| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Defender hat Software zur Browser Veränderung gefunden....Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.06.2016, 12:34
| #1 |
 |  Windows Defender hat Software zur Browser Veränderung gefunden.... Hallo liebes Forum! Mein Windows Defender hat Software zur Browser Veränderung gefunden. Diese habe ich dann bereinigt und ich habe mir leider den genauen namen nicht gemerkt. Ich hatte kürzlich eine freie software ( zum auswerte von LEED bildern in der Phyhsik) aus einer vermeintlich sicheren Quelle geladen  und mir dabei einen "Virus" eingefangen der die Startseite in Chrome umleitet etc... Ich dachte ich hätte dies behoben. Nun finde ich in einem der Ordner den der Defender mir gemeldet folgendes: Pfad: C:\Program Files (x86)\Dbphanihty - 9.3.6494.400.manifest - BrowserUpdate.exe - chrome_elf.dll - qks.exe - winzipper.exe - wpm.exe Unter Beschreibeung steht bei einigen datein folgender Eintrag: QQ浏览器 Ich finde aber keine software in den Systemsteuerungen die ich mir nicht erklären kann. Der ganze PC wird eigentlich nur für die Arbeit verwendet und enthält eine Python Installationen mit relativ vielen Zusatzpaketen die unter Windows nur nach erheblichem Aufwand laufen... daher bin ich etwas vorsichtig beim ungeprüften Einsatz von antivirensoftware. Könnt ihr mir etwas dazu sagen? Kann ich die files einfach löschen? Gruß Onkel Charlie |
|
15.06.2016, 12:51
| #2 |
| /// Malwareteam   | Windows Defender hat Software zur Browser Veränderung gefunden.... Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen. Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:
 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.06.2016, 15:48
| #3 |
| | Windows Defender hat Software zur Browser Veränderung gefunden.... Hallo
__________________Ich habe das Programm als Administrator ausführen müssen. Ich weiss nicht ob das wichtig ist. FRST.txt: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
durchgeführt von admin (Administrator) auf HAL9000 (15-06-2016 13:58:22)
Gestartet von C:\Users\Alex\Desktop
Geladene Profile: Alex & admin (Verfügbare Profile: Alex & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Macrovision Corporation) C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\lmgrd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Macrovision Corporation) C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\lmgrd.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\msi.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Apache Software Foundation) C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(Apache Software Foundation) C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => TpShocks.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [CtaMon] => Rundll32 CtaMon.dll,RunMonitor
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1531872 2016-04-17] (Sophos Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Run: [Google Update] => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [231936 2016-04-17] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [289040 2016-04-17] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 128.176.0.28 128.176.0.30
Tcpip\..\Interfaces\{A02846B1-0C75-46DA-98F5-D043C157A837}: [DhcpNameServer] 212.18.3.5 212.18.0.5
Tcpip\..\Interfaces\{A7D516E4-DB8B-426B-BE4F-089A40F595A5}: [DhcpNameServer] 128.176.0.28 128.176.0.30
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-03] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll [2014-04-17] (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\npcdp32.dll [2014-04-17] (CambridgeSoft Corp.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.1.0.5292844\npmathplugin.dll [2015-03-24] (Wolfram Research, Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1010: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UpC3UmCE..&v=20160602&uid=979BBD0925D424BADCC815BFCA6E8AC5&ptid=epf1&mode=loadm
CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UpC3UmCE..&v=20160602&uid=979BBD0925D424BADCC815BFCA6E8AC5&ptid=epf1&mode=loadm"
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
CHR Extension: (Google Präsentationen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-15]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-15]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-15]
CHR Extension: (Google-Suche) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-15]
CHR Extension: (Google Tabellen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Google Mail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-15]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Accelrys License Server; C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\lmgrd.exe [1333600 2013-10-30] (Macrovision Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-05-06] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 LSC.Services.SystemService; c:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 MaterialsStudioGateway; C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe [24064 2013-10-16] (Apache Software Foundation) [Datei ist nicht signiert]
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [311544 2016-04-17] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [285136 2016-04-17] (Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [604000 2016-04-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2016-04-17] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2455816 2016-04-17] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3339736 2016-04-17] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2118896 2016-04-17] (Sophos Limited)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 rtysystemSrv; "C:\Program Files (x86)\Ruotygutght\rtysystemSrv.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 Ctafiltv; C:\Windows\System32\drivers\Ctafiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-15] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-04-17] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-04-17] (Sophos Limited)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-12-18] (Oracle Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-12-23] (Cisco Systems, Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-15 13:58 - 2016-06-15 13:58 - 00030381 _____ C:\Users\Alex\Desktop\FRST.txt
2016-06-15 13:57 - 2016-06-15 13:58 - 00000000 ____D C:\FRST
2016-06-15 13:54 - 2016-06-15 13:57 - 02385920 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2016-06-15 10:15 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 10:15 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 10:15 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 10:15 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 10:15 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 10:15 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 10:15 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 10:15 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 10:15 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 10:15 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 10:15 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 10:15 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 10:15 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 10:15 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 10:15 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 10:15 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 10:15 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 10:15 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 10:15 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 10:15 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 10:15 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 10:15 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 10:15 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 10:15 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 10:15 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 10:15 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 10:15 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 10:15 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 10:15 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 10:15 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 10:15 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 10:15 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 10:15 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 10:15 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 10:15 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 10:15 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 10:15 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 10:15 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 10:15 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 10:15 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 10:15 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 10:15 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 10:15 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 10:15 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 10:15 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 10:15 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 10:15 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 10:15 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 10:15 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 10:15 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 10:15 - 2016-05-12 17:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 10:15 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 10:15 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 10:15 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 10:15 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 10:15 - 2016-05-12 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 10:15 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 10:15 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 10:15 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 10:15 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 10:15 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 10:15 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 10:15 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 10:15 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-13 13:04 - 2016-06-13 13:04 - 00000000 ____D C:\Users\Alex\.QtWebEngineProcess
2016-06-13 13:04 - 2016-06-13 13:04 - 00000000 ____D C:\Users\Alex\.LSC
2016-06-10 09:23 - 2016-06-10 09:23 - 00000152 _____ C:\Users\Alex\Documents\path.txt
2016-06-09 20:28 - 2016-06-13 11:13 - 00000000 ____D C:\Users\Alex\Documents\Registry Backup
2016-06-09 14:31 - 2016-06-09 14:31 - 00001346 _____ C:\Users\Alex\Desktop\IE8 - WinXP_1.lnk
2016-06-07 15:29 - 2016-06-07 15:29 - 00000979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dukto R6.lnk
2016-06-07 15:29 - 2016-06-07 15:29 - 00000000 ____D C:\Program Files (x86)\Dukto
2016-06-07 11:27 - 2016-06-07 11:27 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2016-06-06 10:52 - 2016-06-06 10:52 - 00000000 ____D C:\Program Files (x86)\hebxjqgm
2016-06-06 10:44 - 2016-06-06 10:44 - 00000000 ____D C:\Program Files (x86)\bgt90byd
2016-06-05 11:54 - 2016-06-05 11:54 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 16:20 - 2016-06-02 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-06-02 11:29 - 2016-06-02 11:29 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-06-02 11:15 - 2016-06-02 11:15 - 00000000 ____D C:\Program Files (x86)\9A4F1801-1464858930-11CB-9BFE-E404BDC866F9
2016-06-02 11:13 - 2016-06-15 12:58 - 00000000 ____D C:\Program Files (x86)\Dbphanihty
2016-06-02 11:13 - 2016-06-02 11:18 - 00000000 ____D C:\Program Files (x86)\Muweied
2016-06-02 11:13 - 2016-06-02 11:14 - 00000000 ____D C:\Users\admin\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-05-30 14:59 - 2016-05-30 15:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\texstudio
2016-05-30 14:59 - 2016-05-30 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Lenovo
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lenovo
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\.QtWebEngineProcess
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\.LSC
2016-05-27 11:31 - 2016-05-27 11:31 - 00000000 ____D C:\Program Files (x86)\LangmuirPC
2016-05-19 17:04 - 2016-05-19 17:04 - 00000000 ____D C:\Users\Alex\texmf
2016-05-19 14:53 - 2016-05-19 14:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\MiKTeX
2016-05-19 14:53 - 2016-05-19 14:53 - 00000000 ____D C:\Users\admin\AppData\Local\MiKTeX
2016-05-17 15:51 - 2016-05-17 15:51 - 00001669 _____ C:\Users\Alex\Desktop\FreeCommander.lnk
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-15 13:46 - 2015-09-13 14:14 - 00000600 _____ C:\Users\Alex\AppData\Local\PUTTY.RND
2016-06-15 13:40 - 2014-12-12 17:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chemie
2016-06-15 13:39 - 2016-01-07 10:50 - 00000000 ____D C:\Program Files (x86)\Hive1_5_3_18VASP5
2016-06-15 13:37 - 2014-12-12 17:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPM
2016-06-15 13:25 - 2015-10-19 16:20 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job
2016-06-15 13:21 - 2014-12-31 15:16 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job
2016-06-15 13:11 - 2016-05-03 13:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wxEWA
2016-06-15 13:07 - 2014-04-23 19:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-15 13:01 - 2015-12-09 13:47 - 00000544 _____ C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job
2016-06-15 12:49 - 2016-01-15 14:47 - 00000000 ____D C:\Users\admin
2016-06-15 12:48 - 2014-04-23 11:49 - 00000000 ____D C:\Users\Alex
2016-06-15 12:28 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-15 12:28 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-15 12:25 - 2011-04-12 09:43 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-06-15 12:25 - 2011-04-12 09:43 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-06-15 12:25 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-15 12:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-15 12:21 - 2014-04-23 19:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 12:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 12:20 - 2009-07-14 06:45 - 00576312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 12:10 - 2014-04-23 19:00 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 12:05 - 2014-04-23 19:00 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 11:31 - 2015-10-06 12:00 - 00017443 ____H C:\Users\Alex\_viminfo
2016-06-15 11:21 - 2014-12-31 15:16 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job
2016-06-15 09:10 - 2015-09-01 13:05 - 00000000 ____D C:\Users\Alex\AppData\Local\sciebo
2016-06-14 17:03 - 2016-01-11 22:52 - 00000000 ____D C:\Users\Alex\.VirtualBox
2016-06-14 16:25 - 2015-10-19 16:20 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job
2016-06-14 09:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-10 13:35 - 2015-09-21 17:19 - 00000600 _____ C:\Users\Alex\AppData\Roaming\winscp.rnd
2016-06-10 12:40 - 2015-08-24 19:32 - 00000000 ____D C:\Users\Alex\.matplotlib
2016-06-09 23:13 - 2015-11-23 22:21 - 00000000 ____D C:\Users\Alex\Documents\Visual Studio 2008
2016-06-09 23:06 - 2015-11-23 22:21 - 00000000 ____D C:\Users\Alex\AppData\Local\Microsoft Help
2016-06-09 21:19 - 2014-04-23 19:42 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-09 14:07 - 2016-01-11 22:53 - 00000000 ____D C:\Users\Alex\VirtualBox VMs
2016-06-09 14:02 - 2016-01-26 17:22 - 00000000 ____D C:\Users\admin\.VirtualBox
2016-06-07 16:59 - 2016-01-04 13:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\texstudio
2016-06-07 11:28 - 2015-07-30 20:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2016-06-05 11:54 - 2014-05-01 22:27 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Dropbox
2016-06-03 08:59 - 2014-08-26 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-02 11:17 - 2016-01-15 14:47 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2016-06-02 11:13 - 2016-01-15 14:47 - 00001627 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-02 11:13 - 2015-11-28 20:38 - 00001307 _____ C:\Users\Alex\Desktop\Start Tor Browser.lnk
2016-06-02 11:13 - 2015-11-28 20:38 - 00001180 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-05-30 14:59 - 2016-01-04 13:42 - 00000000 ____D C:\Program Files (x86)\TeXstudio
2016-05-30 13:20 - 2014-04-23 19:58 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-05-30 13:20 - 2014-04-23 19:58 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-05-30 13:19 - 2014-04-23 20:04 - 00000000 ____D C:\Windows\Downloaded Installations
2016-05-29 13:10 - 2016-03-31 12:40 - 00000638 _____ C:\Windows\Tasks\TrackerAutoUpdate.job
2016-05-27 09:25 - 2015-07-23 15:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:24 - 2015-07-23 15:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-05-17 13:43 - 2015-10-19 16:20 - 00000000 ____D C:\Users\Alex\AppData\Local\Dropbox
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
1998-03-09 16:40 - 1998-03-09 16:40 - 0029184 _____ () C:\Program Files (x86)\ArrayTest.dll
1999-01-10 17:22 - 1999-01-10 17:22 - 0029696 _____ () C:\Program Files (x86)\dll_Backgr.dll
2000-04-30 04:21 - 2000-04-30 04:21 - 0034304 _____ () C:\Program Files (x86)\DLL_Elsep3.dll
2000-04-25 02:54 - 2000-04-25 02:54 - 0000000 _____ () C:\Program Files (x86)\HelpSimpleBackgr.hlp
2000-05-05 10:15 - 2000-05-05 10:15 - 0225280 _____ (Fysisk Institut) C:\Program Files (x86)\SimpleBackgr.exe
2016-03-16 00:16 - 2016-03-16 00:16 - 0004605 _____ () C:\Program Files (x86)\ST6UNST.LOG
2016-03-30 23:12 - 2016-03-31 12:28 - 0000034 _____ () C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2016-04-18 11:57 - 2016-04-18 11:57 - 0000600 _____ () C:\Users\admin\AppData\Roaming\winscp.rnd
2016-04-16 11:03 - 2016-04-16 11:03 - 0007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\EmGeR0KTOm.exe
C:\Users\admin\AppData\Local\Temp\GScumETIgp.exe
C:\Users\admin\AppData\Local\Temp\nsj4657.tmp.exe
C:\Users\admin\AppData\Local\Temp\vlc-2.2.4-win32.exe
C:\Users\Alex\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden.
LastRegBack: 2016-06-08 09:53
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von admin (2016-06-15 13:58:48)
Gestartet von C:\Users\Alex\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-23 09:49:47)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
admin (S-1-5-21-1968842236-1166385170-3651055052-1010 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1968842236-1166385170-3651055052-500 - Administrator - Disabled)
Alex (S-1-5-21-1968842236-1166385170-3651055052-1000 - Limited - Enabled) => C:\Users\Alex
Gast (S-1-5-21-1968842236-1166385170-3651055052-501 - Limited - Disabled)
SophosSAUHAL90000 (S-1-5-21-1968842236-1166385170-3651055052-1001 - Limited - Enabled)
SophosSAUHAL90001 (S-1-5-21-1968842236-1166385170-3651055052-1015 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Out of date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Out of date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
"Unistall wxEWA binary" (HKLM-x32\...\wxEWA_is1) (Version: 0.29Alpha9 - János Végh, MTA ATOMKI, Hungary)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Accelrys License Pack (HKLM-x32\...\{C0C44F90-ACB8-4DA2-9433-CFC9F4D4AA37}) (Version: 7.6.9 - Accelrys Software Inc.)
Accelrys License Pack (x64) (HKLM\...\{8879D8DC-723D-4DD6-B016-91D397EC693B}) (Version: 7.6.9 - Accelrys Software Inc.)
Accelrys Materials Studio 7.0 (HKLM-x32\...\{8CE9B2FD-A06F-4B42-8BE4-530CB973C5A4}) (Version: 7.0 - Accelrys Software Inc.)
Accelrys Materials Studio 7.0 (x64 Server) (Version: 7.0 - Accelrys Software Inc.) Hidden
Accelrys Materials Studio 7.0 Documentation (x32 Version: 7.0 - Accelrys Software Inc.) Hidden
Accelrys Materials Studio Gateway Service (x64) (HKLM\...\{98FD3007-E164-4096-BD6E-17CA4AA08C6A}) (Version: 7.0.4 - Accelrys Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ArgusLab (HKLM-x32\...\{01D190D9-B876-48C1-BD5B-FE8247DDBE40}) (Version: 4.0.1 - Planaria Software LLC)
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
Aspell German Dictionary-0.50-2 (HKLM-x32\...\Aspell German Dictionary_is1) (Version: - GNU)
Avogadro (HKLM-x32\...\Avogadro) (Version: 1.1.1 modified for ORCA support - Humanity)
CambridgeSoft ChemBioDraw Ultra 14.0 (HKLM-x32\...\{8B4EE9DF-BE12-488C-AAF0-72B09E53AA41}) (Version: 14.0 - CambridgeSoft Corporation)
ChromecastApp (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
COMPRO12 (HKLM-x32\...\{48454FE0-DFE1-4CF2-BED5-E2311D3E2AEE}) (Version: 12.00 - SASJ)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Content (HKLM-x32\...\_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}) (Version: 16.0 - Corel Corporation)
CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - NL (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DjVuLibre DjView 3.5.27+4.10.4 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Dropbox (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dukto R6 (HKLM-x32\...\{386C0311-B146-4CE0-89E5-8469A3583156}}_is1) (Version: R6 - Emanuele Colombo)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gwyddion (HKLM\...\Gwyddion) (Version: 2.43.win64 - Gwyddion developers)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Igor Pro (HKLM-x32\...\Igor Pro) (Version: 6.3.6.4 (6.36) - WaveMetrics, Inc.)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{5018D8E6-8D8E-4F76-9AFD-CB2EF1100E84}) (Version: 13.0.089 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{791FF357-3DE8-485E-BD59-41844BB16415}) (Version: 13.0.089 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.07 - )
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Maple 2015 (HKLM\...\Maple 2015) (Version: 2015 - Maplesoft)
Maple Toolbox 2015 (HKLM\...\Maple Toolbox 2015) (Version: 2015 - Maplesoft)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Mercury (HKLM-x32\...\Mercury 3.8) (Version: 3.8 - CCDC)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft
Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1.5990 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
mRemoteNG (HKLM-x32\...\mRemoteNG) (Version: 1.72.5065.32737 - Next Generation Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NWZ Terminal Server (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\nwzcitrix-4c8371e1@@Controller.NWZHome $S1-1) (Version: 1.0 - Delivered by Citrix)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.12 (HKLM\...\{6F93731D-89E1-4A8F-BDA9-D104860DDB02}) (Version: 5.0.12 - Oracle Corporation)
Orca (HKLM-x32\...\Orca) (Version: 3.0.3 - Max-Planck-Institute for Chemical Energy Conversion)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pdf 2 Djvu Converter 1.0.3.8 (HKLM-x32\...\Djvu-Spec Pdf 2 Djvu Converter) (Version: 1.0.3.8 - Djvu-Spec)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.0 - Tracker Software Products Ltd)
peak-o-mat 1.1.9 (HKLM-x32\...\peak-o-mat_is1) (Version: - )
PeaZip 5.9.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 5.9.0 - Giorgio Tani)
POV-Ray for Windows v3.7 (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\POV-Ray for Windows v3.7) (Version: 3.7 - Persistence of Vision Raytracer Pty. Ltd.)
Python 2.7 matplotlib-1.4.3 (64-bit) (HKLM\...\matplotlib-py2.7) (Version: - )
Python 2.7 pygtk-2.24.0 (HKLM-x32\...\{0205122C-20A8-4600-97D5-234C88A22B99}) (Version: 2.24.0 - James Henstridge)
Python 2.7 scipy-0.16.0 (HKLM-x32\...\scipy-py2.7) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QUASES IMFP-TPP2M (C:\Program Files (x86)\QUASES-Tougaard\Quases-IMFP-TPP2M\) (HKLM-x32\...\ST6UNST #4) (Version: - )
QUASES IMFP-TPP2M (HKLM-x32\...\ST6UNST #2) (Version: - )
QUASES-Tougaard Simple Backgrounds (HKLM-x32\...\ST6UNST #6) (Version: - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
sciebo (HKLM-x32\...\sciebo) (Version: 2.1.1.525 - Sync and Share NRW )
Self-Service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.0 - Sophos Limited)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
TeXstudio 2.11.0 (HKLM-x32\...\TeXstudio_is1) (Version: 2.11.0 - Benito van der Zander)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Time Stopper (HKLM-x32\...\Time Stopper4.0) (Version: 4.0 - DilSoft)
TmoleX 4.1.0 (HKLM-x32\...\4370-0238-2378-4027) (Version: 4.1.0 - COSMOlogic GmbH & Co. KG)
Total Uninstall 2.35 (HKLM-x32\...\Total Uninstall_is1) (Version: 2.35 - Gavrila Martau)
Vernissage - V2.1 (HKLM-x32\...\{C12C4017-862D-47AF-B1C0-F03CB1C9D9B4}) (Version: 2.1.12131.86 - Omicron NanoTechnology GmbH)
Vim 7.4: Edit with Vim popup menu entry (HKLM\...\Vim 7.4) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMD 1.9.2 (HKLM-x32\...\{089F161A-EFCE-44D8-8D38-C401835D93E4}) (Version: 1.9.2 - University of Illinois)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wolfram Extras 10.1 (5292844) (HKLM\...\A-WIN-Extras 10.1.0 5292844_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Wolfram Mathematica 10.1 (M-WIN-L 10.1.0 5292918) (HKLM\...\M-WIN-L 10.1.0 5292918_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
WSxM (HKLM-x32\...\{0708C401-5D15-49DE-8BF1-BD21DBBF44B7}) (Version: 1.0.0 - WSxM solutions)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
XPS MultiQuant (HKLM-x32\...\ST6UNST #3) (Version: - )
XPS-Simulation Program by S. Tougaard and F. Yubero (C:\Program Files (x86)\Quases-Tougaard\QUEELS-XPS Simulation\) (HKLM-x32\...\ST6UNST #5) (Version: - )
XPS-Simulation Program by S. Tougaard and F. Yubero (HKLM-x32\...\ST6UNST #1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine
Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine
Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine
Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine
Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine
Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine
Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine
Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox,
Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2D095618-2F59-4A81-9852-A48B746F65D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28]
(Google Inc.)
Task: {2E054455-8DEE-43AE-881C-EBFD9AF1DEDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3A0D7129-F99E-4E9F-944A-73A78FB30581} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {4B2DDA84-48BE-4F09-815D-F247C543AA54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7A03FD0B-921D-4666-9A87-8348D33A1BDB} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
Task: {7A0DC724-127F-4D97-9CF7-B64999247C6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {92159481-32FD-4CC5-9570-009950FCD14C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {927D939A-B5C2-4D42-A5B2-709A18A6E770} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {A2FF9D65-26F6-4448-BCB0-88182EE14BC0} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
Task: {A93759DF-969B-447B-B9B2-52C9533D6E5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-19]
(Dropbox, Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AF44EBCF-CFC4-4735-8DE4-E69EDCA5FB5C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C56C6F01-ECD4-4E41-B507-541D078846F5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {C8D5FEBF-2230-4B33-89CB-9BC0008822A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {CE3C8CED-8072-416D-8561-38709EF52372} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {CEB1C246-3A72-4D47-9021-76CF49B6802E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {D93F1065-0FF8-4931-ACF4-EAB2B8D5EE6B} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2016-03-22] (Tracker Software Products (Canada) Ltd.)
Task: {DA1CE3B3-BF06-4A79-93A5-1F75489184E4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
[2016-04-20] (Lenovo)
Task: {DCB37942-77A5-4D09-94C8-C8064CD9A8A7} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F06E72E1-F59E-4C15-A29C-C4C801E4FF3E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel
Corporation)
Task: {F0F9DD4B-11DD-4DBE-93DF-EA48F48D856A} - System32\Tasks\{CDEE53C9-7447-4444-A475-911F56BCB26C} => pcalua.exe -a C:\Users\admin\Downloads\zivsophos10.exe -d C:\Users\admin\Downloads
Task: {F2FEE01E-F111-48C9-BD06-A209F3A426FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft
Corporation)
Task: {F6B479A1-4A1C-4F7D-8CB4-065140191D0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28]
(Google Inc.)
