 09:08:31 Windows Update
12-12-2015 21:24:38 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-07-29 06:44 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {00FFA2B5-F17D-47F8-862C-04C43C82660D} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient
Task: {06E2A1E1-E790-4D90-B66A-D5CD61E79DBF} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2012-10-26] (Sony Corporation)
Task: {09F5EB83-9D76-457F-8E9B-F9D94CA6A335} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {25B75D8B-BA82-46CA-B500-BF2EE87BC676} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {33BF80C9-75BC-41B1-AD85-38F1E5F43D52} - System32\Tasks\{ADB48988-339B-44A7-9364-884627810899} => pcalua.exe -a "C:\Program Files (x86)\MP3 WAV WMA Converter\converter.exe" -d C:\Users\Tam\Desktop
Task: {422536FB-599D-41CA-8969-AC4510C0D366} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2010-11-16] (Sony Corporation)
Task: {42C19AA4-CCB5-47B0-9ED3-B2CA7D8B622A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-04] (Dropbox, Inc.)
Task: {4EE59B45-AFD5-4B95-A63D-8FF6DCD4D6CA} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation)
Task: {56CB8C2D-9CD9-48EC-9712-C240E8943830} - System32\Tasks\Sony Corporation\VAIO Improvement Validation\VAIO Improvement Validation => C:\Program Files\Sony\VAIO Improvement Validation\viv.exe [2011-01-20] (Sony Corporation)
Task: {73B580F9-9DA9-45F9-AF4E-A02FF863BDAD} - System32\Tasks\{773D83E4-8B8A-45A0-8587-2C442E210BCF} => pcalua.exe -a "C:\Users\Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q2UIAVRU\AudialsRadiotrackerAvira (1).exe" -d C:\Users\Tam\Desktop
Task: {83ACAE56-A029-4C5E-9450-4B1DCC44DBB5} - System32\Tasks\SONY\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2010-11-16] (Sony Corporation)
Task: {84B82197-D17A-4DC2-B5C8-E52D7C5D898C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-10-26] (Sony Corporation)
Task: {9305D884-7A14-4CAF-889B-856B67C5AB2A} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation)
Task: {99CFD7B9-46DD-484E-AF43-F423A4F71B12} - System32\Tasks\{8D8800EE-2ED1-492B-A7D4-0A8A5A95BD5C} => pcalua.exe -a C:\Users\Tam\Downloads\epson326689eu.exe -d C:\Users\Tam\Downloads
Task: {A8D08F0B-D91D-4F26-AD80-82F964AA89B9} - System32\Tasks\NCH Software\SwitchDowngrade => C:\Program Files (x86)\NCH Software\Switch\switch.exe [2012-08-16] (NCH Software)
Task: {B392A54D-18F5-432F-929A-37668E4EAD14} - System32\Tasks\{623876BF-5E53-4BFA-9381-A32235CE8142} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [2012-08-13] (OpenOffice.org)
Task: {B818FE43-6FD2-4BE1-B150-F4FC26610286} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {BE657622-E802-4C61-863E-6C7FB8C3B2DE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-04] (Dropbox, Inc.)
Task: {C4E04306-3721-4AC7-869B-E627C26672F0} - System32\Tasks\{8D6A47F0-69B5-4ED3-A534-11EEB3C8CE11} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [2012-08-13] (OpenOffice.org)
Task: {F4817D70-05A3-48C6-A7B3-08968526D9D4} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-02-15] (Sony Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Public\Desktop\f4.lnk -> C:\Program Files (x86)\f4\f4.bat () <==== ACHTUNG
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2013-07-26 07:42 - 2013-07-26 07:42 - 00034304 _____ () C:\Windows\System32\ssk3mlm.dll
2006-12-04 01:26 - 2006-12-04 01:26 - 00022016 _____ () C:\Windows\System32\sugs2l6.dll
2011-05-24 22:18 - 2011-05-24 22:18 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-16 00:48 - 2014-10-16 00:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2015-12-12 19:55 - 2015-10-31 01:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-12 19:55 - 2015-10-31 01:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-12 19:55 - 2015-10-31 01:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-12 19:55 - 2015-10-31 01:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2015-12-12 19:55 - 2015-10-31 01:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-12 19:55 - 2015-12-08 22:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-12 19:55 - 2015-10-31 01:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2015-12-12 19:55 - 2015-10-31 02:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 19:55 - 2015-10-31 01:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2015-12-12 19:55 - 2015-10-31 01:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-12 19:55 - 2015-12-08 22:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-12 19:55 - 2015-10-31 02:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-12-12 19:55 - 2015-12-08 22:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-11-12 14:41 - 2015-10-31 02:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-11-12 14:41 - 2015-10-31 02:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-12 14:41 - 2015-10-31 02:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-12 14:41 - 2015-10-31 02:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2011-08-24 01:05 - 2011-03-05 15:42 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1123646390-3674192649-2891681912-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: cAudioFilterAgent => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{28074722-F19E-4DD1-9512-64AA72803985}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DF18ABDC-6FE2-43CA-ABA6-455194B8B6C9}] => (Allow) LPort=2869
