Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win8.1 64bit / SysWow64: Adware oder Virus? (https://www.trojaner-board.de/172412-win8-1-64bit-syswow64-adware-virus.html)

MrXxx 26.10.2015 07:29
Win8.1 64bit / SysWow64: Adware oder Virus?
 
Hi,
irgendwie habens meine beiden PCs in letzter Zeit in sich:
Gestern der übliche Adware Scan meines Laptops mit dem ich auch Online-Banking mache und raus kam bei JRT, dass sich zwei schädliche Dateien im Ordner SysWow64 verstecken mit der Endung tmp. Hab leider das Log beim zweiten Scannen durch JRT überschrieben (...ohne Worte).

Hier die Logs, Gmer folgt noch im zweiten Post.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:24 on 26/10/2015 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
durchgeführt von ***** (Administrator) auf BENE-LAPTOP (26-10-2015 07:25:19)
Gestartet von C:\Users\*****\Desktop
Geladene Profile: ***** (Verfügbare Profile: *****)
Platform: Windows 8.1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe
() C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe
(Cambridge Silicon Radio Limited) C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe
() C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-23] (Realtek Semiconductor)
HKLM\...\Run: [CsrHCRPServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe [1134288 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrAudioguiCtrl] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe [511696 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CsrSyncMLServer] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe [244944 2012-03-22] ()
HKLM\...\Run: [vksts] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [25792 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [39128 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [CSRHarmonySkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe [146656 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [529616 2012-03-22] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-04-15] (Intel Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [855768 2015-02-12] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe [907144 2015-02-03] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\Run: [SecureBanking] => C:\Program Files (x86)\Machinecode Technologies\Secure Banking\SecureBanking.exe
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\MountPoints2: {675148c1-759d-11e3-be90-3c0771733ed8} - "D:\autorun.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-12-13] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  Keine Datei
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-02-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4FB7096D-F2CF-477B-BB47-5F390F6150AA}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{910F0513-BDC5-4471-80C1-58B36AADF65E}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com/?pc=SEJB
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM -> {2BFF1616-0464-4032-9E26-03633AC36B96} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3654942749-2469333359-1553951443-1002 -> {2BFF1616-0464-4032-9E26-03633AC36B96} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3654942749-2469333359-1553951443-1002 -> {62A4A403-9F15-43EA-8646-C294E32A98B7} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-25] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-25] (Oracle Corporation)
Toolbar: HKLM - Kein Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Keine Datei
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-10-20] (AO Kaspersky Lab)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcur0jbp.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Keine Datei]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-12-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-12-19] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-3654942749-2469333359-1553951443-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2013-04-15] (Intel)
FF Plugin HKU\S-1-5-21-3654942749-2469333359-1553951443-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll [2013-04-15] (Intel)
FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcur0jbp.default\searchplugins\websuche.xml [2015-06-27]
FF Extension: NoScript - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcur0jbp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-10-25]
FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\hcur0jbp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-10-20] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nicht gefunden