Task: {FCC28C83-A9DE-484C-A033-7EB12B4AD3A3} - \Ruotygutght System -> Keine Datei <==== ACHTUNG
Task: {FDAC2F53-0A1F-4122-B74E-FE3FBB363E14} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-19]
(Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->
"hxxp://trustedsurf.com/?ssid=1464858809&a=1026525&src=sh&uuid=178152ec-6192-46f4-ad08-c07806d3d5a5"
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1464858809&a=1026525&src=sh&uuid=178152ec-6192-46f4-ad08-c07806d3d5a5"
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->
"hxxp://trustedsurf.com/?ssid=1464858809&a=1026525&src=sh&uuid=178152ec-6192-46f4-ad08-c07806d3d5a5"
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
-> "hxxp://trustedsurf.com/?ssid=1464858809&a=1026525&src=sh&uuid=178152ec-6192-46f4-ad08-c07806d3d5a5"
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-31 13:39 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-30 10:53 - 2013-10-30 10:53 - 01436000 _____ () C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\msi.exe
2016-04-17 15:41 - 2016-04-17 15:41 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2014-04-23 20:05 - 2016-04-14 06:08 - 00119808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-03-30 19:54 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2015-03-30 19:54 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-04-23 20:06 - 2010-10-26 10:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2013-02-19 20:34 - 2013-02-19 20:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-23 09:33 - 2015-12-23 09:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-06-06 13:46 - 2011-06-29 18:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2014-06-06 13:46 - 2011-06-29 18:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2015-05-06 10:33 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-05-06 10:33 - 2009-04-20 11:55 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-12-28 15:28 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-12-28 15:28 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2016-06-02 11:14 - 00001297 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1968842236-1166385170-3651055052-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 128.176.0.28 - 128.176.0.30
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{892ED2FB-7E39-4C77-9EE6-65086EB09238}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{AFFD75D6-4AB5-4333-A38F-63A15B1A3E7F}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [UDP Query User{5DF4A43A-747F-4854-A597-065315BB78FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [{978E8FA1-F66B-4DC1-9CD2-3022D9B1E65B}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DE292FFE-ADFE-4713-ABFB-EC6B6FE99609}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9AFB1BB-4C81-4AFB-841C-A6A5782B1557}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{F674ADF3-0F46-47C3-983A-1CC6C9021A5A}D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\downloads\lan-party
\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [UDP Query User{57972503-12BC-4882-AB17-BE620AB82D68}D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\downloads\lan-party
\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [TCP Query User{F6105781-5E0B-49A8-94DD-7DBDD7138198}D:\privat\games\cod2mp_s.exe] => (Allow) D:\privat\games\cod2mp_s.exe
FirewallRules: [UDP Query User{BD95F092-0188-45AF-96CC-EC490B14C1F2}D:\privat\games\cod2mp_s.exe] => (Allow) D:\privat\games\cod2mp_s.exe
FirewallRules: [TCP Query User{0B6D06A7-1421-486B-BE19-C2BAA3B633FC}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\games\counter-strike source\counter-strike
source - to copy\hl2.exe
FirewallRules: [UDP Query User{78CB22BA-FD94-4603-8052-680C6DF2F289}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\games\counter-strike source\counter-strike
source - to copy\hl2.exe
FirewallRules: [{04EF5602-66D0-48B1-8167-A85A50C0D463}] => (Allow) C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{CAB454B1-7DB1-4C06-BC0B-1EE1FDC254D5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{A02ABC7A-C51E-4BB7-BD3D-038C6548A0E7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{291FCC84-197F-4689-BDEF-02FF1B229B4F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{62ED1571-A138-4074-B238-3644C0D04A8B}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [TCP Query User{ACC7714F-6E12-43BF-9BDD-724206853B3D}C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience
\vernissage\v2.2\bin\vernissage.exe
FirewallRules: [UDP Query User{32AAFA7E-B432-413E-89CA-C2546C0A1187}C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience
\vernissage\v2.2\bin\vernissage.exe
FirewallRules: [{C9ADE1DB-5662-4901-AC33-F4A03EBD9AB2}] => (Allow) C:\Program Files (x86)\Omicron NanoScience\Vernissage\V2.1\Bin\Vernissage.exe
FirewallRules: [{BC6A24DB-4321-4248-861F-9E1E15B6F304}] => (Allow) C:\Program Files (x86)\Omicron NanoScience\Vernissage\V2.1\Bin\Vernissage.exe
FirewallRules: [TCP Query User{93C42D44-2254-4BB7-866F-9D84FEF7F484}C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience
\vernissage\v2.1\bin\vernissage.exe
FirewallRules: [UDP Query User{7616E5EF-9B58-4685-947D-9735841F962A}C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience
\vernissage\v2.1\bin\vernissage.exe
FirewallRules: [TCP Query User{C915CDBC-95AF-4600-9AF7-20C3490ED645}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{BD0A55D6-14EA-4A0F-ADE2-CB92922061F0}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [TCP Query User{7F4D6944-F476-4900-B0D5-D476096976FF}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{81C5AFB9-614A-4531-AA69-65521A65264E}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [TCP Query User{72EC46C6-A191-4089-8A10-2777B8BA6985}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [UDP Query User{FA666C1E-C1AA-4DA7-B9CD-48C5FDF893B4}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [TCP Query User{5E522F9F-41A5-4541-AE49-C3A82B6B1484}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [UDP Query User{F389669E-5F7C-4BF8-93F9-4A1BD8CA127F}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [{EAD919EB-947B-4861-801A-E0CDC05FE31C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
07-06-2016 10:35:46 Windows Defender Checkpoint
09-06-2016 20:38:14 JUN2015-PATHgone
14-06-2016 09:05:09 Windows Update
15-06-2016 12:03:25 Windows Update
15-06-2016 12:58:09 Windows Defender Checkpoint
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/15/2016 12:58:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {95b21c62-8922-4720-9508-36a425c3ef19}
Error: (06/15/2016 12:20:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2016 11:37:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2016 08:48:02 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/15/2016 08:48:02 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/15/2016 08:48:02 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/15/2016 08:48:02 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/15/2016 08:48:02 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/15/2016 08:48:02 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/15/2016 08:48:02 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Systemfehler:
=============
Error: (06/15/2016 01:51:01 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 01:35:58 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 01:21:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 01:06:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 12:51:07 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 12:36:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 12:22:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Ruotygutght System" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (06/15/2016 12:20:59 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 12:20:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (06/15/2016 12:20:54 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 16267.23 MB
Verfügbarer physikalischer RAM: 12862.58 MB
Summe virtueller Speicher: 17289.42 MB
Verfügbarer virtueller Speicher: 13824.45 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:122.54 GB) NTFS
Drive d: (Daten) (Fixed) (Total:298.09 GB) (Free:171.05 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5069DEFD)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8E080CFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Leider habe ich irgendwie beim hantieren mit den [Code] tags ein paar leerzeilen eingeführt ohne das zu beabsichtigen ?? außerdem habe ich vergessen zu erwähnen das meine Sophos Installation eigentlich aktuell sein sollte ( laut sophos interface) aber windows das nicht erkennt. |
|
15.06.2016, 18:09
| #4 |
| /// Malwareteam | Windows Defender hat Software zur Browser Veränderung gefunden.... Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~  Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
16.06.2016, 13:51
| #5 |
| | Windows Defender hat Software zur Browser Veränderung gefunden.... Ich bin relativ zuversichtlich das "Material Studio Gateway" nicht das Problem ist und würde das auch nur ungern löschen. Code:
ATTFilter 22:26:37.0995 0x1b44 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
22:26:43.0143 0x1b44 ============================================================
22:26:43.0143 0x1b44 Current date / time: 2016/06/15 22:26:43.0143
22:26:43.0143 0x1b44 SystemInfo:
22:26:43.0143 0x1b44
22:26:43.0143 0x1b44 OS Version: 6.1.7601 ServicePack: 1.0
22:26:43.0143 0x1b44 Product type: Workstation
22:26:43.0143 0x1b44 ComputerName: HAL9000
22:26:43.0143 0x1b44 UserName: admin
22:26:43.0143 0x1b44 Windows directory: C:\Windows
22:26:43.0143 0x1b44 System windows directory: C:\Windows
22:26:43.0143 0x1b44 Running under WOW64
22:26:43.0143 0x1b44 Processor architecture: Intel x64
22:26:43.0143 0x1b44 Number of processors: 4
22:26:43.0143 0x1b44 Page size: 0x1000
22:26:43.0143 0x1b44 Boot type: Normal boot
22:26:43.0143 0x1b44 ============================================================
22:26:43.0533 0x1b44 KLMD registered as C:\Windows\system32\drivers\27684860.sys
22:26:43.0720 0x1b44 System UUID: {E2464E2C-FD9C-EE96-4382-2272383C21BE}
22:26:44.0216 0x1b44 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:44.0231 0x1b44 Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:44.0231 0x1b44 ============================================================
22:26:44.0231 0x1b44 \Device\Harddisk0\DR0:
22:26:44.0231 0x1b44 MBR partitions:
22:26:44.0231 0x1b44 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
22:26:44.0231 0x1b44 \Device\Harddisk1\DR1:
22:26:44.0231 0x1b44 MBR partitions:
22:26:44.0231 0x1b44 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:26:44.0231 0x1b44 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
22:26:44.0231 0x1b44 ============================================================
22:26:44.0231 0x1b44 C: <-> \Device\Harddisk1\DR1\Partition2
22:26:44.0263 0x1b44 D: <-> \Device\Harddisk0\DR0\Partition1
22:26:44.0263 0x1b44 ============================================================
22:26:44.0263 0x1b44 Initialize success
22:26:44.0263 0x1b44 ============================================================
22:27:19.0520 0x13e4 ============================================================
22:27:19.0520 0x13e4 Scan started
22:27:19.0520 0x13e4 Mode: Manual; SigCheck; TDLFS;
22:27:19.0520 0x13e4 ============================================================
22:27:19.0520 0x13e4 KSN ping started
22:27:19.0738 0x13e4 KSN ping finished: true
22:27:19.0988 0x13e4 ================ Scan system memory ========================
22:27:19.0988 0x13e4 System memory - ok
22:27:19.0988 0x13e4 ================ Scan services =============================
22:27:20.0050 0x13e4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:27:20.0128 0x13e4 1394ohci - ok
22:27:20.0144 0x13e4 [ F4AF97702BAD85BFEF64B9A557F11B6F, 8255B2FBE64C60562A7DAAAD575EED49EE0D23DD42E5C76C988B8A3673843EA6 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
22:27:20.0160 0x13e4 5U877 - ok
22:27:20.0191 0x13e4 [ F762AE78118EFF195378C7489ADFB7AE, 3978ACD8A451C3F1D77A36A084B27FB3028AAEA7DEBB866D3CBEF775E48A921C ] Accelrys License Server C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\lmgrd.exe
22:27:20.0362 0x13e4 Accelrys License Server - ok
22:27:20.0378 0x13e4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:27:20.0409 0x13e4 ACPI - ok
22:27:20.0409 0x13e4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:27:20.0440 0x13e4 AcpiPmi - ok
22:27:20.0440 0x13e4 [ C355E18A892271574976DFEC962A66C5, A3E13D15D5B54E77DF74592039E2056E926794B66E44E048BA90AB5006F4F5B7 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
22:27:20.0472 0x13e4 AcPrfMgrSvc - ok
22:27:20.0487 0x13e4 [ 028F7CFA4B2F7A7049375C4088ADB369, DAE4F092734655F99C097C1F6E49B4F7C2110A35839139CB62C1FFD84379DE4A ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
22:27:20.0518 0x13e4 acsock - ok
22:27:20.0518 0x13e4 [ 59997CDE434376E03384C2659728DA17, C48FBAEF0FC58B22BB57C5B6650769BCF9D7AA8E556E93BB38A1E205D3DE9549 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
22:27:20.0565 0x13e4 AcSvc - ok
22:27:20.0565 0x13e4 AdobeARMservice - ok
22:27:20.0581 0x13e4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:27:20.0612 0x13e4 adp94xx - ok
22:27:20.0628 0x13e4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:27:20.0659 0x13e4 adpahci - ok
22:27:20.0659 0x13e4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:27:20.0690 0x13e4 adpu320 - ok
22:27:20.0690 0x13e4 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:27:20.0706 0x13e4 AeLookupSvc - ok
22:27:20.0721 0x13e4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD C:\Windows\system32\drivers\afd.sys
22:27:20.0752 0x13e4 AFD - ok
22:27:20.0752 0x13e4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
22:27:20.0784 0x13e4 agp440 - ok
22:27:20.0784 0x13e4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
22:27:20.0799 0x13e4 ALG - ok
22:27:20.0799 0x13e4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
22:27:20.0815 0x13e4 aliide - ok
22:27:20.0830 0x13e4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
22:27:20.0846 0x13e4 amdide - ok
22:27:20.0846 0x13e4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:27:20.0862 0x13e4 AmdK8 - ok
22:27:20.0877 0x13e4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:27:20.0893 0x13e4 AmdPPM - ok
22:27:20.0893 0x13e4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:27:20.0908 0x13e4 amdsata - ok
22:27:20.0924 0x13e4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:27:20.0940 0x13e4 amdsbs - ok
22:27:20.0940 0x13e4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:27:20.0955 0x13e4 amdxata - ok
22:27:20.0971 0x13e4 [ 6474F8823C7188D2DA579F01FB6CED6B, 81D4E9D026CA60FB8840D520D151B8C2F4745A75DF90A4D6C80641F1A23AB605 ] AppID C:\Windows\system32\drivers\appid.sys
22:27:20.0986 0x13e4 AppID - ok
22:27:20.0986 0x13e4 [ 8F58BA1F7772D6D7CE45F03309608001, CDB109E0DD241042C058F7D81A1BDEBC34435CB2DC4A7A7A3692193DD5806097 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:27:21.0002 0x13e4 AppIDSvc - ok
22:27:21.0002 0x13e4 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\Windows\System32\appinfo.dll
22:27:21.0033 0x13e4 Appinfo - ok
22:27:21.0033 0x13e4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
22:27:21.0064 0x13e4 AppMgmt - ok
22:27:21.0064 0x13e4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
22:27:21.0080 0x13e4 arc - ok
22:27:21.0080 0x13e4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:27:21.0111 0x13e4 arcsas - ok
22:27:21.0127 0x13e4 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:27:21.0142 0x13e4 aspnet_state - ok
22:27:21.0142 0x13e4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:21.0236 0x13e4 AsyncMac - ok
22:27:21.0236 0x13e4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
22:27:21.0252 0x13e4 atapi - ok
22:27:21.0267 0x13e4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:21.0298 0x13e4 AudioEndpointBuilder - ok
22:27:21.0330 0x13e4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:27:21.0361 0x13e4 AudioSrv - ok
22:27:21.0361 0x13e4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:27:21.0392 0x13e4 AxInstSV - ok
22:27:21.0408 0x13e4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:27:21.0439 0x13e4 b06bdrv - ok
22:27:21.0454 0x13e4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:27:21.0470 0x13e4 b57nd60a - ok
22:27:21.0486 0x13e4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
22:27:21.0501 0x13e4 BDESVC - ok
22:27:21.0501 0x13e4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
22:27:21.0532 0x13e4 Beep - ok
22:27:21.0564 0x13e4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
22:27:21.0595 0x13e4 BFE - ok
22:27:21.0626 0x13e4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
22:27:21.0720 0x13e4 BITS - ok
22:27:21.0735 0x13e4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:27:21.0751 0x13e4 blbdrive - ok
22:27:21.0751 0x13e4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:27:21.0766 0x13e4 bowser - ok
22:27:21.0782 0x13e4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:27:21.0798 0x13e4 BrFiltLo - ok
22:27:21.0798 0x13e4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:27:21.0813 0x13e4 BrFiltUp - ok
22:27:21.0829 0x13e4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
22:27:21.0844 0x13e4 Browser - ok
22:27:21.0844 0x13e4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:27:21.0876 0x13e4 Brserid - ok
22:27:21.0876 0x13e4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:27:21.0907 0x13e4 BrSerWdm - ok
22:27:21.0910 0x13e4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:27:21.0925 0x13e4 BrUsbMdm - ok
22:27:21.0925 0x13e4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:27:21.0941 0x13e4 BrUsbSer - ok
22:27:21.0941 0x13e4 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
22:27:21.0957 0x13e4 BthEnum - ok
22:27:21.0972 0x13e4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:27:21.0988 0x13e4 BTHMODEM - ok
22:27:21.0988 0x13e4 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:27:22.0019 0x13e4 BthPan - ok
22:27:22.0035 0x13e4 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
22:27:22.0066 0x13e4 BTHPORT - ok
22:27:22.0081 0x13e4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
22:27:22.0113 0x13e4 bthserv - ok
22:27:22.0128 0x13e4 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
22:27:22.0144 0x13e4 BTHUSB - ok
22:27:22.0159 0x13e4 [ 96E22173FD0E2670A2A20C1EEECA162A, 2CC26317DBA063058178EA9B775C2A0FA2CF94FEDC6DF89F3D8314207D56DA24 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
22:27:22.0206 0x13e4 btwampfl - ok
22:27:22.0222 0x13e4 [ A771078558477068DFD8037B82EB00F8, 58E1686B12B747639FE3BF4CCA58D48B8BBB349C9D316315AD7237F44EF760A4 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:27:22.0237 0x13e4 btwaudio - ok
22:27:22.0253 0x13e4 [ 9FF58F76024D25784755B01F926B00BE, 7A2504E326E63B7225FA25EA6D6ED3E7267278F5D2343A375D7F3B3F74EC9F38 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:27:22.0269 0x13e4 btwavdt - ok
22:27:22.0315 0x13e4 [ C8306C64F95DABC69A11DF3A664C00FB, 1AFE7B7E9FADA3A55CACADA8FEC1C2646CB99DA71CD033A28239932253B807C4 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
22:27:22.0378 0x13e4 btwdins - ok
22:27:22.0378 0x13e4 [ B1ACFD00CDD13B48D86F46BFEC153BF9, CD7BE27D93364735511CC714B85CB7D97E21E84E3C2361EC405BADAAEA550925 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:27:22.0393 0x13e4 btwl2cap - ok
22:27:22.0393 0x13e4 [ EDD953D635F3AA89EF902E3F82D60D22, 22A60B225A1AD0F25B9715338C805FED9D5F4BCAC296BBC0D045C6935BDA55E7 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:27:22.0409 0x13e4 btwrchid - ok
22:27:22.0425 0x13e4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:27:22.0456 0x13e4 cdfs - ok
22:27:22.0471 0x13e4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:27:22.0487 0x13e4 cdrom - ok
22:27:22.0487 0x13e4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
22:27:22.0534 0x13e4 CertPropSvc - ok
22:27:22.0534 0x13e4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
22:27:22.0565 0x13e4 circlass - ok
22:27:22.0565 0x13e4 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\Windows\system32\CLFS.sys
22:27:22.0596 0x13e4 CLFS - ok
22:27:22.0674 0x13e4 [ 14E5789984C4817C430A48B94519CE0B, 34C53D6E31FAF6AF10ADEECAF3CCFFD97813441033C0CFC3B830273C148EEC3A ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
22:27:22.0783 0x13e4 ClickToRunSvc - ok
22:27:22.0783 0x13e4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:22.0846 0x13e4 clr_optimization_v2.0.50727_32 - ok
22:27:22.0861 0x13e4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:27:22.0877 0x13e4 clr_optimization_v2.0.50727_64 - ok
22:27:22.0893 0x13e4 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:27:22.0955 0x13e4 clr_optimization_v4.0.30319_32 - ok
22:27:22.0955 0x13e4 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:27:22.0986 0x13e4 clr_optimization_v4.0.30319_64 - ok
22:27:22.0986 0x13e4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:27:23.0002 0x13e4 CmBatt - ok
22:27:23.0017 0x13e4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:27:23.0033 0x13e4 cmdide - ok
22:27:23.0049 0x13e4 [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG C:\Windows\system32\Drivers\cng.sys
22:27:23.0080 0x13e4 CNG - ok
22:27:23.0127 0x13e4 [ 5BEC441B6B91E874C987C06F98176D90, FA4B523271947AE908C41BA2ABB1E4871359C8DE21E0ECC2B4CD49F734EF8FB4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:27:23.0173 0x13e4 CnxtHdAudService - ok
22:27:23.0189 0x13e4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:27:23.0189 0x13e4 Compbatt - ok
22:27:23.0205 0x13e4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:27:23.0220 0x13e4 CompositeBus - ok
22:27:23.0220 0x13e4 COMSysApp - ok
22:27:23.0251 0x13e4 [ 6140F41C58F782976CD78F5FADECA816, 791CD3D1862939CBC58179DAA6B8B46348D82956080F4CA043559EE566094478 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:27:23.0314 0x13e4 cphs - ok
22:27:23.0314 0x13e4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:27:23.0329 0x13e4 crcdisk - ok
22:27:23.0345 0x13e4 [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:27:23.0392 0x13e4 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
22:27:23.0485 0x13e4 Detect skipped due to KSN trusted
22:27:23.0485 0x13e4 Creative Audio Engine Licensing Service - ok
22:27:23.0501 0x13e4 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:27:23.0532 0x13e4 CryptSvc - ok
22:27:23.0548 0x13e4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
22:27:23.0595 0x13e4 CSC - ok
22:27:23.0610 0x13e4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
22:27:23.0641 0x13e4 CscService - ok
22:27:23.0657 0x13e4 [ 01ACB9228C303DE1FFF82B807D28B2B0, 0A66A09ECEE15645F16CF0A1A72BD9E7FED6EDBC52C03398578D87019414F5C5 ] Ctafiltv C:\Windows\system32\drivers\Ctafiltv.sys
22:27:23.0673 0x13e4 Ctafiltv - ok
22:27:23.0673 0x13e4 [ 07BA6D17E66879018B30B6C3F976EBED, 1759CE25519358A47E1B1FA02A415DB5D3F6B511AD3820D0AE8A1533B5DC83CD ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:27:23.0719 0x13e4 CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
22:27:24.0016 0x13e4 Detect skipped due to KSN trusted
22:27:24.0016 0x13e4 CTAudSvcService - ok
22:27:24.0047 0x13e4 [ DC08465037FA57A5203BDF3E963422C2, ADA7F6B4ED68413924E187DA1A609BB7B7AA5E483055994A17AEBC7F1BCEC5F2 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
22:27:24.0078 0x13e4 ctxusbm - ok
22:27:24.0078 0x13e4 [ 9D0D050170D47E778B624A28C90F23DE, 48528AA9EB0C9FB5086D992EF1F9556C8249D267C2E3D4E681D5C8B6BC316C71 ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
22:27:24.0109 0x13e4 CxAudMsg - ok
22:27:24.0125 0x13e4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:27:24.0172 0x13e4 DcomLaunch - ok
22:27:24.0172 0x13e4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
22:27:24.0219 0x13e4 defragsvc - ok
22:27:24.0234 0x13e4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:27:24.0265 0x13e4 DfsC - ok
22:27:24.0281 0x13e4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:27:24.0312 0x13e4 Dhcp - ok
22:27:24.0343 0x13e4 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\Windows\system32\diagtrack.dll
22:27:24.0390 0x13e4 DiagTrack - ok
22:27:24.0390 0x13e4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
22:27:24.0437 0x13e4 discache - ok
22:27:24.0437 0x13e4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
22:27:24.0453 0x13e4 Disk - ok
22:27:24.0453 0x13e4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:27:24.0468 0x13e4 dmvsc - ok
22:27:24.0484 0x13e4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:27:24.0499 0x13e4 Dnscache - ok
22:27:24.0515 0x13e4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
22:27:24.0562 0x13e4 dot3svc - ok
22:27:24.0562 0x13e4 [ 497E0E7CD4E6A708EDF8EF4D1702F427, 53591AFB2CACD1A1EDEAEDFABE57E04E219E0A7112F168E78A34DFE9413D7CEC ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