FirewallRules: [{6281D801-FEF2-4264-9B2A-400E04A48142}] => (Allow) LPort=1900
FirewallRules: [{83AE117E-9FA6-498F-8F62-C0D9A5F5A45D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A9A9EA76-BE94-4ECD-BE00-8344C73C421D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BC910AE5-0557-403D-A839-0C4E61AF3EDA}] => (Allow) LPort=5353
FirewallRules: [TCP Query User{C251BA9D-A538-486B-9CAF-AC1FD002BA0E}C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B3DF7FC0-07A1-4E83-B664-8EE62DB8B8E4}C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\tam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{7EEFB0A4-7B06-42FE-9F3D-2FC77C593BC7}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{AF5917B7-E0DB-4A2A-9FC4-8865238E1DFE}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{8B55EF06-C18D-486E-AF39-2696392EE247}] => (Allow) C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
FirewallRules: [TCP Query User{D88511D2-BCFA-48C5-940F-07B04000BBDE}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe
FirewallRules: [UDP Query User{1CB91B0B-6468-4C91-8B78-F4B4A20E93BF}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe
FirewallRules: [TCP Query User{73E88033-E54A-4C0B-9898-4F28080D830C}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe
FirewallRules: [UDP Query User{BFF41570-3525-4230-B49A-0FBC6F4AAF54}C:\users\tam\desktop\f4\f4.exe] => (Allow) C:\users\tam\desktop\f4\f4.exe
FirewallRules: [TCP Query User{98466724-70E8-4E3E-B547-FCB3FD686E38}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0163D01A-1B25-4E66-9939-27BF48E3B52D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DD530B0D-F023-4540-A6E3-9FA7A8955F42}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Atheros AR3011 Bluetooth(R) Adapter
Description: Atheros AR3011 Bluetooth(R) Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (12/14/2015 10:21:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2015 10:18:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2015 10:06:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/14/2015 12:03:56 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (12/13/2015 02:29:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/12/2015 09:25:52 PM) (Source: SampleCollector) (EventID: 259) (User: )
Description: CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (12/12/2015 01:47:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/11/2015 09:42:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/11/2015 09:34:46 AM) (Source: SampleCollector) (EventID: 259) (User: )
Description: init_sstates_file:CreateFile:Prev_SState: Failed with error 0x20: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (12/10/2015 09:03:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (12/14/2015 10:23:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (12/14/2015 10:23:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/14/2015 10:22:20 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/14/2015 10:19:14 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (12/14/2015 10:18:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Virtueller Datenträger" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/14/2015 10:18:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VCService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/14/2015 10:18:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/14/2015 10:18:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CamMonitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/14/2015 10:18:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VAIO Care Performance Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/14/2015 10:18:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft .NET Framework NGEN v4.0.30319_X64" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: AMD E-450 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 46%
Installierter physikalischer RAM: 3690.9 MB
Verfügbarer physikalischer RAM: 1991.35 MB
Summe virtueller Speicher: 7380.01 MB
Verfügbarer virtueller Speicher: 5192.21 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:451.68 GB) (Free:287.47 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 443A14D9)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.7 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
|
|
14.12.2015, 18:27
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 Schritt 1  Upload:
Bitte um Rückmeldung ob es geklappt hat!  Danke für Deine Hilfe!
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
15.12.2015, 10:50
| #15 |
| | Upload Channel Hallo, ich konnte alle Schritte durchführen, nur wenn ich dann ganz zum Schluss auf Öffnen gehe, öffnet sich ncihts. Nehme also an, irgendwas ist schief gelaufen? Grüße! Ab heute Abend bin ich wieder zu Hause und werde ab dann auch wieder schenller antworten können! |
|
| Themen zu Windows 7: Wiederholte Warnungen vor TR/FireHooker.1825 |
| adware/agentcv.a.16711, adware/browsefox.gen7, adware/lintrane.bv, antivir, computer, device driver, dllhost.exe, dnsapi.dll, drahtlos, firehooker, flash player, iexplore.exe, internet explorer, programm, pua/downprotect.ap, pua/downprotect.jd, pua/downprotect.js, pup.optional.downloadprotect, pup.optional.downloadprotectextension, registry, software, tr/firehooker.1825, trojaner, winzip driver updater |
Linear-Darstellung