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-09-05] (Kaspersky Lab ZAO)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-12] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-12] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-12] (BlueStack Systems, Inc.)
R2 BtSwitcherService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe [64216 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CSRBtAudioService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe [465624 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtOBEX-Dienst; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [1041616 2012-03-22] (Cambridge Silicon Radio Limited)
R2 CsrBtService; C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [825032 2012-03-22] (Cambridge Silicon Radio Limited)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-19] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] ()
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-10-10] (Sony Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-23] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-08] (AO Kaspersky Lab)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-07-24] (The OpenVPN Project)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-12] (BlueStack Systems)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-05] (Kaspersky Lab ZAO)
S3 CsrBtPort; C:\Windows\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrpan; C:\Windows\system32\DRIVERS\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrserial; C:\Windows\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Limited)
S3 csr_bthav; C:\Windows\system32\drivers\csrbthav.sys [99520 2012-03-22] (Cambridge Silicon Radio Limited)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-09-27] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2013-11-28] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-10-20] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-10-20] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [925064 2015-10-20] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-09-26] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-10-20] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3482600 2014-11-06] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-08-30] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-12-19] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [29352 2015-10-11] ()
S3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-08-29] ()
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-26 07:25 - 2015-10-26 07:25 - 00031475 _____ C:\Users\*****\Desktop\FRST.txt
2015-10-26 07:25 - 2015-10-26 07:25 - 00000000 ____D C:\FRST
2015-10-26 07:24 - 2015-10-26 07:24 - 00380416 _____ C:\Users\*****\Desktop\of3gspmf.exe
2015-10-26 07:24 - 2015-10-26 07:24 - 00000478 _____ C:\Users\*****\Desktop\defogger_disable.log
2015-10-26 07:24 - 2015-10-26 07:24 - 00000000 _____ C:\Users\*****\defogger_reenable
2015-10-26 07:23 - 2015-10-26 07:23 - 02197504 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2015-10-26 07:23 - 2015-10-26 07:23 - 00050477 _____ C:\Users\*****\Desktop\Defogger.exe
2015-10-25 22:58 - 2015-10-25 22:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-10-25 22:55 - 2015-10-25 22:55 - 00000597 _____ C:\Users\*****\Desktop\JRT.txt
2015-10-25 22:15 - 2015-10-25 22:15 - 01798976 _____ (Malwarebytes) C:\Users\*****\Desktop\JRT.exe
2015-10-25 22:15 - 2015-10-25 22:15 - 01691648 _____ C:\Users\*****\Desktop\AdwCleaner_5.014.exe
2015-10-25 22:14 - 2015-10-25 22:14 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\*****\Desktop\tdsskiller.exe
2015-10-25 22:11 - 2015-10-25 22:11 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-10-25 22:10 - 2015-10-25 22:10 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2015-10-25 22:10 - 2015-10-25 22:10 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2015-10-25 22:10 - 2015-10-25 22:10 - 00000000 ____D C:\Program Files\Java
2015-10-25 22:10 - 2015-10-25 22:10 - 00000000 _____ C:\WINDOWS\system32\REN2AE6.tmp
2015-10-25 22:09 - 2015-10-25 22:09 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-19 13:28 - 2015-10-25 21:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 09:06 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-15 09:06 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-15 09:06 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-15 09:06 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-15 09:06 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-15 09:06 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-15 09:06 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 21:15 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 21:15 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 21:15 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 21:15 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 21:15 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 21:15 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 21:15 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 21:15 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 21:15 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 21:15 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-14 17:15 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 17:15 - 2015-09-29 13:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 17:15 - 2015-09-29 13:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 17:15 - 2015-09-29 13:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 17:15 - 2015-09-29 13:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 17:15 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 17:15 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 17:15 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 17:15 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 17:15 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 17:15 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 17:15 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 17:15 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 17:14 - 2015-09-29 13:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 17:14 - 2015-09-28 19:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 17:14 - 2015-09-28 19:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 17:14 - 2015-09-28 19:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 17:14 - 2015-09-28 19:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 17:14 - 2015-09-28 19:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 17:14 - 2015-09-28 19:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 17:14 - 2015-09-28 19:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 17:14 - 2015-09-28 19:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 17:14 - 2015-09-28 19:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 17:14 - 2015-09-28 19:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 17:14 - 2015-09-28 19:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 17:14 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 17:14 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 17:14 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 17:14 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 17:14 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 17:14 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 17:14 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 17:14 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 17:14 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 17:14 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 17:14 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 17:14 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 17:14 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 17:14 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 17:14 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 17:14 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 17:14 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 17:14 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 17:14 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 17:14 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 17:14 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 17:14 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 17:14 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 17:14 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 17:14 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 17:14 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 17:14 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 17:14 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 17:14 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 17:14 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 17:14 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 17:14 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 17:14 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 17:14 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 17:14 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 17:14 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 17:14 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-11 21:18 - 2015-10-11 21:18 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-11 21:17 - 2015-10-11 21:17 - 02870984 _____ (ESET) C:\Users\*****\Desktop\esetsmartinstaller_deu.exe
2015-10-11 18:13 - 2015-10-11 18:13 - 00003142 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC
2015-10-11 18:13 - 2015-10-11 18:13 - 00002020 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care (Desktop).lnk
2015-10-11 18:13 - 2015-10-11 18:13 - 00001952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
2015-10-11 18:13 - 2015-10-11 18:13 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
2015-10-11 18:13 - 2015-10-11 18:12 - 00029352 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2015-10-11 18:13 - 2015-10-11 18:12 - 00010324 _____ C:\WINDOWS\system32\Drivers\semav6msr64.cat
2015-10-09 12:23 - 2015-10-09 12:23 - 00001302 _____ C:\Users\*****\Desktop\PC Inspector File Recovery.lnk
2015-10-09 12:23 - 2015-10-09 12:23 - 00000000 ____D C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2015-10-09 12:23 - 2015-10-09 12:23 - 00000000 ____D C:\Program Files (x86)\Convar
2015-10-03 00:31 - 2015-10-03 00:31 - 11526794 _____ C:\Users\*****\Desktop\18121.mp4
2015-10-01 14:26 - 2015-10-01 14:26 - 00074249 _____ C:\Users\*****\Desktop\CBS log.zip
2015-10-01 14:26 - 2015-09-30 15:45 - 01571136 _____ C:\Users\*****\Desktop\CBS.log
2015-09-27 13:44 - 2015-09-27 13:44 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2015-09-27 00:17 - 2015-09-27 00:38 - 00000000 ____D C:\Users\*****\Desktop\ball gute
2015-09-27 00:14 - 2015-09-27 00:50 - 00000000 ____D C:\Users\*****\Desktop\Ordner Ball