22:27:24.0595 0x13e4 DozeSvc - ok
22:27:24.0595 0x13e4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
22:27:24.0642 0x13e4 DPS - ok
22:27:24.0642 0x13e4 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:27:24.0657 0x13e4 drmkaud - ok
22:27:24.0673 0x13e4 [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:27:24.0689 0x13e4 dtsoftbus01 - ok
22:27:24.0720 0x13e4 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:27:24.0767 0x13e4 DXGKrnl - ok
22:27:24.0767 0x13e4 [ 3CE83D7EE95D9C9F03323810A2E747DF, 50E34E2EC26584A1BE06EA5049481D1AE2F3213B2A81BA86411623ADCEE24F53 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
22:27:24.0782 0x13e4 DzHDD64 - ok
22:27:24.0798 0x13e4 [ DEC1AADBA0AF70E6DE59ABD809461317, 8D21009AD9AE1CB575565C9F27916AA012DA5F3C9C8BC3F3AF89B336B7B518E4 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
22:27:24.0829 0x13e4 e1cexpress - ok
22:27:24.0829 0x13e4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
22:27:24.0860 0x13e4 EapHost - ok
22:27:24.0954 0x13e4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:27:25.0047 0x13e4 ebdrv - ok
22:27:25.0063 0x13e4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] EFS C:\Windows\System32\lsass.exe
22:27:25.0079 0x13e4 EFS - ok
22:27:25.0094 0x13e4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:27:25.0141 0x13e4 ehRecvr - ok
22:27:25.0141 0x13e4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
22:27:25.0157 0x13e4 ehSched - ok
22:27:25.0172 0x13e4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:27:25.0203 0x13e4 elxstor - ok
22:27:25.0219 0x13e4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:27:25.0235 0x13e4 ErrDev - ok
22:27:25.0250 0x13e4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
22:27:25.0297 0x13e4 EventSystem - ok
22:27:25.0313 0x13e4 [ C8559336BB21FF701CBEF14527D7660F, AE8CD6514C0B121B260D9101D76E6225599B832504EB5719FD110E348C9E6682 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:27:25.0344 0x13e4 EvtEng - ok
22:27:25.0344 0x13e4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
22:27:25.0391 0x13e4 exfat - ok
22:27:25.0406 0x13e4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:27:25.0437 0x13e4 fastfat - ok
22:27:25.0453 0x13e4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
22:27:25.0500 0x13e4 Fax - ok
22:27:25.0500 0x13e4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
22:27:25.0515 0x13e4 fdc - ok
22:27:25.0515 0x13e4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
22:27:25.0562 0x13e4 fdPHost - ok
22:27:25.0562 0x13e4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
22:27:25.0593 0x13e4 FDResPub - ok
22:27:25.0609 0x13e4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:27:25.0625 0x13e4 FileInfo - ok
22:27:25.0625 0x13e4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:27:25.0656 0x13e4 Filetrace - ok
22:27:25.0656 0x13e4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:27:25.0671 0x13e4 flpydisk - ok
22:27:25.0687 0x13e4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:27:25.0718 0x13e4 FltMgr - ok
22:27:25.0749 0x13e4 [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache C:\Windows\system32\FntCache.dll
22:27:25.0796 0x13e4 FontCache - ok
22:27:25.0796 0x13e4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:27:25.0843 0x13e4 FontCache3.0.0.0 - ok
22:27:25.0843 0x13e4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:27:25.0859 0x13e4 FsDepends - ok
22:27:25.0859 0x13e4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:27:25.0874 0x13e4 Fs_Rec - ok
22:27:25.0890 0x13e4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:27:25.0905 0x13e4 fvevol - ok
22:27:25.0922 0x13e4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:27:25.0940 0x13e4 gagp30kx - ok
22:27:25.0955 0x13e4 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc C:\Windows\System32\gpsvc.dll
22:27:25.0986 0x13e4 gpsvc - ok
22:27:26.0002 0x13e4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:27:26.0049 0x13e4 gupdate - ok
22:27:26.0049 0x13e4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:27:26.0080 0x13e4 gupdatem - ok
22:27:26.0096 0x13e4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:27:26.0111 0x13e4 hcw85cir - ok
22:27:26.0127 0x13e4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:26.0158 0x13e4 HdAudAddService - ok
22:27:26.0158 0x13e4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:27:26.0174 0x13e4 HDAudBus - ok
22:27:26.0189 0x13e4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:27:26.0205 0x13e4 HidBatt - ok
22:27:26.0205 0x13e4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:27:26.0220 0x13e4 HidBth - ok
22:27:26.0236 0x13e4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
22:27:26.0252 0x13e4 HidIr - ok
22:27:26.0252 0x13e4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
22:27:26.0283 0x13e4 hidserv - ok
22:27:26.0298 0x13e4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:27:26.0314 0x13e4 HidUsb - ok
22:27:26.0314 0x13e4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:27:26.0361 0x13e4 hkmsvc - ok
22:27:26.0361 0x13e4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:27:26.0392 0x13e4 HomeGroupListener - ok
22:27:26.0392 0x13e4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:27:26.0423 0x13e4 HomeGroupProvider - ok
22:27:26.0423 0x13e4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:27:26.0439 0x13e4 HpSAMD - ok
22:27:26.0470 0x13e4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:27:26.0501 0x13e4 HTTP - ok
22:27:26.0501 0x13e4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:27:26.0517 0x13e4 hwpolicy - ok
22:27:26.0517 0x13e4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:27:26.0548 0x13e4 i8042prt - ok
22:27:26.0564 0x13e4 [ CCFA835960E35F30D28A868E0B3B8722, 47D95E75685F9D40229902A92426FBCB358EA929202EAFBBF79C72873B8B9032 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
22:27:26.0595 0x13e4 iaStor - ok
22:27:26.0610 0x13e4 [ 8BE099617DA18FE085A40D47FC156B1B, A5F7AB41D32DF8A12F1945C263EE954CE15069C3CFD7131C74A8A3F4EC3AC122 ] iaStorA C:\Windows\system32\DRIVERS\iaStorA.sys
22:27:26.0642 0x13e4 iaStorA - ok
22:27:26.0642 0x13e4 [ 005C0887D8B57A19883E3ADEF5478F05, E4D53F6197F128C5A753DBA0592619893D93F87575678E9708830B04C4CE1553 ] iaStorF C:\Windows\system32\DRIVERS\iaStorF.sys
22:27:26.0657 0x13e4 iaStorF - ok
22:27:26.0673 0x13e4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:27:26.0704 0x13e4 iaStorV - ok
22:27:26.0704 0x13e4 [ 16DB32FC521B6D9D44C7E99EC0F8E8BA, 466DFF7F68EB5D88AD2F98E9D0280209C7B950841FAA3F5A75EF2CA2FCE31993 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:27:26.0735 0x13e4 IBMPMDRV - ok
22:27:26.0735 0x13e4 [ FF05933FB73440B1443BBB4114E1EFA3, D13E1B8FD68D972A72B84AF51476F660C7B3E59BED98B4C45781B889968D2988 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
22:27:26.0751 0x13e4 IBMPMSVC - ok
22:27:26.0766 0x13e4 [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
22:27:26.0798 0x13e4 ICCS - ok
22:27:26.0829 0x13e4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:27:26.0876 0x13e4 idsvc - ok
22:27:26.0876 0x13e4 IEEtwCollectorService - ok
22:27:27.0016 0x13e4 [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:27:27.0172 0x13e4 igfx - ok
22:27:27.0188 0x13e4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:27:27.0203 0x13e4 iirsp - ok
22:27:27.0219 0x13e4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
22:27:27.0266 0x13e4 IKEEXT - ok
22:27:27.0266 0x13e4 [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
22:27:27.0281 0x13e4 intaud_WaveExtensible - ok
22:27:27.0297 0x13e4 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:27:27.0312 0x13e4 IntcDAud - ok
22:27:27.0328 0x13e4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
22:27:27.0344 0x13e4 intelide - ok
22:27:27.0344 0x13e4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:27:27.0359 0x13e4 intelppm - ok
22:27:27.0359 0x13e4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:27:27.0406 0x13e4 IPBusEnum - ok
22:27:27.0406 0x13e4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:27.0437 0x13e4 IpFilterDriver - ok
22:27:27.0468 0x13e4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:27:27.0500 0x13e4 iphlpsvc - ok
22:27:27.0500 0x13e4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:27:27.0515 0x13e4 IPMIDRV - ok
22:27:27.0531 0x13e4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:27:27.0562 0x13e4 IPNAT - ok
22:27:27.0562 0x13e4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:27:27.0593 0x13e4 IRENUM - ok
22:27:27.0593 0x13e4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:27:27.0609 0x13e4 isapnp - ok
22:27:27.0609 0x13e4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:27:27.0640 0x13e4 iScsiPrt - ok
22:27:27.0656 0x13e4 [ 16B5B394028D8ED80A569123A38DC4F7, 19839364B7A48584615F0ED56D94AB6E6F8159EAD826605F74C73845CE2C5C12 ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
22:27:27.0687 0x13e4 iumsvc - ok
22:27:27.0687 0x13e4 [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
22:27:27.0702 0x13e4 iwdbus - ok
22:27:27.0702 0x13e4 [ 52C53FBE7F08499D166E8513FD1A5E01, FDE6A6CDBD0C56890355EB7EA21C1E9585E21D1385DC2FD0559BBBDB4C002513 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
22:27:27.0765 0x13e4 jhi_service - ok
22:27:27.0765 0x13e4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:27.0780 0x13e4 kbdclass - ok
22:27:27.0780 0x13e4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:27:27.0812 0x13e4 kbdhid - ok
22:27:27.0812 0x13e4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] KeyIso C:\Windows\system32\lsass.exe
22:27:27.0827 0x13e4 KeyIso - ok
22:27:27.0827 0x13e4 [ 3974E5264A0481600370C5BEED061DDF, 6365DC2B3ECAF462F98481103F47B7550688D1A3AE96C88FDBCB3ED3BBB76EB6 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:27:27.0843 0x13e4 KSecDD - ok
22:27:27.0858 0x13e4 [ 6E85615A86FE86E76DAE49BF9F227483, 825F9906910C33A36D04D805402A8C0C8E09232407E077B85282E3208A9BFC25 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:27:27.0874 0x13e4 KSecPkg - ok
22:27:27.0874 0x13e4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:27:27.0905 0x13e4 ksthunk - ok
22:27:27.0921 0x13e4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
22:27:27.0968 0x13e4 KtmRm - ok
22:27:27.0983 0x13e4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:27:28.0014 0x13e4 LanmanServer - ok
22:27:28.0030 0x13e4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:28.0061 0x13e4 LanmanWorkstation - ok
22:27:28.0077 0x13e4 [ 403F6798A847D9F98B650D27D0FA3FD3, D69314309E251C74D77CDEF1DED7A4E83788871FA723D0D74B9FE5BAA89F9998 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
22:27:28.0108 0x13e4 LENOVO.CAMMUTE - ok
22:27:28.0108 0x13e4 [ A062A18F4F792534F898AEB3BD723D01, 4B620E9BBADAC69F4F116F19BA00B07E49F01DE0516A6091772E8515A8636B72 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
22:27:28.0217 0x13e4 LENOVO.MICMUTE - ok
22:27:28.0233 0x13e4 [ 2B9D8555DC004E240082D18E7725CE20, 9DEF9463CB099C0BC8782C1E5FCE62F038B971ABC12966774D1F83569B081A42 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
22:27:28.0233 0x13e4 lenovo.smi - ok
22:27:28.0248 0x13e4 [ 00F2E095C36199D8BF14A8E40CDBC2D0, A7E048E496056E7554F9BB2CA71374820821371F39D5BE22C88285D412E2FCBE ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
22:27:28.0295 0x13e4 LENOVO.TPKNRSVC - ok
22:27:28.0295 0x13e4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:27:28.0342 0x13e4 lltdio - ok
22:27:28.0342 0x13e4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:27:28.0389 0x13e4 lltdsvc - ok
22:27:28.0389 0x13e4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:27:28.0436 0x13e4 lmhosts - ok
22:27:28.0436 0x13e4 [ 713B289020B0C72DBAE93EB1EC79B28B, D15713E72D22D183C4AF7B75E74AF3F82F946C7B2AA841DB2B49D88FEF7C5853 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:27:28.0732 0x13e4 LMS - ok
22:27:28.0748 0x13e4 [ 5F2C900A90848BCBF8650D5D3F1BDA88, 9FCDA71C2C9F827255A47A973C60D6DBA167EDA702320CA581A2F70FF2B7AD00 ] LSC.Services.SystemService c:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
22:27:28.0794 0x13e4 LSC.Services.SystemService - ok
22:27:28.0794 0x13e4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:27:28.0810 0x13e4 LSI_FC - ok
22:27:28.0826 0x13e4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:27:28.0841 0x13e4 LSI_SAS - ok
22:27:28.0841 0x13e4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:27:28.0857 0x13e4 LSI_SAS2 - ok
22:27:28.0872 0x13e4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:27:28.0888 0x13e4 LSI_SCSI - ok
22:27:28.0888 0x13e4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
22:27:28.0935 0x13e4 luafv - ok
22:27:28.0935 0x13e4 [ 9CD2F5F436D82331B387E00542B596A6, 6BDE415C987284D3AB1761AB0C5F3C60B1A877D0BB0241C9E9BA9D777E233166 ] MADFUMIDISPORT2010 C:\Windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys
22:27:28.0950 0x13e4 MADFUMIDISPORT2010 - ok
22:27:28.0950 0x13e4 [ 4028D97946695B30B77C7366F7B1B7B5, DD1B3C2EC21CA9CBA2EEFB0FE2F17500EFF49BF17E982A648ADD6EC0E9B21B7E ] MaterialsStudioGateway C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe
22:27:28.0966 0x13e4 MaterialsStudioGateway - detected UnsignedFile.Multi.Generic ( 1 )
22:27:29.0184 0x13e4 MaterialsStudioGateway ( UnsignedFile.Multi.Generic ) - warning
22:27:29.0325 0x13e4 [ 265CCF3E1874B0FCAFE3D857FFB45034, 0B391652D9469E29359862B86EFFA952B7178F7C56B2B03678F8993D113BE199 ] MAUSBMIDISPORT C:\Windows\system32\DRIVERS\MAudioMIDISPORT.sys
22:27:29.0356 0x13e4 MAUSBMIDISPORT - ok
22:27:29.0372 0x13e4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:27:29.0387 0x13e4 Mcx2Svc - ok
22:27:29.0387 0x13e4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
22:27:29.0403 0x13e4 megasas - ok
22:27:29.0418 0x13e4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:27:29.0450 0x13e4 MegaSR - ok
22:27:29.0450 0x13e4 [ 6EA2F13DEAF130753F6FC19AFFFF94A8, ADA5BA2DBCD58372918FD278834B2E13FE0F73E200A2E747AB7B123C31E46825 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:27:29.0465 0x13e4 MEIx64 - ok
22:27:29.0512 0x13e4 [ 2F92023E25C1D0CACFF32F67ADA90A28, 0D7700EF442AB88DA1CB95DD4440C302949434DB917CAB3366D6A987D7487929 ] MIDISPORTAudioDevMon C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
22:27:29.0606 0x13e4 MIDISPORTAudioDevMon - ok
22:27:29.0606 0x13e4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
22:27:29.0652 0x13e4 MMCSS - ok
22:27:29.0652 0x13e4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
22:27:29.0684 0x13e4 Modem - ok
22:27:29.0699 0x13e4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:27:29.0715 0x13e4 monitor - ok
22:27:29.0715 0x13e4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:27:29.0730 0x13e4 mouclass - ok
22:27:29.0730 0x13e4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:27:29.0746 0x13e4 mouhid - ok
22:27:29.0762 0x13e4 [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:27:29.0777 0x13e4 mountmgr - ok
22:27:29.0777 0x13e4 [ C410158EAB38FC64D026830B2E509ED0, 7BBF004CC78CDD763413268A1A2E151B6F1E8010827097B5C454CE8FFBD21974 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:27:29.0824 0x13e4 MozillaMaintenance - ok
22:27:29.0824 0x13e4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
22:27:29.0855 0x13e4 mpio - ok
22:27:29.0855 0x13e4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:27:29.0886 0x13e4 mpsdrv - ok
22:27:29.0918 0x13e4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:27:29.0964 0x13e4 MpsSvc - ok
22:27:29.0980 0x13e4 [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:27:29.0996 0x13e4 MRxDAV - ok
22:27:29.0996 0x13e4 [ 10112D850C844606419C79EE24EE6016, 1668F47ED9C31D805542646A0AD6E572C3547FF822F5BCDF1BB3F521714F8B85 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:30.0027 0x13e4 mrxsmb - ok
22:27:30.0027 0x13e4 [ DCC4343B422A13B42C7678998449CE8A, 9C143543DC9B21A15C5E86640464A3A78C5E820857D0A6BE05D4FBC20D0BF866 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:30.0058 0x13e4 mrxsmb10 - ok
22:27:30.0058 0x13e4 [ 46C4F5BEE8D98BB1688752EAD0ABB7C0, C744F39E462798DC98D1C4603758AC43DB4A7961F3BAF9E5ABA22AD905E012F8 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:30.0074 0x13e4 mrxsmb20 - ok
22:27:30.0089 0x13e4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
22:27:30.0105 0x13e4 msahci - ok
22:27:30.0105 0x13e4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:27:30.0120 0x13e4 msdsm - ok
22:27:30.0136 0x13e4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
22:27:30.0152 0x13e4 MSDTC - ok
22:27:30.0167 0x13e4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:27:30.0198 0x13e4 Msfs - ok
22:27:30.0198 0x13e4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:27:30.0230 0x13e4 mshidkmdf - ok
22:27:30.0245 0x13e4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:27:30.0261 0x13e4 msisadrv - ok
22:27:30.0261 0x13e4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:27:30.0308 0x13e4 MSiSCSI - ok
22:27:30.0308 0x13e4 msiserver - ok
22:27:30.0308 0x13e4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:27:30.0354 0x13e4 MSKSSRV - ok
22:27:30.0354 0x13e4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:30.0401 0x13e4 MSPCLOCK - ok
22:27:30.0401 0x13e4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:27:30.0432 0x13e4 MSPQM - ok
22:27:30.0448 0x13e4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:27:30.0479 0x13e4 MsRPC - ok
22:27:30.0479 0x13e4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:27:30.0495 0x13e4 mssmbios - ok
22:27:30.0495 0x13e4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:27:30.0526 0x13e4 MSTEE - ok
22:27:30.0542 0x13e4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:27:30.0557 0x13e4 MTConfig - ok
22:27:30.0557 0x13e4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
22:27:30.0574 0x13e4 Mup - ok
22:27:30.0574 0x13e4 [ 50E1967C1C2A2BBF4E361DE1A6DD9A5E, 914650EE73313FF15F778F9002D8A1F43D9850D3D1086282B408CD71AC3874D0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:27:30.0621 0x13e4 MyWiFiDHCPDNS - ok
22:27:30.0641 0x13e4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
22:27:30.0690 0x13e4 napagent - ok
22:27:30.0690 0x13e4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:27:30.0721 0x13e4 NativeWifiP - ok
22:27:30.0752 0x13e4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:27:30.0800 0x13e4 NDIS - ok
22:27:30.0802 0x13e4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:27:30.0833 0x13e4 NdisCap - ok
22:27:30.0833 0x13e4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:30.0880 0x13e4 NdisTapi - ok
22:27:30.0880 0x13e4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:30.0927 0x13e4 Ndisuio - ok
22:27:30.0943 0x13e4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:30.0989 0x13e4 NdisWan - ok
22:27:30.0989 0x13e4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:27:31.0021 0x13e4 NDProxy - ok
22:27:31.0036 0x13e4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:27:31.0067 0x13e4 NetBIOS - ok
22:27:31.0083 0x13e4 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:27:31.0099 0x13e4 NetBT - ok
22:27:31.0114 0x13e4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] Netlogon C:\Windows\system32\lsass.exe
22:27:31.0130 0x13e4 Netlogon - ok
22:27:31.0145 0x13e4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
22:27:31.0192 0x13e4 Netman - ok
22:27:31.0208 0x13e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:31.0255 0x13e4 NetMsmqActivator - ok
22:27:31.0255 0x13e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:31.0301 0x13e4 NetPipeActivator - ok
22:27:31.0317 0x13e4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
22:27:31.0379 0x13e4 netprofm - ok
22:27:31.0379 0x13e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:31.0426 0x13e4 NetTcpActivator - ok
22:27:31.0442 0x13e4 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:27:31.0489 0x13e4 NetTcpPortSharing - ok
22:27:31.0769 0x13e4 [ DB8B323B4F2B46B32ECD2BAE7955E4AA, 89BC9F951B08A8566837DF442C95842061B921B79102A8AD2245783717355B34 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwsw00.sys
22:27:32.0097 0x13e4 NETwNs64 - ok
22:27:32.0113 0x13e4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:27:32.0128 0x13e4 nfrd960 - ok
22:27:32.0144 0x13e4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:27:32.0253 0x13e4 NlaSvc - ok
22:27:32.0253 0x13e4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:27:32.0300 0x13e4 Npfs - ok
22:27:32.0300 0x13e4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
22:27:32.0331 0x13e4 nsi - ok
22:27:32.0347 0x13e4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:27:32.0378 0x13e4 nsiproxy - ok
22:27:32.0425 0x13e4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:27:32.0487 0x13e4 Ntfs - ok
22:27:32.0487 0x13e4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
22:27:32.0534 0x13e4 Null - ok
22:27:32.0534 0x13e4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:27:32.0565 0x13e4 nvraid - ok
22:27:32.0565 0x13e4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:27:32.0581 0x13e4 nvstor - ok
22:27:32.0596 0x13e4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:27:32.0612 0x13e4 nv_agp - ok
22:27:32.0612 0x13e4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:27:32.0627 0x13e4 ohci1394 - ok
22:27:32.0643 0x13e4 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:32.0690 0x13e4 ose - ok
22:27:32.0815 0x13e4 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:27:33.0002 0x13e4 osppsvc - ok
22:27:33.0017 0x13e4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:27:33.0049 0x13e4 p2pimsvc - ok
22:27:33.0049 0x13e4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
22:27:33.0080 0x13e4 p2psvc - ok
22:27:33.0095 0x13e4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
22:27:33.0111 0x13e4 Parport - ok
22:27:33.0111 0x13e4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:27:33.0127 0x13e4 partmgr - ok
22:27:33.0142 0x13e4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:27:33.0158 0x13e4 PcaSvc - ok
22:27:33.0173 0x13e4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
22:27:33.0189 0x13e4 pci - ok
22:27:33.0189 0x13e4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
22:27:33.0205 0x13e4 pciide - ok
22:27:33.0220 0x13e4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:27:33.0236 0x13e4 pcmcia - ok
22:27:33.0251 0x13e4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
22:27:33.0267 0x13e4 pcw - ok
22:27:33.0283 0x13e4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:27:33.0314 0x13e4 PEAUTH - ok
22:27:33.0345 0x13e4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:27:33.0407 0x13e4 PeerDistSvc - ok
22:27:33.0439 0x13e4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:27:33.0454 0x13e4 PerfHost - ok
22:27:33.0501 0x13e4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
22:27:33.0579 0x13e4 pla - ok
22:27:33.0595 0x13e4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:27:33.0610 0x13e4 PlugPlay - ok
22:27:33.0626 0x13e4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:27:33.0641 0x13e4 PNRPAutoReg - ok
22:27:33.0657 0x13e4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:27:33.0673 0x13e4 PNRPsvc - ok
22:27:33.0688 0x13e4 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:27:33.0719 0x13e4 PolicyAgent - ok
22:27:33.0735 0x13e4 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
22:27:33.0751 0x13e4 Power - ok
22:27:33.0797 0x13e4 [ 3E1BA96F0B2E07117AD0E81C2B685E32, 8E6C45C1222D3C5442ECCE5E29B1023DDEB1E457FE86267A1DDEF8ED06ADDB3B ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
22:27:33.0907 0x13e4 Power Manager DBC Service - ok
22:27:33.0922 0x13e4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:27:33.0953 0x13e4 PptpMiniport - ok
22:27:33.0969 0x13e4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
22:27:33.0985 0x13e4 Processor - ok
22:27:33.0985 0x13e4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
22:27:34.0016 0x13e4 ProfSvc - ok
22:27:34.0016 0x13e4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:34.0031 0x13e4 ProtectedStorage - ok
22:27:34.0031 0x13e4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:27:34.0078 0x13e4 Psched - ok
22:27:34.0094 0x13e4 [ 788CB65D49D1162C5EE6814AFE5B0A70, 74072698692C8237F5041BB111C4E24B6583456FDA084895EA00B677B6FF64FC ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:27:34.0125 0x13e4 PSI_SVC_2_x64 - ok
22:27:34.0156 0x13e4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:27:34.0219 0x13e4 ql2300 - ok
22:27:34.0234 0x13e4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:27:34.0250 0x13e4 ql40xx - ok
22:27:34.0265 0x13e4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
22:27:34.0281 0x13e4 QWAVE - ok
22:27:34.0297 0x13e4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:27:34.0312 0x13e4 QWAVEdrv - ok
22:27:34.0312 0x13e4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:27:34.0343 0x13e4 RasAcd - ok
22:27:34.0359 0x13e4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:27:34.0390 0x13e4 RasAgileVpn - ok
22:27:34.0390 0x13e4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
22:27:34.0437 0x13e4 RasAuto - ok
22:27:34.0437 0x13e4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:34.0484 0x13e4 Rasl2tp - ok
22:27:34.0499 0x13e4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
22:27:34.0546 0x13e4 RasMan - ok
22:27:34.0546 0x13e4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:34.0577 0x13e4 RasPppoe - ok
22:27:34.0593 0x13e4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:27:34.0624 0x13e4 RasSstp - ok
22:27:34.0640 0x13e4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:27:34.0687 0x13e4 rdbss - ok
22:27:34.0687 0x13e4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:27:34.0702 0x13e4 rdpbus - ok
22:27:34.0702 0x13e4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:34.0749 0x13e4 RDPCDD - ok
22:27:34.0749 0x13e4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:27:34.0780 0x13e4 RDPDR - ok
22:27:34.0780 0x13e4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:27:34.0811 0x13e4 RDPENCDD - ok
22:27:34.0811 0x13e4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:27:34.0858 0x13e4 RDPREFMP - ok
22:27:34.0858 0x13e4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:27:34.0874 0x13e4 RdpVideoMiniport - ok
22:27:34.0889 0x13e4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:27:34.0905 0x13e4 RDPWD - ok
22:27:34.0921 0x13e4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:27:34.0936 0x13e4 rdyboost - ok
22:27:34.0936 0x13e4 [ 7256A19A9397E71FADC46E23E11B1609, AF403728F751C3ECFBA68D05C1E9672CB7B52CB078DE85CB16EAEC5230BBD5BC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:27:34.0967 0x13e4 RegSrvc - ok
22:27:34.0967 0x13e4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:27:35.0014 0x13e4 RemoteAccess - ok
22:27:35.0014 0x13e4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:27:35.0061 0x13e4 RemoteRegistry - ok
22:27:35.0061 0x13e4 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:27:35.0092 0x13e4 RFCOMM - ok
22:27:35.0092 0x13e4 [ 5A227511ED22DDFEDF7EF7323C8F7D2F, 5056DED32432E192268BE8214B6152A488807357D1BBB769171843E589BF4320 ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
22:27:35.0108 0x13e4 risdxc - ok
22:27:35.0108 0x13e4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:27:35.0155 0x13e4 RpcEptMapper - ok
22:27:35.0155 0x13e4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
22:27:35.0170 0x13e4 RpcLocator - ok
22:27:35.0186 0x13e4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
22:27:35.0233 0x13e4 RpcSs - ok
22:27:35.0233 0x13e4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:27:35.0279 0x13e4 rspndr - ok
22:27:35.0279 0x13e4 rtysystemSrv - ok
22:27:35.0279 0x13e4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:27:35.0295 0x13e4 s3cap - ok
22:27:35.0295 0x13e4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] SamSs C:\Windows\system32\lsass.exe
22:27:35.0311 0x13e4 SamSs - ok
22:27:35.0326 0x13e4 SAService - ok
22:27:35.0342 0x13e4 [ 0F88547DDDC91DE85B61F93BB8D7866A, 979D28408A7ABD93593D24648DF1067734341CED190BB36B760590915AD86C72 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
22:27:35.0389 0x13e4 SAVAdminService - ok
22:27:35.0404 0x13e4 [ 389609560D81988DA2B78F7AFE1384F0, 3AE26F2E4018D45027AA0DE09A0E58BF5F93A7E036AB73188B57C530869B0189 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
22:27:35.0420 0x13e4 SAVOnAccess - ok
22:27:35.0435 0x13e4 [ CD72AC46366F3745D0802BE75263CD85, F04B84E55746406701FC67BC03D6315AE2F950036F753CC1861CD01FFFAE01A0 ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
22:27:35.0560 0x13e4 SAVService - ok
22:27:35.0560 0x13e4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:27:35.0591 0x13e4 sbp2port - ok
22:27:35.0591 0x13e4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:27:35.0638 0x13e4 SCardSvr - ok
22:27:35.0638 0x13e4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:27:35.0669 0x13e4 scfilter - ok
22:27:35.0701 0x13e4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule C:\Windows\system32\schedsvc.dll
22:27:35.0747 0x13e4 Schedule - ok
22:27:35.0763 0x13e4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:27:35.0794 0x13e4 SCPolicySvc - ok
22:27:35.0794 0x13e4 [ 75B98959013B22F8F40C08095B8AB73C, EF608EFBF72AF48EFC9352FCEDF0523BDBA6055612FFD22654E3B241AA9C8033 ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
22:27:35.0810 0x13e4 sdcfilter - ok
22:27:35.0825 0x13e4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:27:35.0841 0x13e4 SDRSVC - ok
22:27:35.0841 0x13e4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:27:35.0872 0x13e4 secdrv - ok
22:27:35.0872 0x13e4 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon C:\Windows\system32\seclogon.dll
22:27:35.0888 0x13e4 seclogon - ok
22:27:35.0888 0x13e4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
22:27:35.0935 0x13e4 SENS - ok
22:27:35.0935 0x13e4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:27:35.0950 0x13e4 SensrSvc - ok
22:27:35.0950 0x13e4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:27:35.0966 0x13e4 Serenum - ok
22:27:35.0982 0x13e4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:27:35.0997 0x13e4 Serial - ok
22:27:35.0997 0x13e4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:27:36.0013 0x13e4 sermouse - ok
22:27:36.0028 0x13e4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
22:27:36.0060 0x13e4 SessionEnv - ok
22:27:36.0075 0x13e4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:27:36.0091 0x13e4 sffdisk - ok
22:27:36.0091 0x13e4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:27:36.0106 0x13e4 sffp_mmc - ok
22:27:36.0106 0x13e4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:27:36.0138 0x13e4 sffp_sd - ok
22:27:36.0138 0x13e4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:27:36.0153 0x13e4 sfloppy - ok
22:27:36.0169 0x13e4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:27:36.0216 0x13e4 SharedAccess - ok
22:27:36.0231 0x13e4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:36.0262 0x13e4 ShellHWDetection - ok
22:27:36.0278 0x13e4 [ EF92588890C3ADEE806D6EE7E3892D99, 1B2F9A18D44B42621AE2408997657F7C6D5507980F5EC5F0DDF1876EAA42A471 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
22:27:36.0294 0x13e4 Shockprf - ok
22:27:36.0294 0x13e4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:27:36.0309 0x13e4 SiSRaid2 - ok
22:27:36.0325 0x13e4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:27:36.0340 0x13e4 SiSRaid4 - ok
22:27:36.0340 0x13e4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:27:36.0387 0x13e4 Smb - ok
22:27:36.0387 0x13e4 [ C40F447162D99F6CBFC29A0B7EFE270B, 8826CEC13E5AAE763826B916143E6D3289FB75933206074DC67376B265E4C796 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
22:27:36.0403 0x13e4 SmbDrvI - ok
22:27:36.0403 0x13e4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:27:36.0418 0x13e4 SNMPTRAP - ok
22:27:36.0434 0x13e4 [ 0A8C9F9FB138B30B836CC808F7D14CEF, 6B123185136E1AF0B60B2B34DCA075184739396D0AD854A1036351AB57EC29B9 ] sntp C:\Windows\system32\DRIVERS\sntp.sys
22:27:36.0450 0x13e4 sntp - ok
22:27:36.0481 0x13e4 [ 95C9BDF5C030644B0B11D8BEEA9740D5, 0EBB624CDD939FBF634CF85DC658C6AB38C02BA3632AC2E8D0BA7B4847EC14BE ] SntpService C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
22:27:36.0512 0x13e4 SntpService - ok
22:27:36.0543 0x13e4 [ F5BCDA93F70CE7DCEB81660CB62C2BFF, 5DA4192A08418646E40E5FDC48E613490DD08567FE9E0D765C3FAF6EF9F7BF6D ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
22:27:36.0590 0x13e4 Sophos AutoUpdate Service - ok
22:27:36.0606 0x13e4 [ E26625A4A22E5BADF495B8FB613F27AD, C040328B0838A1DD2F5E12863611B3755681697D1ADA2F0C014694762B4F8F72 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
22:27:36.0684 0x13e4 Sophos Web Control Service - ok
22:27:36.0699 0x13e4 [ FFD056D55C46946ACA218F0A61DA2743, A9E3910EBEFC8674704F42C6D43A12A521C212B911D46FCD669D8AAFA8381C55 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
22:27:36.0715 0x13e4 SophosBootDriver - ok
22:27:36.0777 0x13e4 [ 664C33FCF2A7CE154ED21EC18F2424B1, 8C54F6A512342BAFF6638E5A300B9927592AA886ADCDB835EB1C3EC431A79DF7 ] sophossps C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
22:27:36.0871 0x13e4 sophossps - ok
22:27:36.0886 0x13e4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
22:27:36.0886 0x13e4 spldr - ok
22:27:36.0902 0x13e4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
22:27:36.0949 0x13e4 Spooler - ok
22:27:37.0042 0x13e4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
22:27:37.0167 0x13e4 sppsvc - ok
22:27:37.0167 0x13e4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:27:37.0214 0x13e4 sppuinotify - ok
22:27:37.0230 0x13e4 [ F2F4B895296EE3ECCE781CC2A296A5D1, 126321EDDA8141A42DBE7C90675948433063E6D5B6DEFD805AA0797C95A461EE ] srv C:\Windows\system32\DRIVERS\srv.sys
22:27:37.0261 0x13e4 srv - ok
22:27:37.0261 0x13e4 [ FD0008BEDD2723170CCA7D61837DFD52, F9F576FA7B84CAB5180B9080D62B8A00B3E5D5BC73199B11C63193742529227D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:27:37.0292 0x13e4 srv2 - ok
22:27:37.0292 0x13e4 [ 63B5845D9379262083655D5C6AB8DFC5, 1813D2FC41ADCDAC6E3A522373B9DB934CC27B89E7185E0E4FC26E30CDAF1523 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:27:37.0323 0x13e4 srvnet - ok
22:27:37.0323 0x13e4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:27:37.0370 0x13e4 SSDPSRV - ok
22:27:37.0370 0x13e4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:27:37.0417 0x13e4 SstpSvc - ok
22:27:37.0417 0x13e4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:27:37.0432 0x13e4 stexstor - ok
22:27:37.0448 0x13e4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
22:27:37.0479 0x13e4 stisvc - ok
22:27:37.0495 0x13e4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:27:37.0510 0x13e4 storflt - ok
22:27:37.0510 0x13e4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
22:27:37.0526 0x13e4 StorSvc - ok
22:27:37.0542 0x13e4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:27:37.0557 0x13e4 storvsc - ok
22:27:37.0557 0x13e4 [ FBB679A987A096E37330033863CA710F, 7C7DBB84B7619E689C3FC4CF90364BA05497E8BAA3833D51D288F865D1E226FB ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
22:27:37.0588 0x13e4 SUService - ok
22:27:37.0588 0x13e4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:27:37.0604 0x13e4 swenum - ok
22:27:37.0698 0x13e4 [ 78D9AE984D5E5C345FE4F536C62C913F, A111A31D9B4FB297B8DDDCA36E5F4A091C709D67F178407110A0B12FCF19C43C ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
22:27:37.0822 0x13e4 swi_service - ok
22:27:37.0885 0x13e4 [ 357FF184AE5AF39D9C99EE433FA4DE66, D608E6A722A6C7087F012DEC2D55DF696193B59C550B40D3F72E1AE11C871565 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
22:27:37.0963 0x13e4 swi_update_64 - ok
22:27:37.0978 0x13e4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
22:27:38.0041 0x13e4 swprv - ok
22:27:38.0056 0x13e4 [ BBF351BB2726CBE6DB12CE8D5B052210, 97F3CCEEC910375A42E5DEA932033BB08BCB012513EE5285FE0E6E99727655F4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:27:38.0072 0x13e4 SynTP - ok
22:27:38.0134 0x13e4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain C:\Windows\system32\sysmain.dll
22:27:38.0197 0x13e4 SysMain - ok
22:27:38.0197 0x13e4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:38.0228 0x13e4 TabletInputService - ok
22:27:38.0228 0x13e4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
22:27:38.0275 0x13e4 TapiSrv - ok
22:27:38.0290 0x13e4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
22:27:38.0322 0x13e4 TBS - ok
22:27:38.0368 0x13e4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:27:38.0446 0x13e4 Tcpip - ok
22:27:38.0493 0x13e4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:27:38.0556 0x13e4 TCPIP6 - ok
22:27:38.0571 0x13e4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:27:38.0587 0x13e4 tcpipreg - ok
22:27:38.0587 0x13e4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:27:38.0602 0x13e4 TDPIPE - ok
22:27:38.0602 0x13e4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:27:38.0618 0x13e4 TDTCP - ok
22:27:38.0634 0x13e4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:27:38.0649 0x13e4 tdx - ok
22:27:38.0649 0x13e4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:27:38.0665 0x13e4 TermDD - ok
22:27:38.0696 0x13e4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
22:27:38.0727 0x13e4 TermService - ok
22:27:38.0727 0x13e4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
22:27:38.0758 0x13e4 Themes - ok
22:27:38.0758 0x13e4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
22:27:38.0790 0x13e4 THREADORDER - ok
22:27:38.0805 0x13e4 [ A61D61672153DFF710CA33186D2C8B18, 8A126E249D1BEB66153A958ACD2C56F8DD8D0D762F0BB035E69FCC259C0A8757 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
22:27:38.0821 0x13e4 TPDIGIMN - ok
22:27:38.0821 0x13e4 [ 40492513735AED7A4357AAEC84873027, ACBD7F5A2C90866996C7DD0B69AAF6C79AFB0546A31682D8BD9E378DE2A2375C ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
22:27:38.0836 0x13e4 TPHDEXLGSVC - ok
22:27:38.0852 0x13e4 [ 6FE3085AB39EA391FCABE7275C8A380C, A3BBD17237D29BE9C11E1CA15C89028218ECAEB5E1151047D12957CEB7F434E2 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
22:27:38.0868 0x13e4 TPHKLOAD - ok
22:27:38.0868 0x13e4 [ F7B2314456B1676777AA9FFEF6776B45, FC6B4909BB698BC9EC151EC68357F1C27725E8F0AF8074338FD9502B1DEBCD0B ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
22:27:38.0961 0x13e4 TPHKSVC - ok
22:27:38.0961 0x13e4 [ 1B58B92F059C30F33A7B9DF7EC61F288, 0C0469784166F0433A178017BFB79831919372C5B5A7C948BAA8727F753FBF09 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
22:27:38.0977 0x13e4 TPPWRIF - ok
22:27:38.0977 0x13e4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
22:27:39.0024 0x13e4 TrkWks - ok
22:27:39.0024 0x13e4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:39.0070 0x13e4 TrustedInstaller - ok
22:27:39.0070 0x13e4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:39.0086 0x13e4 tssecsrv - ok
22:27:39.0102 0x13e4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:27:39.0117 0x13e4 TsUsbFlt - ok
22:27:39.0117 0x13e4 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:27:39.0133 0x13e4 TsUsbGD - ok
22:27:39.0148 0x13e4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:27:39.0180 0x13e4 tunnel - ok
22:27:39.0242 0x13e4 [ 56C10D3338B01D3FBCC5AF24B3833E1C, 99ABF0D33E2372521384DA3C98FD4A3534155AD5B6B7852EBE94E098AA3DC9B8 ] tvnserver C:\Program Files\TightVNC\tvnserver.exe
22:27:39.0382 0x13e4 tvnserver - ok
22:27:39.0398 0x13e4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:27:39.0414 0x13e4 uagp35 - ok
22:27:39.0414 0x13e4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:27:39.0460 0x13e4 udfs - ok
22:27:39.0476 0x13e4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:27:39.0492 0x13e4 UI0Detect - ok
22:27:39.0492 0x13e4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:27:39.0507 0x13e4 uliagpkx - ok
22:27:39.0523 0x13e4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:27:39.0538 0x13e4 umbus - ok
22:27:39.0538 0x13e4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
22:27:39.0554 0x13e4 UmPass - ok
22:27:39.0570 0x13e4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:27:39.0585 0x13e4 UmRdpService - ok
22:27:39.0663 0x13e4 [ F0EDD898A6B56C69BD92A06146E8ED98, 624D8F84E9FD82A852C9884A80381814A8D4880D19A53E71B64B1A2E388ADF25 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:27:39.0928 0x13e4 UNS - ok
22:27:39.0944 0x13e4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
22:27:39.0991 0x13e4 upnphost - ok
22:27:40.0006 0x13e4 [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub C:\Windows\system32\DRIVERS\usb3Hub.sys
22:27:40.0022 0x13e4 usb3Hub - ok
22:27:40.0022 0x13e4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:27:40.0053 0x13e4 usbaudio - ok
22:27:40.0053 0x13e4 [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:40.0069 0x13e4 usbccgp - ok
22:27:40.0084 0x13e4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:27:40.0100 0x13e4 usbcir - ok
22:27:40.0100 0x13e4 [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:27:40.0116 0x13e4 usbehci - ok
22:27:40.0131 0x13e4 [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:27:40.0162 0x13e4 usbhub - ok
22:27:40.0162 0x13e4 [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:27:40.0194 0x13e4 usbohci - ok
22:27:40.0209 0x13e4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:27:40.0225 0x13e4 usbprint - ok
22:27:40.0225 0x13e4 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
22:27:40.0240 0x13e4 USBSTOR - ok
22:27:40.0256 0x13e4 [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:27:40.0272 0x13e4 usbuhci - ok
22:27:40.0272 0x13e4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:27:40.0287 0x13e4 usbvideo - ok
22:27:40.0303 0x13e4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
22:27:40.0334 0x13e4 UxSms - ok
22:27:40.0334 0x13e4 [ C8A7F80DB5C193DD67747A1BA4B1782E, B216FC5A07C643868AD7C58F931F6327A21695E1734A62875F6E2909139F30B8 ] VaultSvc C:\Windows\system32\lsass.exe
22:27:40.0350 0x13e4 VaultSvc - ok
22:27:40.0381 0x13e4 [ BC9DE9BAE3A65664B13AF35CE28423EF, 442E4143161601F9E80ECB71BA6BE6E8F8AEA71C6B7837A7849D7A3A265D1194 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
22:27:40.0428 0x13e4 VBoxDrv - ok
22:27:40.0428 0x13e4 [ 8B61E7B09D27EAAE8BD227A04841BB8B, 225BF9B03E90ED7C4BA92F3E774F46F6CB90D721755930ABABEA255B07C0DD5D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
22:27:40.0459 0x13e4 VBoxNetAdp - ok
22:27:40.0459 0x13e4 [ 3B1EAC8C9C4D3E7B6DF9D73328FBE64E, 8FCD80024C025468A63524D9D1FA3E2BFA66EAA50FD13C934AB5A7E541C01342 ] VBoxNetLwf C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
22:27:40.0490 0x13e4 VBoxNetLwf - ok
22:27:40.0490 0x13e4 [ 9C5C6DA2B2507FF88A294F491C6085FA, AE0394E4841BABC6A1109FB93D31098095FC780113D5DF37A75B7A67222237B6 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
22:27:40.0506 0x13e4 VBoxUSBMon - ok
22:27:40.0521 0x13e4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:27:40.0537 0x13e4 vdrvroot - ok
22:27:40.0552 0x13e4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
22:27:40.0599 0x13e4 vds - ok
22:27:40.0599 0x13e4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:40.0615 0x13e4 vga - ok
22:27:40.0615 0x13e4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:27:40.0662 0x13e4 VgaSave - ok
22:27:40.0662 0x13e4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:27:40.0693 0x13e4 vhdmp - ok
22:27:40.0693 0x13e4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
22:27:40.0708 0x13e4 viaide - ok
22:27:40.0724 0x13e4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:27:40.0740 0x13e4 vmbus - ok
22:27:40.0740 0x13e4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:27:40.0755 0x13e4 VMBusHID - ok
22:27:40.0771 0x13e4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:27:40.0786 0x13e4 volmgr - ok
22:27:40.0802 0x13e4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:27:40.0818 0x13e4 volmgrx - ok
22:27:40.0833 0x13e4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:27:40.0849 0x13e4 volsnap - ok
22:27:40.0880 0x13e4 [ 9CAE0EB0A9A42D2339DA2CF72EEC8DE0, D55468B7186641BE043366ABF7DAF601847806F82988D1768387337D094D74F7 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:27:40.0927 0x13e4 vpnagent - ok
22:27:40.0942 0x13e4 [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva C:\Windows\system32\DRIVERS\vpnva64-6.sys
22:27:40.0958 0x13e4 vpnva - ok
22:27:40.0958 0x13e4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:27:40.0989 0x13e4 vsmraid - ok
22:27:41.0020 0x13e4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
22:27:41.0098 0x13e4 VSS - ok
22:27:41.0114 0x13e4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:27:41.0130 0x13e4 vwifibus - ok
22:27:41.0130 0x13e4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:27:41.0161 0x13e4 vwififlt - ok
22:27:41.0161 0x13e4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:27:41.0176 0x13e4 vwifimp - ok
22:27:41.0192 0x13e4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
22:27:41.0239 0x13e4 W32Time - ok
22:27:41.0239 0x13e4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:27:41.0254 0x13e4 WacomPen - ok
22:27:41.0270 0x13e4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:27:41.0301 0x13e4 WANARP - ok
22:27:41.0301 0x13e4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:27:41.0348 0x13e4 Wanarpv6 - ok
22:27:41.0379 0x13e4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:27:41.0442 0x13e4 WatAdminSvc - ok
22:27:41.0473 0x13e4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
22:27:41.0535 0x13e4 wbengine - ok
22:27:41.0551 0x13e4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:27:41.0566 0x13e4 WbioSrvc - ok
22:27:41.0582 0x13e4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:27:41.0613 0x13e4 wcncsvc - ok
22:27:41.0613 0x13e4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:41.0629 0x13e4 WcsPlugInService - ok
22:27:41.0644 0x13e4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
22:27:41.0660 0x13e4 Wd - ok
22:27:41.0676 0x13e4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:27:41.0707 0x13e4 Wdf01000 - ok
22:27:41.0722 0x13e4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:27:41.0738 0x13e4 WdiServiceHost - ok
22:27:41.0738 0x13e4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:27:41.0754 0x13e4 WdiSystemHost - ok
22:27:41.0769 0x13e4 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\Windows\System32\webclnt.dll
22:27:41.0800 0x13e4 WebClient - ok
22:27:41.0800 0x13e4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:27:41.0847 0x13e4 Wecsvc - ok
22:27:41.0847 0x13e4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:27:41.0894 0x13e4 wercplsupport - ok
22:27:41.0894 0x13e4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
22:27:41.0925 0x13e4 WerSvc - ok
22:27:41.0941 0x13e4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:27:41.0972 0x13e4 WfpLwf - ok
22:27:41.0972 0x13e4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:27:41.0988 0x13e4 WIMMount - ok
22:27:41.0988 0x13e4 WinDefend - ok
22:27:42.0003 0x13e4 WinHttpAutoProxySvc - ok
22:27:42.0019 0x13e4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:27:42.0050 0x13e4 Winmgmt - ok
22:27:42.0112 0x13e4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
22:27:42.0175 0x13e4 WinRM - ok
22:27:42.0190 0x13e4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
22:27:42.0206 0x13e4 WinUsb - ok
22:27:42.0237 0x13e4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:27:42.0284 0x13e4 Wlansvc - ok
22:27:42.0284 0x13e4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:27:42.0300 0x13e4 WmiAcpi - ok
22:27:42.0315 0x13e4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:27:42.0331 0x13e4 wmiApSrv - ok
22:27:42.0331 0x13e4 WMPNetworkSvc - ok
22:27:42.0346 0x13e4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:27:42.0362 0x13e4 WPCSvc - ok
22:27:42.0362 0x13e4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:27:42.0393 0x13e4 WPDBusEnum - ok
22:27:42.0393 0x13e4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:27:42.0580 0x13e4 ws2ifsl - ok
22:27:42.0580 0x13e4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
22:27:42.0612 0x13e4 wscsvc - ok
22:27:42.0612 0x13e4 WSearch - ok
22:27:42.0690 0x13e4 [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv C:\Windows\system32\wuaueng.dll
22:27:42.0783 0x13e4 wuauserv - ok
22:27:42.0799 0x13e4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:27:42.0814 0x13e4 WudfPf - ok
22:27:42.0814 0x13e4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:42.0846 0x13e4 WUDFRd - ok
22:27:42.0846 0x13e4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:27:42.0861 0x13e4 wudfsvc - ok
22:27:42.0877 0x13e4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
22:27:42.0908 0x13e4 WwanSvc - ok
22:27:43.0002 0x13e4 [ 19137CA32DA7AA6F4936514721AA53BA, E9E5E6F05A1D529D19339F0C71AA5F9D412F6D3AE4BF84CF340C8569BA367D51 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
22:27:43.0126 0x13e4 ZeroConfigService - ok
22:27:43.0142 0x13e4 ================ Scan global ===============================
22:27:43.0142 0x13e4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
22:27:43.0158 0x13e4 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
22:27:43.0173 0x13e4 [ E0E4D286839FC27F56A85B4710E16B6B, 6BBBADB8904D6159E6171A339E0BF30A41D14E885D560BFB8BB73B1FF7239E1A ] C:\Windows\system32\winsrv.dll
22:27:43.0173 0x13e4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:27:43.0189 0x13e4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
22:27:43.0204 0x13e4 [ Global ] - ok
22:27:43.0204 0x13e4 ================ Scan MBR ==================================
22:27:43.0204 0x13e4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:43.0766 0x13e4 \Device\Harddisk0\DR0 - ok
22:27:43.0782 0x13e4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:27:43.0922 0x13e4 \Device\Harddisk1\DR1 - ok
22:27:43.0922 0x13e4 ================ Scan VBR ==================================
22:27:43.0938 0x13e4 [ BE945BD0DFD46961B4F84111CCFF50B2 ] \Device\Harddisk0\DR0\Partition1
22:27:43.0938 0x13e4 \Device\Harddisk0\DR0\Partition1 - ok
22:27:43.0938 0x13e4 [ 81EDBCA3B0910C46286B2ACBA448DD6D ] \Device\Harddisk1\DR1\Partition1
22:27:43.0938 0x13e4 \Device\Harddisk1\DR1\Partition1 - ok
22:27:43.0938 0x13e4 [ E7503D09391171ECC6F07A8D4ED189B3 ] \Device\Harddisk1\DR1\Partition2
22:27:43.0938 0x13e4 \Device\Harddisk1\DR1\Partition2 - ok
22:27:43.0938 0x13e4 ================ Scan generic autorun ======================
22:27:43.0953 0x13e4 [ D3222DED64E0C5FF6860695186ECADEB, 54983A84FBCC5F909CAC0B4A0F4691723C62BD8053F4BCE2BA633AE2AB97DF55 ] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
22:27:43.0984 0x13e4 AcWin7Hlpr - ok
22:27:43.0984 0x13e4 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
22:27:44.0000 0x13e4 ForteConfig - ok
22:27:44.0016 0x13e4 [ 4F12EAD0B4C8BDAED5A11CC11F394B0A, EF769C2C2564D42979746B8BFD1D6E6532BFAB3BFCE2D09A0A17D0E64498B9B3 ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
22:27:44.0062 0x13e4 SmartAudio - ok
22:27:44.0062 0x13e4 [ 084F1404AE15651DF5F5246C2E3D5569, 52212D1CBDDE9B5C5210216094EEB0D7AF8B85CE7A61690023F24A43338AC0C0 ] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
22:27:44.0140 0x13e4 LENOVO.TPKNRRES - ok
22:27:44.0140 0x13e4 SynTPEnh - ok
22:27:44.0156 0x13e4 [ 1D89A66C922883E1A1A7BA83DCA8EED9, 1843841275B07F9F3F71C13FC305A7DCC844E705E483150D699DC7FE188B9CCC ] C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE
22:27:44.0328 0x13e4 ALCKRESI.EXE - ok
22:27:44.0343 0x13e4 [ 08593F82008D1524079C7CEA3D7F28F4, D6FF1875593D2BFFC137F9AD91C7A77916B83631B1D0BB97FF826F77D139B892 ] C:\Windows\system32\TpShocks.exe
22:27:44.0374 0x13e4 TpShocks - ok
22:27:44.0374 0x13e4 [ A6B647ACD4E24D8ABDBD035BDEAA53BD, D26A79193228AAD1A8A05EDE84D4807991CDD1D004D5656170D234F82514A851 ] C:\Windows\system32\igfxtray.exe
22:27:44.0406 0x13e4 IgfxTray - ok
22:27:44.0421 0x13e4 [ C1E558A7F7FD707584AFBA5D233131B0, EF8E61647BF6BA77A7DF21FCDEB48373EF1928A515E9A60FC3B6D19A1D93AB52 ] C:\Windows\system32\hkcmd.exe
22:27:44.0452 0x13e4 HotKeysCmds - ok
22:27:44.0468 0x13e4 [ 82F7D63F723715D1D115BE5AFB560AD8, DE9714B8DF94B12FECE4DD9CA189B849B40CCE557780B0E4C367D4957802C007 ] C:\Windows\system32\igfxpers.exe
22:27:44.0499 0x13e4 Persistence - ok
22:27:44.0499 0x13e4 [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
22:27:44.0530 0x13e4 Logitech Download Assistant - ok
22:27:44.0530 0x13e4 [ 0307536FD43CC7BFB92F9DAC8DB913F1, 6C8BEDA4ADFBEF28E647B39B3EEA37A20BFE5C93C7EDA79471EFB46156197843 ] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
22:27:44.0546 0x13e4 RotateImage - detected UnsignedFile.Multi.Generic ( 1 )
22:27:44.0655 0x13e4 Detect skipped due to KSN trusted
22:27:44.0655 0x13e4 RotateImage - ok
22:27:44.0671 0x13e4 [ 4BBE4F124A85554921A04CA1F00C7A79, 5C7D7F0764C56FAE4A05B4002D6CBB76432BACEF4FB779788679034E5183770B ] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe
22:27:44.0702 0x13e4 IMSS - ok
22:27:44.0718 0x13e4 PWMTRV - ok
22:27:44.0718 0x13e4 CtaMon - ok
22:27:44.0749 0x13e4 [ 2EC8F42EC98D72F3B5D37F3D2632E3E3, E9FB8732B0A8E71D1E39E736C47943C879149F25822D6564D2162E2C70C8B013 ] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
22:27:44.0796 0x13e4 Cisco AnyConnect Secure Mobility Agent for Windows - ok
22:27:44.0842 0x13e4 [ FE12709D0ABE8BAE59523B2C4C2BD56F, 938E4E2179BAEB573FD740F17584D6F1F40F0C7BB524375D2010D7DF8F088368 ] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
22:27:44.0998 0x13e4 Sophos AutoUpdate Monitor - ok
22:27:45.0030 0x13e4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:27:45.0092 0x13e4 Sidebar - ok
22:27:45.0092 0x13e4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:27:45.0123 0x13e4 mctadmin - ok
22:27:45.0154 0x13e4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:27:45.0201 0x13e4 Sidebar - ok
22:27:45.0217 0x13e4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:27:45.0232 0x13e4 mctadmin - ok
22:27:45.0248 0x13e4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
22:27:45.0279 0x13e4 Google Update - ok
22:27:45.0373 0x13e4 [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
22:27:46.0040 0x13e4 DAEMON Tools Lite - ok
22:27:46.0040 0x13e4 Waiting for KSN requests completion. In queue: 131
22:27:47.0057 0x13e4 AV detected via SS2: Sophos Anti-Virus, C:\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe ( 10.6.3.0 ), 0x51010 ( enabled : outofdate )
22:27:47.0073 0x13e4 Win FW state via NFP2: enabled ( trusted )
22:27:47.0245 0x13e4 ============================================================
22:27:47.0245 0x13e4 Scan finished
22:27:47.0245 0x13e4 ============================================================
22:27:47.0260 0x1374 Detected object count: 1
22:27:47.0260 0x1374 Actual detected object count: 1
22:28:46.0313 0x1374 MaterialsStudioGateway ( UnsignedFile.Multi.Generic ) - skipped by user
22:28:46.0313 0x1374 MaterialsStudioGateway ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:28:52.0161 0x1b48 Deinitialize success
1: Sophos sagt im Programm selbst die letzten updates seine geladen... im Updateverlauf steht dann aber die installation einzelner Pakete sei übersprungen worden. unter C:\Program Files (x86)\Sophos\Sophos Anti-Virus ist die letzte ide vom 08.06.2016 2:unter C:\Program Files (x86) findent sich nuntfolgende ordner mit Datein: - bgt90byd\{93D2EDB0-D2EF-45B9-9329-D4C1D6310952}\bgt90byd.et3 - hebxjqgm\{60BD3568-DE92-44A5-AB82-EEB2577C2757}\hebxjqgm.lyb außerdem wie gesagt: Pfad: C:\Program Files (x86)\Dbphanihty - 9.3.6494.400.manifest - BrowserUpdate.exe - chrome_elf.dll - qks.exe - winzipper.exe - wpm.exe Wenn ich die Datein mit sophos untersuche scheint alles i.o zu sein.....nur traue ich sophos nicht mehr. Der Manipulationschutz ist aber eigentlich an? Außerdem habe ich in der registry noch HKEY_CURRENT_USER—-Software—–{8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} gefunden. Gehört das da hin? Ich hatte vor längerer zeit mal einen ADClick “Virus” bzw den Trusted Surf Virus dachte aber der sei vollständig behoben.... |
|
16.06.2016, 23:08
| #6 |
| /// Malwareteam | Windows Defender hat Software zur Browser Veränderung gefunden.... Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Bitte poste in deiner nächsten Antwort also:
__________________ --> Windows Defender hat Software zur Browser Veränderung gefunden.... |
|
17.06.2016, 12:07
| #7 |
| | Windows Defender hat Software zur Browser Veränderung gefunden.... Hi Ich hatte manuell die host Datei bereinigt und dabei einen Eintrag vergessen.... das änder ich gleich noch. unter C:\Program Files (x86) findent sich immer noch Ordner mit Dateien: - bgt90byd\{93D2EDB0-D2EF-45B9-9329-D4C1D6310952}\bgt90byd.et3 - hebxjqgm\{60BD3568-DE92-44A5-AB82-EEB2577C2757}\hebxjqgm.lyb Das Sophos Problem ist glaub ich losgelöst. First: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-06-2016 01
durchgeführt von admin (Administrator) auf HAL9000 (17-06-2016 12:46:58)
Gestartet von C:\Users\Alex\Desktop
Geladene Profile: Alex & admin (Verfügbare Profile: Alex & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Apache Software Foundation) C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => TpShocks.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1531872 2016-04-17] (Sophos Limited)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Run: [Google Update] => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [231936 2016-04-17] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [289040 2016-04-17] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-06-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 128.176.0.28 128.176.0.30
Tcpip\..\Interfaces\{A02846B1-0C75-46DA-98F5-D043C157A837}: [DhcpNameServer] 212.18.3.5 212.18.0.5
Tcpip\..\Interfaces\{A7D516E4-DB8B-426B-BE4F-089A40F595A5}: [DhcpNameServer] 128.176.0.28 128.176.0.30
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-03] (Microsoft Corporation)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll [2014-04-17] (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\npcdp32.dll [2014-04-17] (CambridgeSoft Corp.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.1.0.5292844\npmathplugin.dll [2015-03-24] (Wolfram Research, Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1010: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-15]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-15]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-15]
CHR Extension: (Google-Suche) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-15]
CHR Extension: (Google Tabellen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Google Mail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-15]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S4 Accelrys License Server; C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\lmgrd.exe [1333600 2013-10-30] (Macrovision Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-05-06] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 LSC.Services.SystemService; c:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 MaterialsStudioGateway; C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe [24064 2013-10-16] (Apache Software Foundation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [311544 2016-04-17] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [285136 2016-04-17] (Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [604000 2016-04-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2016-04-17] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2455816 2016-04-17] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3339736 2016-04-17] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2118896 2016-04-17] (Sophos Limited)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 Ctafiltv; C:\Windows\System32\drivers\Ctafiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-15] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-04-17] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-04-17] (Sophos Limited)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-12-18] (Oracle Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-12-23] (Cisco Systems, Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-17 12:26 - 2016-06-17 12:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-17 12:26 - 2016-06-17 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-06-17 12:26 - 2016-06-17 12:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-06-17 12:26 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-17 12:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-17 12:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-17 12:24 - 2016-06-17 12:25 - 22851472 _____ (Malwarebytes ) C:\Users\Alex\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-17 12:13 - 2016-06-17 12:22 - 00000000 ____D C:\AdwCleaner
2016-06-17 12:12 - 2016-06-17 12:12 - 00000000 ____D C:\Users\admin\Documents\ERUNT
2016-06-17 12:05 - 2016-06-17 12:06 - 03703360 _____ C:\Users\Alex\Desktop\AdwCleaner_5.200.exe
2016-06-16 14:22 - 2016-06-16 14:21 - 00001297 _____ C:\Windows\system32\Drivers\etc\hosts_Backup_20160616_022237
2016-06-16 13:55 - 2016-06-02 11:14 - 00001297 _____ C:\Windows\system32\Drivers\etc\hosts_Backup_20160616_015555
2016-06-16 13:48 - 2016-06-16 13:48 - 00001297 _____ C:\Users\Alex\Documents\hosts_with_adds.txt
2016-06-16 10:17 - 2016-06-16 10:17 - 00001311 _____ C:\Users\Alex\Desktop\datenträgerbereinigung pro.lnk
2016-06-15 23:28 - 2016-06-16 11:03 - 00000159 _____ C:\Users\Alex\Documents\Sophos alter updateserver.txt
2016-06-15 22:26 - 2016-06-15 22:28 - 00234138 _____ C:\TDSSKiller.3.1.0.9_15.06.2016_22.26.37_log.txt
2016-06-15 15:32 - 2016-06-15 15:32 - 00112933 _____ C:\Users\Alex\Desktop\tada2.txt
2016-06-15 14:18 - 2016-06-15 15:21 - 00112779 _____ C:\Users\Alex\Desktop\tada.txt
2016-06-15 13:58 - 2016-06-17 12:46 - 00028562 _____ C:\Users\Alex\Desktop\FRST.txt
2016-06-15 13:58 - 2016-06-17 12:44 - 00760531 _____ C:\Users\Alex\Desktop\Addition.txt
2016-06-15 13:57 - 2016-06-17 12:46 - 00000000 ____D C:\FRST
2016-06-15 13:54 - 2016-06-17 12:42 - 02386944 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2016-06-15 10:15 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 10:15 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 10:15 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 10:15 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 10:15 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 10:15 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 10:15 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 10:15 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 10:15 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 10:15 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 10:15 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 10:15 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 10:15 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 10:15 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 10:15 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 10:15 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 10:15 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 10:15 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 10:15 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 10:15 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 10:15 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 10:15 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 10:15 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 10:15 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 10:15 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 10:15 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 10:15 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 10:15 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 10:15 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 10:15 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 10:15 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 10:15 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 10:15 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 10:15 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 10:15 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 10:15 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 10:15 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 10:15 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 10:15 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 10:15 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 10:15 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 10:15 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 10:15 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 10:15 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 10:15 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 10:15 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 10:15 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 10:15 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 10:15 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 10:15 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 10:15 - 2016-05-12 17:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 10:15 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 10:15 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 10:15 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 10:15 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 10:15 - 2016-05-12 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 10:15 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 10:15 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 10:15 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 10:15 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 10:15 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 10:15 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 10:15 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 10:15 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-13 13:04 - 2016-06-13 13:04 - 00000000 ____D C:\Users\Alex\.QtWebEngineProcess
2016-06-13 13:04 - 2016-06-13 13:04 - 00000000 ____D C:\Users\Alex\.LSC
2016-06-10 09:23 - 2016-06-10 09:23 - 00000152 _____ C:\Users\Alex\Documents\path.txt
2016-06-09 20:28 - 2016-06-17 12:09 - 00000000 ____D C:\Users\Alex\Documents\Registry Backup
2016-06-09 14:31 - 2016-06-09 14:31 - 00001346 _____ C:\Users\Alex\Desktop\IE8 - WinXP_1.lnk
2016-06-07 15:29 - 2016-06-17 12:40 - 00000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dukto R6.lnk
2016-06-07 15:29 - 2016-06-07 15:29 - 00000000 ____D C:\Program Files (x86)\Dukto
2016-06-07 11:27 - 2016-06-17 12:40 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2016-06-06 10:52 - 2016-06-06 10:52 - 00000000 ____D C:\Program Files (x86)\hebxjqgm
2016-06-06 10:44 - 2016-06-06 10:44 - 00000000 ____D C:\Program Files (x86)\bgt90byd
2016-06-05 11:54 - 2016-06-05 11:54 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 16:20 - 2016-06-02 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-05-30 14:59 - 2016-05-30 15:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\texstudio
2016-05-30 14:59 - 2016-05-30 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Lenovo
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lenovo
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\.QtWebEngineProcess
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\.LSC
2016-05-27 11:31 - 2016-05-27 11:31 - 00000000 ____D C:\Program Files (x86)\LangmuirPC
2016-05-19 17:04 - 2016-05-19 17:04 - 00000000 ____D C:\Users\Alex\texmf
2016-05-19 14:53 - 2016-05-19 14:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\MiKTeX
2016-05-19 14:53 - 2016-05-19 14:53 - 00000000 ____D C:\Users\admin\AppData\Local\MiKTeX
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-17 12:46 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-17 12:46 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-17 12:43 - 2011-04-12 09:43 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-06-17 12:43 - 2011-04-12 09:43 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-06-17 12:43 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-17 12:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-17 12:40 - 2016-05-11 13:15 - 00000967 _____ C:\Users\admin\Desktop\Xming.lnk
2016-06-17 12:40 - 2016-05-03 13:50 - 00001959 _____ C:\Users\admin\Desktop\wxEWA excutable.lnk
2016-06-17 12:40 - 2016-02-05 16:37 - 00001017 _____ C:\Users\Public\Desktop\TeXstudio F8 F8 F5.lnk
2016-06-17 12:40 - 2016-01-15 14:47 - 00002124 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2016-06-17 12:40 - 2016-01-15 14:47 - 00001053 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-17 12:40 - 2015-12-11 22:57 - 00001964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwyddion (64bit).lnk
2016-06-17 12:40 - 2015-12-09 13:47 - 00001287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015b.lnk
2016-06-17 12:40 - 2015-12-09 13:47 - 00000544 _____ C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job
2016-06-17 12:40 - 2015-10-27 19:16 - 00001717 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2016-06-17 12:40 - 2015-09-21 15:43 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-06-17 12:40 - 2015-09-21 15:43 - 00000977 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-06-17 12:40 - 2015-09-01 13:05 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sciebo.lnk
2016-06-17 12:40 - 2015-09-01 13:05 - 00000977 _____ C:\Users\Public\Desktop\sciebo.lnk
2016-06-17 12:40 - 2014-08-26 14:44 - 00002084 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-06-17 12:40 - 2014-06-06 13:47 - 00002010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
2016-06-17 12:40 - 2014-04-23 19:42 - 00002169 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 12:40 - 2014-04-23 19:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-17 12:40 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-06-17 12:40 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-06-17 12:40 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-06-17 12:40 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-06-17 12:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-17 12:25 - 2015-10-19 16:20 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job
2016-06-17 12:22 - 2015-11-28 20:38 - 00000978 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-06-17 12:22 - 2015-11-28 20:38 - 00000948 _____ C:\Users\Alex\Desktop\Start Tor Browser.lnk
2016-06-17 12:22 - 2014-12-31 15:16 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job
2016-06-17 12:08 - 2014-04-23 19:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-16 15:21 - 2015-09-13 14:14 - 00000600 _____ C:\Users\Alex\AppData\Local\PUTTY.RND
2016-06-16 15:17 - 2015-09-01 13:05 - 00000000 ____D C:\Users\Alex\AppData\Local\sciebo
2016-06-16 14:10 - 2016-03-27 17:15 - 00393412 _____ C:\Windows\ntbtlog.txt
2016-06-16 14:08 - 2016-01-11 22:52 - 00000000 ____D C:\Users\Alex\.VirtualBox
2016-06-16 12:11 - 2015-08-24 19:32 - 00000000 ____D C:\Users\Alex\.matplotlib
2016-06-16 11:21 - 2014-12-31 15:16 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job
2016-06-15 16:34 - 2015-10-19 16:20 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job
2016-06-15 16:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-15 13:40 - 2014-12-12 17:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chemie
2016-06-15 13:39 - 2016-01-07 10:50 - 00000000 ____D C:\Program Files (x86)\Hive1_5_3_18VASP5
2016-06-15 13:37 - 2014-12-12 17:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPM
2016-06-15 13:11 - 2016-05-03 13:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wxEWA
2016-06-15 12:49 - 2016-01-15 14:47 - 00000000 ____D C:\Users\admin
2016-06-15 12:48 - 2014-04-23 11:49 - 00000000 ____D C:\Users\Alex
2016-06-15 12:20 - 2009-07-14 06:45 - 00576312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 12:10 - 2014-04-23 19:00 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 12:05 - 2014-04-23 19:00 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-15 11:31 - 2015-10-06 12:00 - 00017443 ____H C:\Users\Alex\_viminfo
2016-06-14 09:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 19:31 - 2010-11-21 05:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-10 13:35 - 2015-09-21 17:19 - 00000600 _____ C:\Users\Alex\AppData\Roaming\winscp.rnd
2016-06-09 23:13 - 2015-11-23 22:21 - 00000000 ____D C:\Users\Alex\Documents\Visual Studio 2008
2016-06-09 23:06 - 2015-11-23 22:21 - 00000000 ____D C:\Users\Alex\AppData\Local\Microsoft Help
2016-06-09 14:07 - 2016-01-11 22:53 - 00000000 ____D C:\Users\Alex\VirtualBox VMs
2016-06-09 14:02 - 2016-01-26 17:22 - 00000000 ____D C:\Users\admin\.VirtualBox
2016-06-07 16:59 - 2016-01-04 13:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\texstudio
2016-06-07 11:28 - 2015-07-30 20:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2016-06-05 11:54 - 2014-05-01 22:27 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Dropbox
2016-06-03 08:59 - 2014-08-26 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-02 11:17 - 2016-01-15 14:47 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2016-05-30 14:59 - 2016-01-04 13:42 - 00000000 ____D C:\Program Files (x86)\TeXstudio
2016-05-30 13:20 - 2014-04-23 19:58 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-05-30 13:20 - 2014-04-23 19:58 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-05-30 13:19 - 2014-04-23 20:04 - 00000000 ____D C:\Windows\Downloaded Installations
2016-05-29 13:10 - 2016-03-31 12:40 - 00000638 _____ C:\Windows\Tasks\TrackerAutoUpdate.job
2016-05-27 09:25 - 2015-07-23 15:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:24 - 2015-07-23 15:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
1998-03-09 16:40 - 1998-03-09 16:40 - 0029184 _____ () C:\Program Files (x86)\ArrayTest.dll
1999-01-10 17:22 - 1999-01-10 17:22 - 0029696 _____ () C:\Program Files (x86)\dll_Backgr.dll
2000-04-30 04:21 - 2000-04-30 04:21 - 0034304 _____ () C:\Program Files (x86)\DLL_Elsep3.dll
2000-04-25 02:54 - 2000-04-25 02:54 - 0000000 _____ () C:\Program Files (x86)\HelpSimpleBackgr.hlp
2000-05-05 10:15 - 2000-05-05 10:15 - 0225280 _____ (Fysisk Institut) C:\Program Files (x86)\SimpleBackgr.exe
2016-03-16 00:16 - 2016-03-16 00:16 - 0004605 _____ () C:\Program Files (x86)\ST6UNST.LOG
2016-03-30 23:12 - 2016-03-31 12:28 - 0000034 _____ () C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2016-04-18 11:57 - 2016-04-18 11:57 - 0000600 _____ () C:\Users\admin\AppData\Roaming\winscp.rnd
2016-04-16 11:03 - 2016-04-16 11:03 - 0007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
Einige Dateien in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\libeay32.dll
C:\Users\admin\AppData\Local\Temp\msvcr120.dll
C:\Users\admin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden.
LastRegBack: 2016-06-08 09:53
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-06-2016 01
durchgeführt von admin (2016-06-17 12:47:22)
Gestartet von C:\Users\Alex\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-23 09:49:47)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
admin (S-1-5-21-1968842236-1166385170-3651055052-1010 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1968842236-1166385170-3651055052-500 - Administrator - Disabled)
Alex (S-1-5-21-1968842236-1166385170-3651055052-1000 - Limited - Enabled) => C:\Users\Alex
Gast (S-1-5-21-1968842236-1166385170-3651055052-501 - Limited - Disabled)
SophosSAUHAL90000 (S-1-5-21-1968842236-1166385170-3651055052-1001 - Limited - Enabled)
SophosSAUHAL90001 (S-1-5-21-1968842236-1166385170-3651055052-1015 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Out of date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Out of date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
"Unistall wxEWA binary" (HKLM-x32\...\wxEWA_is1) (Version: 0.29Alpha9 - János Végh, MTA ATOMKI, Hungary)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Accelrys License Pack (HKLM-x32\...\{C0C44F90-ACB8-4DA2-9433-CFC9F4D4AA37}) (Version: 7.6.9 - Accelrys Software Inc.)
Accelrys License Pack (x64) (HKLM\...\{8879D8DC-723D-4DD6-B016-91D397EC693B}) (Version: 7.6.9 - Accelrys Software Inc.)
Accelrys Materials Studio 7.0 (HKLM-x32\...\{8CE9B2FD-A06F-4B42-8BE4-530CB973C5A4}) (Version: 7.0 - Accelrys Software Inc.)
Accelrys Materials Studio 7.0 (x64 Server) (Version: 7.0 - Accelrys Software Inc.) Hidden
Accelrys Materials Studio 7.0 Documentation (x32 Version: 7.0 - Accelrys Software Inc.) Hidden
Accelrys Materials Studio Gateway Service (x64) (HKLM\...\{98FD3007-E164-4096-BD6E-17CA4AA08C6A}) (Version: 7.0.4 - Accelrys Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ArgusLab (HKLM-x32\...\{01D190D9-B876-48C1-BD5B-FE8247DDBE40}) (Version: 4.0.1 - Planaria Software LLC)
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
Aspell German Dictionary-0.50-2 (HKLM-x32\...\Aspell German Dictionary_is1) (Version: - GNU)
Avogadro (HKLM-x32\...\Avogadro) (Version: 1.1.1 modified for ORCA support - Humanity)
CambridgeSoft ChemBioDraw Ultra 14.0 (HKLM-x32\...\{8B4EE9DF-BE12-488C-AAF0-72B09E53AA41}) (Version: 14.0 - CambridgeSoft Corporation)
ChromecastApp (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
COMPRO12 (HKLM-x32\...\{48454FE0-DFE1-4CF2-BED5-E2311D3E2AEE}) (Version: 12.00 - SASJ)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Content (HKLM-x32\...\_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}) (Version: 16.0 - Corel Corporation)
CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - NL (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DjVuLibre DjView 3.5.27+4.10.4 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Dropbox (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dukto R6 (HKLM-x32\...\{386C0311-B146-4CE0-89E5-8469A3583156}}_is1) (Version: R6 - Emanuele Colombo)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gwyddion (HKLM\...\Gwyddion) (Version: 2.43.win64 - Gwyddion developers)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Igor Pro (HKLM-x32\...\Igor Pro) (Version: 6.3.6.4 (6.36) - WaveMetrics, Inc.)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{5018D8E6-8D8E-4F76-9AFD-CB2EF1100E84}) (Version: 13.0.089 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{791FF357-3DE8-485E-BD59-41844BB16415}) (Version: 13.0.089 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.07 - )
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 2015 (HKLM\...\Maple 2015) (Version: 2015 - Maplesoft)
Maple Toolbox 2015 (HKLM\...\Maple Toolbox 2015) (Version: 2015 - Maplesoft)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Mercury (HKLM-x32\...\Mercury 3.8) (Version: 3.8 - CCDC)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1.5990 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
mRemoteNG (HKLM-x32\...\mRemoteNG) (Version: 1.72.5065.32737 - Next Generation Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NWZ Terminal Server (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\nwzcitrix-4c8371e1@@Controller.NWZHome $S1-1) (Version: 1.0 - Delivered by Citrix)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.12 (HKLM\...\{6F93731D-89E1-4A8F-BDA9-D104860DDB02}) (Version: 5.0.12 - Oracle Corporation)
Orca (HKLM-x32\...\Orca) (Version: 3.0.3 - Max-Planck-Institute for Chemical Energy Conversion)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pdf 2 Djvu Converter 1.0.3.8 (HKLM-x32\...\Djvu-Spec Pdf 2 Djvu Converter) (Version: 1.0.3.8 - Djvu-Spec)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.0 - Tracker Software Products Ltd)
peak-o-mat 1.1.9 (HKLM-x32\...\peak-o-mat_is1) (Version: - )
PeaZip 5.9.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 5.9.0 - Giorgio Tani)
POV-Ray for Windows v3.7 (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\POV-Ray for Windows v3.7) (Version: 3.7 - Persistence of Vision Raytracer Pty. Ltd.)
Python 2.7 matplotlib-1.4.3 (64-bit) (HKLM\...\matplotlib-py2.7) (Version: - )
Python 2.7 pygtk-2.24.0 (HKLM-x32\...\{0205122C-20A8-4600-97D5-234C88A22B99}) (Version: 2.24.0 - James Henstridge)
Python 2.7 scipy-0.16.0 (HKLM-x32\...\scipy-py2.7) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QUASES IMFP-TPP2M (C:\Program Files (x86)\QUASES-Tougaard\Quases-IMFP-TPP2M\) (HKLM-x32\...\ST6UNST #4) (Version: - )
QUASES IMFP-TPP2M (HKLM-x32\...\ST6UNST #2) (Version: - )
QUASES-Tougaard Simple Backgrounds (HKLM-x32\...\ST6UNST #6) (Version: - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
sciebo (HKLM-x32\...\sciebo) (Version: 2.1.1.525 - Sync and Share NRW )
Self-Service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.0 - Sophos Limited)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
TeXstudio 2.11.0 (HKLM-x32\...\TeXstudio_is1) (Version: 2.11.0 - Benito van der Zander)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Time Stopper (HKLM-x32\...\Time Stopper4.0) (Version: 4.0 - DilSoft)
TmoleX 4.1.0 (HKLM-x32\...\4370-0238-2378-4027) (Version: 4.1.0 - COSMOlogic GmbH & Co. KG)
Total Uninstall 2.35 (HKLM-x32\...\Total Uninstall_is1) (Version: 2.35 - Gavrila Martau)
Vernissage - V2.1 (HKLM-x32\...\{C12C4017-862D-47AF-B1C0-F03CB1C9D9B4}) (Version: 2.1.12131.86 - Omicron NanoTechnology GmbH)
Vim 7.4: Edit with Vim popup menu entry (HKLM\...\Vim 7.4) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMD 1.9.2 (HKLM-x32\...\{089F161A-EFCE-44D8-8D38-C401835D93E4}) (Version: 1.9.2 - University of Illinois)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wolfram Extras 10.1 (5292844) (HKLM\...\A-WIN-Extras 10.1.0 5292844_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Wolfram Mathematica 10.1 (M-WIN-L 10.1.0 5292918) (HKLM\...\M-WIN-L 10.1.0 5292918_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
WSxM (HKLM-x32\...\{0708C401-5D15-49DE-8BF1-BD21DBBF44B7}) (Version: 1.0.0 - WSxM solutions)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
XPS MultiQuant (HKLM-x32\...\ST6UNST #3) (Version: - )
XPS-Simulation Program by S. Tougaard and F. Yubero (C:\Program Files (x86)\Quases-Tougaard\QUEELS-XPS Simulation\) (HKLM-x32\...\ST6UNST #5) (Version: - )
XPS-Simulation Program by S. Tougaard and F. Yubero (HKLM-x32\...\ST6UNST #1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2D095618-2F59-4A81-9852-A48B746F65D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2E054455-8DEE-43AE-881C-EBFD9AF1DEDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3A0D7129-F99E-4E9F-944A-73A78FB30581} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {4B2DDA84-48BE-4F09-815D-F247C543AA54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7A03FD0B-921D-4666-9A87-8348D33A1BDB} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
Task: {7A0DC724-127F-4D97-9CF7-B64999247C6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {92159481-32FD-4CC5-9570-009950FCD14C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {927D939A-B5C2-4D42-A5B2-709A18A6E770} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {A2FF9D65-26F6-4448-BCB0-88182EE14BC0} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
Task: {A93759DF-969B-447B-B9B2-52C9533D6E5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-19] (Dropbox, Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AF44EBCF-CFC4-4735-8DE4-E69EDCA5FB5C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C56C6F01-ECD4-4E41-B507-541D078846F5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {C8D5FEBF-2230-4B33-89CB-9BC0008822A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {CE3C8CED-8072-416D-8561-38709EF52372} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {CEB1C246-3A72-4D47-9021-76CF49B6802E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {D93F1065-0FF8-4931-ACF4-EAB2B8D5EE6B} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2016-03-22] (Tracker Software Products (Canada) Ltd.)
Task: {DA1CE3B3-BF06-4A79-93A5-1F75489184E4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo)
Task: {DCB37942-77A5-4D09-94C8-C8064CD9A8A7} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F06E72E1-F59E-4C15-A29C-C4C801E4FF3E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {F0F9DD4B-11DD-4DBE-93DF-EA48F48D856A} - System32\Tasks\{CDEE53C9-7447-4444-A475-911F56BCB26C} => pcalua.exe -a C:\Users\admin\Downloads\zivsophos10.exe -d C:\Users\admin\Downloads
Task: {F2FEE01E-F111-48C9-BD06-A209F3A426FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {F6B479A1-4A1C-4F7D-8CB4-065140191D0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FDAC2F53-0A1F-4122-B74E-FE3FBB363E14} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-19] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-31 13:39 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-23 20:05 - 2016-04-14 06:08 - 00119808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-03-30 19:54 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-17 15:41 - 2016-04-17 15:41 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2013-02-19 20:34 - 2013-02-19 20:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-23 09:33 - 2015-12-23 09:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-06-06 13:46 - 2011-06-29 18:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2014-06-06 13:46 - 2011-06-29 18:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-06-16 14:24 - 2016-06-16 14:24 - 00001113 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 union.baidu2019.com
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1968842236-1166385170-3651055052-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 128.176.0.28 - 128.176.0.30
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: Accelrys License Server => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: CtaMon => Rundll32 CtaMon.dll,RunMonitor
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{892ED2FB-7E39-4C77-9EE6-65086EB09238}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{AFFD75D6-4AB5-4333-A38F-63A15B1A3E7F}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [UDP Query User{5DF4A43A-747F-4854-A597-065315BB78FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [{978E8FA1-F66B-4DC1-9CD2-3022D9B1E65B}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DE292FFE-ADFE-4713-ABFB-EC6B6FE99609}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9AFB1BB-4C81-4AFB-841C-A6A5782B1557}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{F674ADF3-0F46-47C3-983A-1CC6C9021A5A}D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [UDP Query User{57972503-12BC-4882-AB17-BE620AB82D68}D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [TCP Query User{F6105781-5E0B-49A8-94DD-7DBDD7138198}D:\privat\games\cod2mp_s.exe] => (Allow) D:\privat\games\cod2mp_s.exe
FirewallRules: [UDP Query User{BD95F092-0188-45AF-96CC-EC490B14C1F2}D:\privat\games\cod2mp_s.exe] => (Allow) D:\privat\games\cod2mp_s.exe
FirewallRules: [TCP Query User{0B6D06A7-1421-486B-BE19-C2BAA3B633FC}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [UDP Query User{78CB22BA-FD94-4603-8052-680C6DF2F289}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [{04EF5602-66D0-48B1-8167-A85A50C0D463}] => (Allow) C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{CAB454B1-7DB1-4C06-BC0B-1EE1FDC254D5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{A02ABC7A-C51E-4BB7-BD3D-038C6548A0E7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{291FCC84-197F-4689-BDEF-02FF1B229B4F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{62ED1571-A138-4074-B238-3644C0D04A8B}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [TCP Query User{ACC7714F-6E12-43BF-9BDD-724206853B3D}C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe
FirewallRules: [UDP Query User{32AAFA7E-B432-413E-89CA-C2546C0A1187}C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe
FirewallRules: [{C9ADE1DB-5662-4901-AC33-F4A03EBD9AB2}] => (Allow) C:\Program Files (x86)\Omicron NanoScience\Vernissage\V2.1\Bin\Vernissage.exe
FirewallRules: [{BC6A24DB-4321-4248-861F-9E1E15B6F304}] => (Allow) C:\Program Files (x86)\Omicron NanoScience\Vernissage\V2.1\Bin\Vernissage.exe
FirewallRules: [TCP Query User{93C42D44-2254-4BB7-866F-9D84FEF7F484}C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe
FirewallRules: [UDP Query User{7616E5EF-9B58-4685-947D-9735841F962A}C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe
FirewallRules: [TCP Query User{C915CDBC-95AF-4600-9AF7-20C3490ED645}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{BD0A55D6-14EA-4A0F-ADE2-CB92922061F0}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [TCP Query User{7F4D6944-F476-4900-B0D5-D476096976FF}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{81C5AFB9-614A-4531-AA69-65521A65264E}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [TCP Query User{72EC46C6-A191-4089-8A10-2777B8BA6985}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [UDP Query User{FA666C1E-C1AA-4DA7-B9CD-48C5FDF893B4}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [TCP Query User{5E522F9F-41A5-4541-AE49-C3A82B6B1484}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [UDP Query User{F389669E-5F7C-4BF8-93F9-4A1BD8CA127F}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [{EAD919EB-947B-4861-801A-E0CDC05FE31C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
07-06-2016 10:35:46 Windows Defender Checkpoint
09-06-2016 20:38:14 JUN2015-PATHgone
14-06-2016 09:05:09 Windows Update
15-06-2016 12:03:25 Windows Update
15-06-2016 12:58:09 Windows Defender Checkpoint
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/17/2016 12:38:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/17/2016 12:23:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/17/2016 11:52:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2016 03:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2016 02:11:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2016 10:09:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2016 08:29:29 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/16/2016 08:29:29 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/16/2016 08:29:29 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/16/2016 08:29:29 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Systemfehler:
=============
Error: (06/17/2016 12:38:46 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT-AUTORITÄT)
Description: Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen werden. Zusätzliche Daten: Fehlerwert: 2147942402.
Error: (06/17/2016 12:25:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Ruotygutght System" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2 = Das System kann die angegebene Datei nicht finden.
Error: (06/17/2016 12:22:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (06/17/2016 12:22:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (06/17/2016 12:22:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (06/17/2016 12:22:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056 = Es wird bereits eine Instanz des Dienstes ausgeführt.
Error: (06/17/2016 12:22:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (06/17/2016 12:22:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Power Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2016 12:22:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/17/2016 12:22:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 16%
Installierter physikalischer RAM: 16267.23 MB
Verfügbarer physikalischer RAM: 13558.58 MB
Summe virtueller Speicher: 17289.42 MB
Verfügbarer virtueller Speicher: 14397.11 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:121.18 GB) NTFS
Drive d: (Daten) (Fixed) (Total:298.09 GB) (Free:170.92 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5069DEFD)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8E080CFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 17.06.2016 Suchlaufzeit: 12:27 Protokolldatei: mbamlog.txt Administrator: Ja Version: 2.2.1.1043 Malware-Datenbank: v2016.06.17.01 Rootkit-Datenbank: v2016.05.27.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: admin Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 342676 Abgelaufene Zeit: 7 Min., 1 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 5 PUP.Optional.HohoSearch, HKLM\SOFTWARE\CLASSES\CLSID\{98C066AB-D735-4339-9E52-A34875141B56}, In Quarantäne, [12f396682376e4528d72f09ed929639d], PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FCC28C83-A9DE-484C-A033-7EB12B4AD3A3}, Löschen bei Neustart, [c3425aa4e7b2dd59dfb5a51b639f21df], PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Ruotygutght System, Löschen bei Neustart, [39ccbf3f3465f640b3e25e62a95930d0], PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, In Quarantäne, [e520e41a7c1dac8ae85e0aeabb487789], PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rtysystemSrv, In Quarantäne, [26dfce30d2c713233660c4fceb17bd43], Registrierungswerte: 3 PUP.Optional.YesSearches, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FCC28C83-A9DE-484C-A033-7EB12B4AD3A3}|Path, \Ruotygutght System, Löschen bei Neustart, [c3425aa4e7b2dd59dfb5a51b639f21df] PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp, hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UpC3UmCE..&v=20160602&uid=979BBD0925D424BADCC815BFCA6E8AC5&ptid=epf1&mode=ffsengext, In Quarantäne, [e520e41a7c1dac8ae85e0aeabb487789] PUP.Optional.HohoSearch, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab, hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3UpC3UmCE..&v=20160602&uid=979BBD0925D424BADCC815BFCA6E8AC5&ptid=epf1&mode=ffsengext, In Quarantäne, [8f761ae45e3b3204fa4c9262719256aa] Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 PUP.Optional.YesSearches, C:\Program Files (x86)\Muweied, In Quarantäne, [0104728c9dfc4cea76619d22c04203fd], Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v5.200 - Bericht erstellt am 17/06/2016 um 12:22:04
# Aktualisiert am 14/06/2016 von ToolsLib
# Datenbank : 2016-06-16.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername : admin - HAL9000
# Gestartet von : C:\Users\Alex\Desktop\AdwCleaner_5.200.exe
# Option : Löschen
# Unterstützung : https://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht : C:\ProgramData\apn
[#] Ordner gelöscht : C:\ProgramData\Application Data\apn
[-] Ordner gelöscht : C:\Users\admin\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
[-] Ordner gelöscht : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
***** [ Dateien ] *****
[-] Datei gelöscht : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage
[-] Datei gelöscht : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chphlpgkkbolifaimnlloiipkdnihall_0.localstorage-journal
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung desinfiziert : C:\Users\Alex\Desktop\Start Tor Browser.lnk
[-] Verknüpfung desinfiziert : C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
[-] Verknüpfung desinfiziert : C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Verknüpfung desinfiziert : C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung desinfiziert : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Verknüpfung desinfiziert : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Verknüpfung desinfiziert : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Verknüpfung desinfiziert : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht : HKCU\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\{EB52F1AB-3C2B-424F-9794-833C687025CF}
[-] Schlüssel gelöscht : HKLM\SOFTWARE\Classes\s
[-] Schlüssel gelöscht : HKLM\SOFTWARE\SrpnFiles
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F9A03323-A9F8-440B-8AE0-57D7EB55F08E}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6B6584B1-08BD-4F1F-BF66-B854B66124F2}]
[-] Wert gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{C4368DD1-E8FD-402A-A227-D19723043945}]
***** [ Internetbrowser ] *****
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] gelöscht : aaaaaiabcopkplhgaedhbloeejhhankf
[-] [C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] gelöscht : chphlpgkkbolifaimnlloiipkdnihall
*************************
:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
\AdwCleaner\AdwCleaner[C1].txt - [3660 Bytes] - [17/06/2016 12:22:04]
\AdwCleaner\AdwCleaner[S1].txt - [4293 Bytes] - [17/06/2016 12:15:34]
########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [3802 Bytes] ##########
|
|
17.06.2016, 16:10
| #8 |
| /// Malwareteam | Windows Defender hat Software zur Browser Veränderung gefunden....ESET Online Scanner
Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
18.06.2016, 18:10
| #9 |
| | Windows Defender hat Software zur Browser Veränderung gefunden.... Hallo Ich musste das Programm zwei mal starten da ich leider zwischendurch vergessen hatte den akku zu laden: Die oben genannten Ordner wundern mich immer noch. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=702f886766a0d841818ed83846d7969f
# end=init
# utc_time=2016-06-18 06:38:20
# local_time=2016-06-18 08:38:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 29834
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=702f886766a0d841818ed83846d7969f
# end=updated
# utc_time=2016-06-18 06:42:16
# local_time=2016-06-18 08:42:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=702f886766a0d841818ed83846d7969f
# engine=29834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-06-18 09:18:46
# local_time=2016-06-18 11:18:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 58922 217871375 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 98 9731 5341423 0 0
# scanned=650744
# found=0
# cleaned=0
# scan_time=9389
Es ware ein problem auf dem update server. Sophos hat etwas unter dem Pfad: C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PA0SO1N6\y2vyyk2Jh[1] gefunden.... Ich habe dann alle Temp files gelöscht.... |
|
19.06.2016, 14:05
| #10 |
| /// Malwareteam | Windows Defender hat Software zur Browser Veränderung gefunden.... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
hosts:
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
R3 WinHttpAutoProxySvc; winhttp.dll [X]
2016-06-06 10:52 - 2016-06-06 10:52 - 00000000 ____D C:\Program Files (x86)\hebxjqgm
2016-06-06 10:44 - 2016-06-06 10:44 - 00000000 ____D C:\Program Files (x86)\bgt90byd
emptytemp:
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
 Hast du noch irgendwelche Probleme mit deinem Rechner?
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
20.06.2016, 11:07
| #11 |
| | Windows Defender hat Software zur Browser Veränderung gefunden.... Bei ersten mal nicht als admin gestarted Nr 1: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
durchgeführt von Alex (2016-06-20 10:39:08) Run:1
Gestartet von C:\Users\Alex\Desktop
Geladene Profile: Alex (Verfügbare Profile: Alex & admin)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
hosts:
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
R3 WinHttpAutoProxySvc; winhttp.dll [X]
2016-06-06 10:52 - 2016-06-06 10:52 - 00000000 ____D C:\Program Files (x86)\hebxjqgm
2016-06-06 10:44 - 2016-06-06 10:44 - 00000000 ____D C:\Program Files (x86)\bgt90byd
emptytemp:
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
*****************
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Schlüssel nicht gefunden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Schlüssel nicht gefunden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Schlüssel nicht gefunden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
"C:\Windows\System32\Drivers\etc\hosts" => Konnte nicht verschoben werden.
Konnte nicht wiederhergestellt werden Hosts.
HKCR\PROTOCOLS\Filter\application/octet-stream => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\PROTOCOLS\Filter\application/x-complus => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\PROTOCOLS\Filter\application/x-msdownload => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
WinHttpAutoProxySvc => Dienst konnte nicht gestoppt werden.
WinHttpAutoProxySvc => Dienst konnte nicht entfernt werden
"C:\Program Files (x86)\hebxjqgm" Ordner verschieben:
Konnte nicht verschoben werden "C:\Program Files (x86)\hebxjqgm" => ist geplant bei Neustart verschoben zu werden.
"C:\Program Files (x86)\bgt90byd" Ordner verschieben:
Konnte nicht verschoben werden "C:\Program Files (x86)\bgt90byd" => ist geplant bei Neustart verschoben zu werden.
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => Schlüssel konnte nicht entfernt werden. Zugriff verweigert.
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 133358921 B
Java, Flash, Steam htmlcache => 379 B
Windows/system/drivers => 707154020 B
Edge => 0 B
Chrome => 925400027 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
Alex => 272604412 B
admin => 556910979 B
tvsu_tmp_xauvyFOKCU => 0 B
tvsu_tmp_ohkzhTWVQS => 0 B
RecycleBin => 0 B
EmptyTemp: => 2.4 GB temporäre Dateien entfernt.
================================
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2016-06-20 10:55:39)
==> ACHTUNG: Das System wurde nicht neu gestartet.
C:\Program Files (x86)\hebxjqgm => erfolgreich verschoben
C:\Program Files (x86)\bgt90byd => erfolgreich verschoben
==== Ende von Fixlog 10:55:39 ====
Nr 2: Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
durchgeführt von admin (2016-06-20 12:03:20) Run:2
Gestartet von C:\Users\Alex\Desktop
Geladene Profile: Alex & admin (Verfügbare Profile: Alex & admin)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Keine Datei
hosts:
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Keine Datei
R3 WinHttpAutoProxySvc; winhttp.dll [X]
2016-06-06 10:52 - 2016-06-06 10:52 - 00000000 ____D C:\Program Files (x86)\hebxjqgm
2016-06-06 10:44 - 2016-06-06 10:44 - 00000000 ____D C:\Program Files (x86)\bgt90byd
emptytemp:
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Keine Datei
*****************
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => Schlüssel erfolgreich entfernt
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Schlüssel nicht gefunden.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Schlüssel nicht gefunden.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Schlüssel nicht gefunden.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Schlüssel nicht gefunden.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Schlüssel nicht gefunden.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Schlüssel nicht gefunden.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Schlüssel nicht gefunden.
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
"HKCR\PROTOCOLS\Filter\application/octet-stream" => Schlüssel erfolgreich entfernt
"HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}" => Schlüssel erfolgreich entfernt
"HKCR\PROTOCOLS\Filter\application/x-complus" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Schlüssel nicht gefunden.
"HKCR\PROTOCOLS\Filter\application/x-msdownload" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{1E66F26B-79EE-11D2-8710-00C04F79ED0D} => Schlüssel nicht gefunden.
WinHttpAutoProxySvc => Dienst konnte nicht gestoppt werden.
WinHttpAutoProxySvc => Dienst erfolgreich entfernt
"C:\Program Files (x86)\hebxjqgm" => nicht gefunden.
"C:\Program Files (x86)\bgt90byd" => nicht gefunden.
"HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => Schlüssel erfolgreich entfernt
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5743688 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 1253633 B
Edge => 0 B
Chrome => 12202120 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 4193 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66409 B
systemprofile32 => 66228 B
LocalService => 1685858 B
NetworkService => 536118 B
Alex => 7180 B
admin => 133 B
tvsu_tmp_xauvyFOKCU => 0 B
tvsu_tmp_ohkzhTWVQS => 0 B
RecycleBin => 7544 B
EmptyTemp: => 28.6 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 12:03:28 ====
|
|
21.06.2016, 10:32
| #12 |
| /// Malwareteam | Windows Defender hat Software zur Browser Veränderung gefunden.... Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen. Hast du noch irgendwelche Probleme mit deinem Rechner?
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
21.06.2016, 15:32
| #13 |
| | Windows Defender hat Software zur Browser Veränderung gefunden.... First: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
durchgeführt von admin (Administrator) auf HAL9000 (21-06-2016 11:36:37)
Gestartet von C:\Users\Alex\Desktop
Geladene Profile: Alex & admin (Verfügbare Profile: Alex & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Apache Software Foundation) C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe
(Apache Software Foundation) C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => TpShocks.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [113656 2013-01-17] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1531872 2016-04-17] (Sophos Limited)
HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Run: [Google Update] => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [231936 2016-04-17] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [289040 2016-04-17] (Sophos Limited)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2016-01-26]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-06-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-17] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 128.176.0.28 128.176.0.30
Tcpip\..\Interfaces\{A02846B1-0C75-46DA-98F5-D043C157A837}: [DhcpNameServer] 212.18.3.5 212.18.0.5
Tcpip\..\Interfaces\{A7D516E4-DB8B-426B-BE4F-089A40F595A5}: [DhcpNameServer] 128.176.0.28 128.176.0.30
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\Chem3D\npChem3DPlugin.dll [2014-04-17] (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=14.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2014\ChemDraw\npcdp32.dll [2014-04-17] (CambridgeSoft Corp.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2013-01-11] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.1.0.5292844\npmathplugin.dll [2015-03-24] (Wolfram Research, Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1968842236-1166385170-3651055052-1010: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2016-03-22] (Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-15]
CHR Extension: (Google Docs) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-15]
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-15]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-15]
CHR Extension: (Google-Suche) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-15]
CHR Extension: (Google Tabellen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-31]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-16]
CHR Extension: (Google Mail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-15]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S4 Accelrys License Server; C:\Program Files (x86)\Accelrys\LicensePack\win32\bin\lmgrd.exe [1333600 2013-10-30] (Macrovision Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-05-06] (Creative Labs) [Datei ist nicht signiert]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [Datei ist nicht signiert]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [326160 2016-04-14] (Lenovo.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S3 LSC.Services.SystemService; c:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-04-20] (Lenovo)
R2 MaterialsStudioGateway; C:\Program Files (x86)\Accelrys\Apache\bin\httpd.exe [24064 2013-10-16] (Apache Software Foundation) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [311544 2016-04-17] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [285136 2016-04-17] (Sophos Limited)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-17] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [604000 2016-04-17] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2016-04-17] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2455816 2016-04-17] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [21536 2016-01-13] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3339736 2016-04-17] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2118896 2016-04-17] (Sophos Limited)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
S4 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 Ctafiltv; C:\Windows\System32\drivers\Ctafiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-15] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-04-17] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-17] (Sophos Limited)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-17] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-04-17] (Sophos Limited)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [194976 2015-12-18] (Oracle Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-12-23] (Cisco Systems, Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-20 13:16 - 2016-06-20 13:22 - 00000000 ____D C:\Program Files (x86)\jmol
2016-06-20 10:39 - 2016-06-20 12:03 - 00009478 _____ C:\Users\Alex\Desktop\Fixlog.txt
2016-06-20 10:39 - 2016-06-20 10:55 - 00010907 _____ C:\Users\Alex\Desktop\Fixlog111.txt
2016-06-20 10:38 - 2016-06-20 10:38 - 00000000 ____D C:\Users\Alex\Desktop\FRST-OlderVersion
2016-06-17 18:53 - 2016-06-17 18:53 - 00000000 ____D C:\Program Files (x86)\ESET
2016-06-17 18:52 - 2016-06-17 18:52 - 02870984 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_deu.exe
2016-06-17 12:54 - 2016-06-17 13:01 - 00052529 _____ C:\Users\Alex\Desktop\Addition_2.txt
2016-06-17 12:37 - 2016-06-17 12:37 - 00002806 _____ C:\Users\Alex\Desktop\mbamlog.txt
2016-06-17 12:35 - 2016-06-17 12:35 - 00002665 _____ C:\Users\Alex\Desktop\mbam.txt
2016-06-17 12:26 - 2016-06-17 12:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-17 12:26 - 2016-06-17 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2016-06-17 12:26 - 2016-06-17 12:26 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-06-17 12:26 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-17 12:26 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-17 12:26 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-17 12:24 - 2016-06-17 12:25 - 22851472 _____ (Malwarebytes ) C:\Users\Alex\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-17 12:13 - 2016-06-17 12:22 - 00000000 ____D C:\AdwCleaner
2016-06-17 12:12 - 2016-06-17 12:12 - 00000000 ____D C:\Users\admin\Documents\ERUNT
2016-06-17 12:05 - 2016-06-17 12:06 - 03703360 _____ C:\Users\Alex\Desktop\AdwCleaner_5.200.exe
2016-06-16 14:22 - 2016-06-16 14:21 - 00001297 _____ C:\Windows\system32\Drivers\etc\hosts_Backup_20160616_022237
2016-06-16 13:55 - 2016-06-02 11:14 - 00001297 _____ C:\Windows\system32\Drivers\etc\hosts_Backup_20160616_015555
2016-06-16 13:48 - 2016-06-16 13:48 - 00001297 _____ C:\Users\Alex\Documents\hosts_with_adds.txt
2016-06-16 10:17 - 2016-06-16 10:17 - 00001311 _____ C:\Users\Alex\Desktop\datenträgerbereinigung pro.lnk
2016-06-15 23:28 - 2016-06-16 11:03 - 00000159 _____ C:\Users\Alex\Documents\Sophos alter updateserver.txt
2016-06-15 22:26 - 2016-06-15 22:28 - 00234138 _____ C:\TDSSKiller.3.1.0.9_15.06.2016_22.26.37_log.txt
2016-06-15 15:32 - 2016-06-15 15:32 - 00112933 _____ C:\Users\Alex\Desktop\tada2.txt
2016-06-15 14:18 - 2016-06-15 15:21 - 00112779 _____ C:\Users\Alex\Desktop\tada.txt
2016-06-15 13:58 - 2016-06-21 11:36 - 00763317 _____ C:\Users\Alex\Desktop\Addition.txt
2016-06-15 13:58 - 2016-06-21 11:36 - 00027687 _____ C:\Users\Alex\Desktop\FRST.txt
2016-06-15 13:57 - 2016-06-21 11:36 - 00000000 ____D C:\FRST
2016-06-15 13:54 - 2016-06-20 10:38 - 02387456 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2016-06-15 10:15 - 2016-05-24 01:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 10:15 - 2016-05-24 00:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 10:15 - 2016-05-21 19:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 10:15 - 2016-05-21 18:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 10:15 - 2016-05-21 00:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 10:15 - 2016-05-21 00:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 10:15 - 2016-05-21 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 10:15 - 2016-05-21 00:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 10:15 - 2016-05-21 00:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 10:15 - 2016-05-21 00:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 10:15 - 2016-05-21 00:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-21 00:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 10:15 - 2016-05-21 00:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-21 00:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 10:15 - 2016-05-21 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 10:15 - 2016-05-20 23:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 10:15 - 2016-05-20 23:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 10:15 - 2016-05-20 23:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 10:15 - 2016-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 10:15 - 2016-05-20 23:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 10:15 - 2016-05-20 23:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 10:15 - 2016-05-20 23:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 10:15 - 2016-05-20 23:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 10:15 - 2016-05-20 23:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 10:15 - 2016-05-20 23:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 10:15 - 2016-05-20 23:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 10:15 - 2016-05-20 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 10:15 - 2016-05-20 23:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 23:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 10:15 - 2016-05-20 23:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 23:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 10:15 - 2016-05-20 23:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 10:15 - 2016-05-20 23:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 10:15 - 2016-05-20 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 10:15 - 2016-05-20 23:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 10:15 - 2016-05-20 23:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 10:15 - 2016-05-20 23:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 10:15 - 2016-05-20 23:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 10:15 - 2016-05-20 23:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 10:15 - 2016-05-20 23:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 10:15 - 2016-05-20 23:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 10:15 - 2016-05-20 23:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 10:15 - 2016-05-20 23:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 10:15 - 2016-05-20 23:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 10:15 - 2016-05-20 23:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 10:15 - 2016-05-20 23:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 23:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 23:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 10:15 - 2016-05-20 23:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 23:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 10:15 - 2016-05-20 23:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 10:15 - 2016-05-20 22:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 10:15 - 2016-05-20 22:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 10:15 - 2016-05-20 22:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 10:15 - 2016-05-20 22:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 10:15 - 2016-05-20 22:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 10:15 - 2016-05-20 22:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 10:15 - 2016-05-18 18:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 10:15 - 2016-05-18 18:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 10:15 - 2016-05-14 00:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 10:15 - 2016-05-14 00:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 10:15 - 2016-05-13 23:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 10:15 - 2016-05-13 23:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 10:15 - 2016-05-13 23:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 10:15 - 2016-05-13 23:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 10:15 - 2016-05-13 23:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 10:15 - 2016-05-12 19:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 10:15 - 2016-05-12 19:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 10:15 - 2016-05-12 19:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 10:15 - 2016-05-12 19:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 10:15 - 2016-05-12 19:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 10:15 - 2016-05-12 19:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 10:15 - 2016-05-12 17:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 10:15 - 2016-05-12 17:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 10:15 - 2016-05-12 17:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 10:15 - 2016-05-12 17:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 10:15 - 2016-05-12 16:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 10:15 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 10:15 - 2016-05-12 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 10:15 - 2016-05-12 16:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 10:15 - 2016-05-12 16:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 10:15 - 2016-05-12 16:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 10:15 - 2016-05-12 15:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 10:15 - 2016-05-12 15:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 10:15 - 2016-05-12 15:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 10:15 - 2016-05-11 19:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 10:15 - 2016-05-11 17:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 10:15 - 2016-05-11 17:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 10:15 - 2016-05-11 17:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 10:15 - 2016-05-11 16:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-13 13:04 - 2016-06-13 13:04 - 00000000 ____D C:\Users\Alex\.QtWebEngineProcess
2016-06-13 13:04 - 2016-06-13 13:04 - 00000000 ____D C:\Users\Alex\.LSC
2016-06-10 09:23 - 2016-06-10 09:23 - 00000152 _____ C:\Users\Alex\Documents\path.txt
2016-06-09 20:28 - 2016-06-17 12:09 - 00000000 ____D C:\Users\Alex\Documents\Registry Backup
2016-06-09 14:31 - 2016-06-09 14:31 - 00001346 _____ C:\Users\Alex\Desktop\IE8 - WinXP_1.lnk
2016-06-07 15:29 - 2016-06-17 12:40 - 00000967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dukto R6.lnk
2016-06-07 15:29 - 2016-06-07 15:29 - 00000000 ____D C:\Program Files (x86)\Dukto
2016-06-07 11:27 - 2016-06-17 12:40 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2016-06-05 11:54 - 2016-06-05 11:54 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 16:20 - 2016-06-02 22:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-05-30 14:59 - 2016-05-30 15:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\texstudio
2016-05-30 14:59 - 2016-05-30 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Lenovo
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lenovo
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\.QtWebEngineProcess
2016-05-30 13:21 - 2016-05-30 13:21 - 00000000 ____D C:\Users\admin\.LSC
2016-05-27 11:31 - 2016-05-27 11:31 - 00000000 ____D C:\Program Files (x86)\LangmuirPC
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-21 11:31 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-21 11:31 - 2009-07-14 06:45 - 00031888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-21 11:29 - 2011-04-12 09:43 - 00699342 _____ C:\Windows\system32\perfh007.dat
2016-06-21 11:29 - 2011-04-12 09:43 - 00149450 _____ C:\Windows\system32\perfc007.dat
2016-06-21 11:29 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-21 11:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-06-21 11:25 - 2015-10-19 16:20 - 00001220 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job
2016-06-21 11:24 - 2015-12-09 13:47 - 00000544 _____ C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job
2016-06-21 11:23 - 2014-04-23 19:41 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 11:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 22:21 - 2014-12-31 15:16 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job
2016-06-20 22:07 - 2014-04-23 19:41 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-20 16:25 - 2015-10-19 16:20 - 00001168 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job
2016-06-20 15:36 - 2015-10-06 12:00 - 00018318 ____H C:\Users\Alex\_viminfo
2016-06-20 15:36 - 2014-04-23 11:49 - 00000000 ____D C:\Users\Alex
2016-06-20 13:23 - 2014-12-12 17:46 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chemie
2016-06-20 11:21 - 2014-12-31 15:16 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job
2016-06-20 10:52 - 2016-02-04 10:43 - 00000000 ____D C:\Users\Alex\AppData\LocalLow\Temp
2016-06-18 14:29 - 2016-01-11 22:52 - 00000000 ____D C:\Users\Alex\.VirtualBox
2016-06-18 08:40 - 2014-04-23 19:42 - 00002175 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 23:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2016-06-17 19:41 - 2016-01-07 10:50 - 00000000 ____D C:\Program Files (x86)\Hive1_5_3_18VASP5
2016-06-17 12:52 - 2015-09-13 14:14 - 00000600 _____ C:\Users\Alex\AppData\Local\PUTTY.RND
2016-06-17 12:40 - 2016-05-11 13:15 - 00000967 _____ C:\Users\admin\Desktop\Xming.lnk
2016-06-17 12:40 - 2016-05-03 13:50 - 00001959 _____ C:\Users\admin\Desktop\wxEWA excutable.lnk
2016-06-17 12:40 - 2016-02-05 16:37 - 00001017 _____ C:\Users\Public\Desktop\TeXstudio F8 F8 F5.lnk
2016-06-17 12:40 - 2016-01-15 14:47 - 00002124 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2016-06-17 12:40 - 2016-01-15 14:47 - 00001053 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-17 12:40 - 2015-12-11 22:57 - 00001964 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gwyddion (64bit).lnk
2016-06-17 12:40 - 2015-12-09 13:47 - 00001287 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015b.lnk
2016-06-17 12:40 - 2015-10-27 19:16 - 00001717 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2016-06-17 12:40 - 2015-09-21 15:43 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-06-17 12:40 - 2015-09-21 15:43 - 00000977 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-06-17 12:40 - 2015-09-01 13:05 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sciebo.lnk
2016-06-17 12:40 - 2015-09-01 13:05 - 00000977 _____ C:\Users\Public\Desktop\sciebo.lnk
2016-06-17 12:40 - 2014-08-26 14:44 - 00002084 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-06-17 12:40 - 2014-06-06 13:47 - 00002010 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
2016-06-17 12:40 - 2009-07-14 07:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-06-17 12:40 - 2009-07-14 06:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-06-17 12:40 - 2009-07-14 06:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-06-17 12:40 - 2009-07-14 06:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-06-17 12:22 - 2015-11-28 20:38 - 00000978 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-06-17 12:22 - 2015-11-28 20:38 - 00000948 _____ C:\Users\Alex\Desktop\Start Tor Browser.lnk
2016-06-16 15:17 - 2015-09-01 13:05 - 00000000 ____D C:\Users\Alex\AppData\Local\sciebo
2016-06-16 14:10 - 2016-03-27 17:15 - 00393412 _____ C:\Windows\ntbtlog.txt
2016-06-16 12:11 - 2015-08-24 19:32 - 00000000 ____D C:\Users\Alex\.matplotlib
2016-06-15 13:37 - 2014-12-12 17:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPM
2016-06-15 13:11 - 2016-05-03 13:50 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\wxEWA
2016-06-15 12:49 - 2016-01-15 14:47 - 00000000 ____D C:\Users\admin
2016-06-15 12:20 - 2009-07-14 06:45 - 00576312 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 12:10 - 2014-04-23 19:00 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 12:05 - 2014-04-23 19:00 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 09:06 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 19:31 - 2010-11-21 05:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-10 13:35 - 2015-09-21 17:19 - 00000600 _____ C:\Users\Alex\AppData\Roaming\winscp.rnd
2016-06-09 23:13 - 2015-11-23 22:21 - 00000000 ____D C:\Users\Alex\Documents\Visual Studio 2008
2016-06-09 23:06 - 2015-11-23 22:21 - 00000000 ____D C:\Users\Alex\AppData\Local\Microsoft Help
2016-06-09 14:07 - 2016-01-11 22:53 - 00000000 ____D C:\Users\Alex\VirtualBox VMs
2016-06-09 14:02 - 2016-01-26 17:22 - 00000000 ____D C:\Users\admin\.VirtualBox
2016-06-07 16:59 - 2016-01-04 13:43 - 00000000 ____D C:\Users\Alex\AppData\Roaming\texstudio
2016-06-07 11:28 - 2015-07-30 20:39 - 00000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2016-06-05 11:54 - 2014-05-01 22:27 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Dropbox
2016-06-03 08:59 - 2014-08-26 14:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-02 11:17 - 2016-01-15 14:47 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2016-05-30 14:59 - 2016-01-04 13:42 - 00000000 ____D C:\Program Files (x86)\TeXstudio
2016-05-30 13:20 - 2014-04-23 19:58 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-05-30 13:20 - 2014-04-23 19:58 - 00000000 ____D C:\Program Files (x86)\Lenovo
2016-05-30 13:19 - 2014-04-23 20:04 - 00000000 ____D C:\Windows\Downloaded Installations
2016-05-29 13:10 - 2016-03-31 12:40 - 00000638 _____ C:\Windows\Tasks\TrackerAutoUpdate.job
2016-05-27 09:25 - 2015-07-23 15:31 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-05-27 09:24 - 2015-07-23 15:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
1998-03-09 16:40 - 1998-03-09 16:40 - 0029184 _____ () C:\Program Files (x86)\ArrayTest.dll
1999-01-10 17:22 - 1999-01-10 17:22 - 0029696 _____ () C:\Program Files (x86)\dll_Backgr.dll
2000-04-30 04:21 - 2000-04-30 04:21 - 0034304 _____ () C:\Program Files (x86)\DLL_Elsep3.dll
2000-04-25 02:54 - 2000-04-25 02:54 - 0000000 _____ () C:\Program Files (x86)\HelpSimpleBackgr.hlp
2000-05-05 10:15 - 2000-05-05 10:15 - 0225280 _____ (Fysisk Institut) C:\Program Files (x86)\SimpleBackgr.exe
2016-03-16 00:16 - 2016-03-16 00:16 - 0004605 _____ () C:\Program Files (x86)\ST6UNST.LOG
2016-03-30 23:12 - 2016-03-31 12:28 - 0000034 _____ () C:\Users\admin\AppData\Roaming\AdobeWLCMCache.dat
2016-04-18 11:57 - 2016-04-18 11:57 - 0000600 _____ () C:\Users\admin\AppData\Roaming\winscp.rnd
2016-04-16 11:03 - 2016-04-16 11:03 - 0007605 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
ACHTUNG: ==> Auf den BCD konnte nicht zugegriffen werden.
LastRegBack: 2016-06-17 23:49
==================== Ende von FRST.txt ============================
addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
durchgeführt von admin (2016-06-21 11:36:58)
Gestartet von C:\Users\Alex\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-04-23 09:49:47)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
admin (S-1-5-21-1968842236-1166385170-3651055052-1010 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1968842236-1166385170-3651055052-500 - Administrator - Disabled)
Alex (S-1-5-21-1968842236-1166385170-3651055052-1000 - Limited - Enabled) => C:\Users\Alex
Gast (S-1-5-21-1968842236-1166385170-3651055052-501 - Limited - Disabled)
SophosSAUHAL90000 (S-1-5-21-1968842236-1166385170-3651055052-1001 - Limited - Enabled)
SophosSAUHAL90001 (S-1-5-21-1968842236-1166385170-3651055052-1015 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
"Unistall wxEWA binary" (HKLM-x32\...\wxEWA_is1) (Version: 0.29Alpha9 - János Végh, MTA ATOMKI, Hungary)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Accelrys License Pack (HKLM-x32\...\{C0C44F90-ACB8-4DA2-9433-CFC9F4D4AA37}) (Version: 7.6.9 - Accelrys Software Inc.)
Accelrys License Pack (x64) (HKLM\...\{8879D8DC-723D-4DD6-B016-91D397EC693B}) (Version: 7.6.9 - Accelrys Software Inc.)
Accelrys Materials Studio 7.0 (HKLM-x32\...\{8CE9B2FD-A06F-4B42-8BE4-530CB973C5A4}) (Version: 7.0 - Accelrys Software Inc.)
Accelrys Materials Studio 7.0 (x64 Server) (Version: 7.0 - Accelrys Software Inc.) Hidden
Accelrys Materials Studio 7.0 Documentation (x32 Version: 7.0 - Accelrys Software Inc.) Hidden
Accelrys Materials Studio Gateway Service (x64) (HKLM\...\{98FD3007-E164-4096-BD6E-17CA4AA08C6A}) (Version: 7.0.4 - Accelrys Software Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.73.01 - )
ArgusLab (HKLM-x32\...\{01D190D9-B876-48C1-BD5B-FE8247DDBE40}) (Version: 4.0.1 - Planaria Software LLC)
Aspell English Dictionary-0.50-2 (HKLM-x32\...\Aspell English Dictionary_is1) (Version: - GNU)
Aspell German Dictionary-0.50-2 (HKLM-x32\...\Aspell German Dictionary_is1) (Version: - GNU)
Avogadro (HKLM-x32\...\Avogadro) (Version: 1.1.1 modified for ORCA support - Humanity)
CambridgeSoft ChemBioDraw Ultra 14.0 (HKLM-x32\...\{8B4EE9DF-BE12-488C-AAF0-72B09E53AA41}) (Version: 14.0 - CambridgeSoft Corporation)
ChromecastApp (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01035 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.2.01035 - Cisco Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.3.100.10 - Citrix Systems, Inc.)
COMPRO12 (HKLM-x32\...\{48454FE0-DFE1-4CF2-BED5-E2311D3E2AEE}) (Version: 12.00 - SASJ)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Corel Graphics - Windows Shell Extension (HKLM\...\_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Content (HKLM-x32\...\_{C221B72F-C0AC-4DD7-B27E-701B1E9DE23A}) (Version: 16.0 - Corel Corporation)
CorelDRAW Graphics Suite X6 - Content (x32 Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - DE (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - NL (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.0 - Corel Corporation) Hidden
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - Creative Technology Limited)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dienstprogramm "ThinkPad UltraNav" (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
DjVuLibre DjView 3.5.27+4.10.4 (HKLM-x32\...\DjVuLibre+DjView) (Version: 3.5.27+4.10.4 - DjVuZone)
Dropbox (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dukto R6 (HKLM-x32\...\{386C0311-B146-4CE0-89E5-8469A3583156}}_is1) (Version: R6 - Emanuele Colombo)
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.68.10 - Lenovo Group Limited)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GNU Aspell 0.50-3 (HKLM-x32\...\GNU Aspell_is1) (Version: - GNU)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Gwyddion (HKLM\...\Gwyddion) (Version: 2.43.win64 - Gwyddion developers)
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}.KB947789) (Version: 1 - Microsoft Corporation)
Igor Pro (HKLM-x32\...\Igor Pro) (Version: 6.3.6.4 (6.36) - WaveMetrics, Inc.)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel(R) C++ Redistributables on IA-32 (HKLM-x32\...\{5018D8E6-8D8E-4F76-9AFD-CB2EF1100E84}) (Version: 13.0.089 - Intel Corporation)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{791FF357-3DE8-485E-BD59-41844BB16415}) (Version: 13.0.089 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel(R) Identity Protection Technology 1.2.28.0 (HKLM-x32\...\{A87263E8-26CB-1016-8F2F-C04708B17CE2}) (Version: 1.2.28.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.07 - )
Lenovo Solution Center (HKLM\...\{AB46AC6D-3E9A-4484-8061-64FF10301B41}) (Version: 3.3.002.00 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0022 - Lenovo)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 2015 (HKLM\...\Maple 2015) (Version: 2015 - Maplesoft)
Maple Toolbox 2015 (HKLM\...\Maple Toolbox 2015) (Version: 2015 - Maplesoft)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Mercury (HKLM-x32\...\Mercury 3.8) (Version: 3.8 - CCDC)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4823.1004 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ Compiler Package for Python 2.7 (HKLM-x32\...\{692514A8-5484-45FC-B0AE-BE2DF7A75891}) (Version: 9.0.1.30729 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (HKLM-x32\...\{8E87B944-4815-3C5E-947F-5035C9F64362}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (HKLM-x32\...\{76DAEC83-AF7B-333C-8A53-83D7C7D39199}) (Version: 9.0.30729 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1.5990 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 de)) (Version: 45.1.1 - Mozilla)
mRemoteNG (HKLM-x32\...\mRemoteNG) (Version: 1.72.5065.32737 - Next Generation Software)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NWZ Terminal Server (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\nwzcitrix-4c8371e1@@Controller.NWZHome $S1-1) (Version: 1.0 - Delivered by Citrix)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.3.100.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.12 (HKLM\...\{6F93731D-89E1-4A8F-BDA9-D104860DDB02}) (Version: 5.0.12 - Oracle Corporation)
Orca (HKLM-x32\...\Orca) (Version: 3.0.3 - Max-Planck-Institute for Chemical Energy Conversion)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pdf 2 Djvu Converter 1.0.3.8 (HKLM-x32\...\Djvu-Spec Pdf 2 Djvu Converter) (Version: 1.0.3.8 - Djvu-Spec)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.317.0 - Tracker Software Products Ltd)
peak-o-mat 1.1.9 (HKLM-x32\...\peak-o-mat_is1) (Version: - )
PeaZip 5.9.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 5.9.0 - Giorgio Tani)
POV-Ray for Windows v3.7 (HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\...\POV-Ray for Windows v3.7) (Version: 3.7 - Persistence of Vision Raytracer Pty. Ltd.)
Python 2.7 matplotlib-1.4.3 (64-bit) (HKLM\...\matplotlib-py2.7) (Version: - )
Python 2.7 pygtk-2.24.0 (HKLM-x32\...\{0205122C-20A8-4600-97D5-234C88A22B99}) (Version: 2.24.0 - James Henstridge)
Python 2.7 scipy-0.16.0 (HKLM-x32\...\scipy-py2.7) (Version: - )
Python 2.7.10 (64-bit) (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C3}) (Version: 2.7.10150 - Python Software Foundation)
QUASES IMFP-TPP2M (C:\Program Files (x86)\QUASES-Tougaard\Quases-IMFP-TPP2M\) (HKLM-x32\...\ST6UNST #4) (Version: - )
QUASES IMFP-TPP2M (HKLM-x32\...\ST6UNST #2) (Version: - )
QUASES-Tougaard Simple Backgrounds (HKLM-x32\...\ST6UNST #6) (Version: - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
sciebo (HKLM-x32\...\sciebo) (Version: 2.1.1.525 - Sync and Share NRW )
Self-Service Plug-in (x32 Version: 4.3.100.10167 - Citrix Systems, Inc.) Hidden
Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.0 - Sophos Limited)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Texmaker (HKLM-x32\...\Texmaker) (Version: - )
TeXstudio 2.11.0 (HKLM-x32\...\TeXstudio_is1) (Version: 2.11.0 - Benito van der Zander)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.42 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.07 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.11.0.0 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
Time Stopper (HKLM-x32\...\Time Stopper4.0) (Version: 4.0 - DilSoft)
TmoleX 4.1.0 (HKLM-x32\...\4370-0238-2378-4027) (Version: 4.1.0 - COSMOlogic GmbH & Co. KG)
Total Uninstall 2.35 (HKLM-x32\...\Total Uninstall_is1) (Version: 2.35 - Gavrila Martau)
Vernissage - V2.1 (HKLM-x32\...\{C12C4017-862D-47AF-B1C0-F03CB1C9D9B4}) (Version: 2.1.12131.86 - Omicron NanoTechnology GmbH)
Vim 7.4: Edit with Vim popup menu entry (HKLM\...\Vim 7.4) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VMD 1.9.2 (HKLM-x32\...\{089F161A-EFCE-44D8-8D38-C401835D93E4}) (Version: 1.9.2 - University of Illinois)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wolfram Extras 10.1 (5292844) (HKLM\...\A-WIN-Extras 10.1.0 5292844_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
Wolfram Mathematica 10.1 (M-WIN-L 10.1.0 5292918) (HKLM\...\M-WIN-L 10.1.0 5292918_is1) (Version: 10.1.0 - Wolfram Research, Inc.)
WSxM (HKLM-x32\...\{0708C401-5D15-49DE-8BF1-BD21DBBF44B7}) (Version: 1.0.0 - WSxM solutions)
Xming 6.9.0.31 (HKLM-x32\...\Xming_is1) (Version: 6.9.0.31 - Colin Harrison)
XPS MultiQuant (HKLM-x32\...\ST6UNST #3) (Version: - )
XPS-Simulation Program by S. Tougaard and F. Yubero (C:\Program Files (x86)\Quases-Tougaard\QUEELS-XPS Simulation\) (HKLM-x32\...\ST6UNST #5) (Version: - )
XPS-Simulation Program by S. Tougaard and F. Yubero (HKLM-x32\...\ST6UNST #1) (Version: - )
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Alex\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1968842236-1166385170-3651055052-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2D095618-2F59-4A81-9852-A48B746F65D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2E054455-8DEE-43AE-881C-EBFD9AF1DEDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3A0D7129-F99E-4E9F-944A-73A78FB30581} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-04-20] (Lenovo)
Task: {4B2DDA84-48BE-4F09-815D-F247C543AA54} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {7A03FD0B-921D-4666-9A87-8348D33A1BDB} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
Task: {7A0DC724-127F-4D97-9CF7-B64999247C6F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {92159481-32FD-4CC5-9570-009950FCD14C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {927D939A-B5C2-4D42-A5B2-709A18A6E770} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {A2FF9D65-26F6-4448-BCB0-88182EE14BC0} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe
Task: {A93759DF-969B-447B-B9B2-52C9533D6E5B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-19] (Dropbox, Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {AF44EBCF-CFC4-4735-8DE4-E69EDCA5FB5C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C56C6F01-ECD4-4E41-B507-541D078846F5} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2016-04-14] (Lenovo Group Limited)
Task: {C8D5FEBF-2230-4B33-89CB-9BC0008822A9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-04-20] ()
Task: {CE3C8CED-8072-416D-8561-38709EF52372} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {CEB1C246-3A72-4D47-9021-76CF49B6802E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-01-13] ()
Task: {D93F1065-0FF8-4931-ACF4-EAB2B8D5EE6B} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [2016-03-22] (Tracker Software Products (Canada) Ltd.)
Task: {DA1CE3B3-BF06-4A79-93A5-1F75489184E4} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2016-04-20] (Lenovo)
Task: {DCB37942-77A5-4D09-94C8-C8064CD9A8A7} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => c:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-04-20] (Lenovo)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F06E72E1-F59E-4C15-A29C-C4C801E4FF3E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {F0F9DD4B-11DD-4DBE-93DF-EA48F48D856A} - System32\Tasks\{CDEE53C9-7447-4444-A475-911F56BCB26C} => pcalua.exe -a C:\Users\admin\Downloads\zivsophos10.exe -d C:\Users\admin\Downloads
Task: {F2FEE01E-F111-48C9-BD06-A209F3A426FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {F6B479A1-4A1C-4F7D-8CB4-065140191D0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FDAC2F53-0A1F-4122-B74E-FE3FBB363E14} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-19] (Dropbox, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job => C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000Core.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968842236-1166385170-3651055052-1000UA.job => C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\Windows\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-07-31 13:39 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-23 20:05 - 2016-04-14 06:08 - 00119808 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2015-03-30 19:54 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-17 15:41 - 2016-04-17 15:41 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-04-17 15:41 - 2016-04-17 15:41 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2013-02-19 20:34 - 2013-02-19 20:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-23 09:33 - 2015-12-23 09:33 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-06-06 13:46 - 2011-06-29 18:09 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2014-06-06 13:46 - 2011-06-29 18:09 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2015-12-28 15:28 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-12-28 15:28 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Alex\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2016-06-16 14:24 - 2016-06-20 12:03 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1968842236-1166385170-3651055052-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1968842236-1166385170-3651055052-1010\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 128.176.0.28 - 128.176.0.30
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: Accelrys License Server => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Citrix Receiver.lnk => C:\Windows\pss\Citrix Receiver.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: CtaMon => Rundll32 CtaMon.dll,RunMonitor
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Alex\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ForteConfig => C:\Program Files\Conexant\ForteConfig\fmapp.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: tvncontrol => "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{892ED2FB-7E39-4C77-9EE6-65086EB09238}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{AFFD75D6-4AB5-4333-A38F-63A15B1A3E7F}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [UDP Query User{5DF4A43A-747F-4854-A597-065315BB78FB}C:\windows\syswow64\msiexec.exe] => (Allow) C:\windows\syswow64\msiexec.exe
FirewallRules: [{978E8FA1-F66B-4DC1-9CD2-3022D9B1E65B}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{DE292FFE-ADFE-4713-ABFB-EC6B6FE99609}] => (Allow) C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A9AFB1BB-4C81-4AFB-841C-A6A5782B1557}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{F674ADF3-0F46-47C3-983A-1CC6C9021A5A}D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [UDP Query User{57972503-12BC-4882-AB17-BE620AB82D68}D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\downloads\lan-party\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [TCP Query User{F6105781-5E0B-49A8-94DD-7DBDD7138198}D:\privat\games\cod2mp_s.exe] => (Allow) D:\privat\games\cod2mp_s.exe
FirewallRules: [UDP Query User{BD95F092-0188-45AF-96CC-EC490B14C1F2}D:\privat\games\cod2mp_s.exe] => (Allow) D:\privat\games\cod2mp_s.exe
FirewallRules: [TCP Query User{0B6D06A7-1421-486B-BE19-C2BAA3B633FC}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [UDP Query User{78CB22BA-FD94-4603-8052-680C6DF2F289}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Allow) D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [{04EF5602-66D0-48B1-8167-A85A50C0D463}] => (Allow) C:\Users\Alex\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{CAB454B1-7DB1-4C06-BC0B-1EE1FDC254D5}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{A02ABC7A-C51E-4BB7-BD3D-038C6548A0E7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{291FCC84-197F-4689-BDEF-02FF1B229B4F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{62ED1571-A138-4074-B238-3644C0D04A8B}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [TCP Query User{52BD6F19-51C3-46EB-9227-5E462919DB58}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{C707DE4F-D5D7-442E-A82F-3C6DBBF180BC}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [{5D0D668B-5A3F-4467-B8AA-EC9AB4875C33}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.1\Mathematica.exe
FirewallRules: [{247E7115-27D7-4332-983E-71730C8C527A}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.1\Mathematica.exe
FirewallRules: [{C3C55160-F075-4E23-AF53-5C47A003F051}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.1\MathKernel.exe
FirewallRules: [{454F4534-5C23-47B1-803D-49FF0E9FCF8A}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.1\MathKernel.exe
FirewallRules: [{5B278EBF-2F8E-4A3D-85BD-B9B49785A9DE}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.1\math.exe
FirewallRules: [{A84FA5D9-747D-4899-970D-870B8B760A75}] => (Allow) C:\Program Files\Wolfram Research\Mathematica\10.1\math.exe
FirewallRules: [TCP Query User{ACC7714F-6E12-43BF-9BDD-724206853B3D}C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe
FirewallRules: [UDP Query User{32AAFA7E-B432-413E-89CA-C2546C0A1187}C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.2\bin\vernissage.exe
FirewallRules: [{C9ADE1DB-5662-4901-AC33-F4A03EBD9AB2}] => (Allow) C:\Program Files (x86)\Omicron NanoScience\Vernissage\V2.1\Bin\Vernissage.exe
FirewallRules: [{BC6A24DB-4321-4248-861F-9E1E15B6F304}] => (Allow) C:\Program Files (x86)\Omicron NanoScience\Vernissage\V2.1\Bin\Vernissage.exe
FirewallRules: [TCP Query User{93C42D44-2254-4BB7-866F-9D84FEF7F484}C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe
FirewallRules: [UDP Query User{7616E5EF-9B58-4685-947D-9735841F962A}C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe] => (Allow) C:\program files (x86)\omicron nanoscience\vernissage\v2.1\bin\vernissage.exe
FirewallRules: [TCP Query User{C915CDBC-95AF-4600-9AF7-20C3490ED645}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{BD0A55D6-14EA-4A0F-ADE2-CB92922061F0}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [TCP Query User{2543EB13-E35B-455E-A429-10C8BCE90027}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Block) D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [UDP Query User{A682F56C-EBDB-4BAA-AF90-5617952D2AB2}D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe] => (Block) D:\privat\games\counter-strike source\counter-strike source - to copy\hl2.exe
FirewallRules: [{65412269-912F-48F1-A80E-36AD132EF244}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1D743682-5D1B-495C-A0A6-672BF9B7276C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [TCP Query User{1C5F0927-03F9-4459-9DED-7B988A5A2CB7}C:\program files (x86)\cambridgesoft\chemoffice2014\chemdraw\chemdraw.exe] => (Block) C:\program files (x86)\cambridgesoft\chemoffice2014\chemdraw\chemdraw.exe
FirewallRules: [UDP Query User{8B22F143-82D5-4FA1-891A-4AB764EB0F38}C:\program files (x86)\cambridgesoft\chemoffice2014\chemdraw\chemdraw.exe] => (Block) C:\program files (x86)\cambridgesoft\chemoffice2014\chemdraw\chemdraw.exe
FirewallRules: [TCP Query User{7F4D6944-F476-4900-B0D5-D476096976FF}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [UDP Query User{81C5AFB9-614A-4531-AA69-65521A65264E}C:\program files (x86)\xming\xming.exe] => (Allow) C:\program files (x86)\xming\xming.exe
FirewallRules: [TCP Query User{72EC46C6-A191-4089-8A10-2777B8BA6985}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [UDP Query User{FA666C1E-C1AA-4DA7-B9CD-48C5FDF893B4}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [TCP Query User{5E522F9F-41A5-4541-AE49-C3A82B6B1484}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [UDP Query User{F389669E-5F7C-4BF8-93F9-4A1BD8CA127F}C:\program files (x86)\dukto\dukto.exe] => (Allow) C:\program files (x86)\dukto\dukto.exe
FirewallRules: [{DF756E30-9742-426A-B544-24CC0508298D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Wiederherstellungspunkte =========================
07-06-2016 10:35:46 Windows Defender Checkpoint
09-06-2016 20:38:14 JUN2015-PATHgone
14-06-2016 09:05:09 Windows Update
15-06-2016 12:03:25 Windows Update
15-06-2016 12:58:09 Windows Defender Checkpoint
21-06-2016 11:27:23 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Microsoft-ISATAP-Adapter #5
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (06/21/2016 11:24:00 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Systemfehler:
=============
Error: (06/20/2016 12:04:12 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (06/18/2016 08:42:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275 = Der Treiber konnte nicht geladen werden.
Error: (06/18/2016 08:42:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/18/2016 08:42:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275 = Der Treiber konnte nicht geladen werden.
Error: (06/18/2016 08:42:06 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/18/2016 08:42:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275 = Der Treiber konnte nicht geladen werden.
Error: (06/18/2016 08:42:06 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/18/2016 08:41:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275 = Der Treiber konnte nicht geladen werden.
Error: (06/18/2016 08:41:41 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\admin\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/18/2016 08:41:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275 = Der Treiber konnte nicht geladen werden.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16267.23 MB
Verfügbarer physikalischer RAM: 13179.35 MB
Summe virtueller Speicher: 17289.42 MB
Verfügbarer virtueller Speicher: 14048.36 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:238.37 GB) (Free:121.71 GB) NTFS
Drive d: (Daten) (Fixed) (Total:298.09 GB) (Free:170.9 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5069DEFD)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 8E080CFD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Ganz generell ist mir aufgefallen das in den letzten Tagen der Lüfter ( lenovo x220 ) häufiger läfut als das sonst der Fall war.... Aber ehrlich gesagt glaube ich da höhe ich Flöhe husten. EDIT: Das mit dem Lag lag wohl daran das ich die großen log files geposted hatte... Es läuft alles super so wie es ist. Am ende dieser säuberung würde ich gerne ein frisches Snapshot/abbild der Windows installation machen. Gibt es dazu hier eine Anleitung? |
|
23.06.2016, 19:05
| #14 | |
| /// Malwareteam | Windows Defender hat Software zur Browser Veränderung gefunden....Zitat:
Darum nach einem Backup das entsprechende Medium immer abstecken! Ich benutze gerne Drive Snapshot - Disk Image Backup for Windows NT/2000/XP/2003/X64- ne Anleitung gibt es auch auf der Seite. Funktioniert super. Die Logs von deinem Rechner sehen jetzt für mich sauber aus: Herzlichen Glückwunsch - du bist Clean  Zum Schluss müssen wir noch etwas aufräumen und ich gebe dir ein paar Hinweise mit auf den Weg: Wichtig: Entfernen der verwendeten Tools Die Reihenfolge ist hier entscheidend.
Malwarebytes Anti-Malware und  ESET kannst du als Ergänzung zu deiner bestehenden Antivirus-Lösung auf dem Computer belassen und deinen Computer damit regelmäßig scannen. Persönliche Empfehlungen Das wichtigste zu erst:
Schutz vor unerwünschter Software Adware ist zu einer Art permanenten Bedrohung geworden, weil immer mehr Programme versuchen, einem beim Installieren noch was anderes unterzujubeln - und wie schnell hat man da ein Häkchen übersehen? Darum: pass auf, wenn du dir Software aus dem Internet herunterlädst! Viele Portale im Internet wie Chip, Softonic und Sourceforge versuchen häufig, dir Adware oder sonstige Downloader mit unerwünschten Programmen unterzujubeln. Downloade nach Möglichkeit immer direkt von der Herstellerseite oder alternativ von einem sauberen Download-Portal, wie von FilePony.de. Lese dir dazu auch folgenden Artikel durch: CHIP-Installer - was ist das? - Anleitungen Selbst wenn du ein Programm von einer seriösen Quelle heruntergeladen hast, ist das keine Garantie, dass dein Programm nicht doch versucht, unerwünschte Änderungen an deinem Computer vorzunehmen. So versuchen immer mehr Programme, durch modifizierte Installationsroutinen unerwünschte Programme mit auf deinen PC zu schleusen. Das klappt leider auch häufig, weil viele Anwender nicht lesen, was auf dem Bildschirm steht und stattdessen schnell durchklicken. Deshalb: Wenn du ein Programm installierst, wähle immer die benutzerdefinierte Installation und schaue, was du da gerade eigentlich alles mit einem Klick auf "Ok" oder "Weiter" abnickst - entferne entsprechend die Haken bei Dingen, die du nicht möchtest. Wer lesen kann, ist klar im Vorteil! Benutze keine Optimizer, Cleaner oder sonstige SpeedUp Wunder, da diese Tools fast nie einen auch nur messbaren Performancegewinn bringen. Du kannst jedoch regelmäßig auf deinem PC die Datenträgerbereinigung ausführen, so gewinnst du belegten Speicherplatz zurück. Aktiviere in deiner Virenschutzlösungen den "Schutz vor potentiell unerwünschter Software", um dich bestmöglich zu schützen. Guter Trick: Wenn du den kostenlosen Windows Defender benutzt (ab Windows 8), kannst du einen vergleichbaren Schutz durch einen kleinen Trick auch nutzen! Lese dazu folgenden Artikel um dich mehr zu informieren: Windows mit verstecktem Adware-Killer Zum aktivieren dieses "Tricks" lade einfach nur diese Datei und führe sie aus: MpEnablePlus.reg Tipps, um dein System sicherer zu machen Halte immer deine Plug-ins und Software, insbesondere deinen Browser aktuell. Deinstalliere wenn möglich Java und den Adobe Flashplayer von deinem Computer. Neuerdings benötigt man sie fast nie mehr und stellen darum nur mehr eine unnötige Sicherheitslücke auf deinem Computer dar. Wenn du sie doch unbedingt benötigst, halte sie aber unbedingt aktuell. Weiters kannst du dir  Malwarebytes Anti-Exploit installieren. Es schützt gegen viele aktuelle Sicherheitslücken und erhöht so deine Sicherheit. Passwörter Ändere regelmäßig deine Passwörter! Zudem musst du sichere Passwörter benutzen, das bedeutet: mindestens 8 Zeichen, Groß- und Kleinbuchstaben und Sonderzeichen. Ganz wichtig: benutze pro Account ein anderes Passwort! Tipp: Benutze einen Spruch, den du dir leicht merken kannst, als Hilfe für ein Passwort! Zum Beispiel: Der Himmel ist blau und wenn es regnet?-grau ==> DHibuwer?-grau Unterstütze uns und empfiehl uns weiter Du kennst Freunde und Bekannte, die Probleme mit ihrem Computer haben? Schick sie doch zu uns auf das Trojaner Board, wir helfen gerne Wenn du uns mit einer Spende unterstützen möchtest, freuen wir uns sehr und dies kannst du hier tun: http://www.trojaner-board.de/79994-s...ndenkonto.html Herzlichen Dank dafür  Wir machen diese Tätigkeit hier freiwillig, darum freue ich mich besonders über ein kurzes Danke, wenn du mit mir zufrieden warest oder sonst über Verbesserungsvorschläge - das kannst du gerne hier machen Besuche und like unsere Facebook-Seite!  Danke für deine Mitarbeit und alles Gute! Bitte gib mir Bescheid, wenn du das alles gelesen hast und du keine weiteren Fragen mehr hast.
__________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook .......... |
|
23.06.2016, 21:25
| #15 |
| | Windows Defender hat Software zur Browser Veränderung gefunden.... Hi Vielen dank für die Hilfe! Echt super das es euch gibt! Eine Frage hätte ich noch! DelFix hat sich zwangsweise nur als Admin starten lassen und sich unter dem Admin account ausgeführt. Die Programme hatte ich aber als normaler User geladen ( eben der account mit dem ich ins Internet gehe). Danach waren auf der Chrome Installation des Admin accounts alle Lesezeichen weg.... Auf dem Desktop des User accounts waren aber nach wie vor alle .exe datein die wir im laufe dieses Threads genutzt haben plus logfiles vorhande. Ich habe diese jetzt händisch gelöscht. Gibt es sonst noch etwas zu tun um den PC final zu bereinigen? Ist es normal das Eset keinen Startmenu eintrag hat? Verstehe ich das richtig das Drive SnapShot ein komplettes Systemabbild erstellen kann mit dem ich im Notfall meine Windows installation sichere? Welchen vor oder nachteil hat das Programm verglichen mit der Windows eigenen Lösung? Gruß |
|
| Themen zu Windows Defender hat Software zur Browser Veränderung gefunden.... |
| arbeit, bilder, bildern, browser, datei, defender, einfach, eingefangen, einsatz, files, folge, folgendes, forum, löschen, namen, ordner, quelle, relativ, seite, sichere, software, startseite, verwendet, virus, windows |
Defender zu benutzen. Solltest du noch Windows 7 verwenden, verwende als kostenlose Lösung die 
Microsoft Security Essentials. 
Linear-Darstellung