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-10-26 07:24 - 2013-12-25 00:34 - 00000000 ____D C:\Users\*****
2015-10-26 07:21 - 2013-12-24 22:24 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3654942749-2469333359-1553951443-1002
2015-10-26 07:19 - 2013-12-25 00:53 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{13A65222-6059-41F8-9D0D-ECF4FFDE9549}
2015-10-26 07:16 - 2015-09-05 12:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-10-26 07:16 - 2015-03-04 14:53 - 00121929 _____ C:\WINDOWS\setupact.log
2015-10-26 07:16 - 2013-12-25 00:45 - 00000000 __RDO C:\Users\*****\SkyDrive
2015-10-26 07:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-25 23:03 - 2013-11-14 08:27 - 01776918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-25 23:03 - 2013-11-14 08:11 - 00765582 _____ C:\WINDOWS\system32\perfh007.dat
2015-10-25 23:03 - 2013-11-14 08:11 - 00159366 _____ C:\WINDOWS\system32\perfc007.dat
2015-10-25 23:01 - 2014-04-06 12:00 - 02053774 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-25 22:58 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-25 22:49 - 2015-06-16 19:38 - 00000000 ____D C:\AdwCleaner
2015-10-25 22:32 - 2015-05-21 18:04 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-25 22:20 - 2013-12-29 03:11 - 00000000 ____D C:\Program Files\Adobe
2015-10-25 22:11 - 2015-03-12 11:11 - 00011297 _____ C:\WINDOWS\SecuniaPackage.log
2015-10-25 22:11 - 2013-12-26 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-25 22:09 - 2013-12-26 04:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-25 22:09 - 2013-12-24 22:13 - 00000000 ____D C:\Users\*****\AppData\Roaming\Adobe
2015-10-25 22:08 - 2013-12-09 14:34 - 00000000 ____D C:\ProgramData\Adobe
2015-10-25 22:07 - 2014-06-19 08:38 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2015-10-25 22:06 - 2013-12-29 03:17 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-10-25 21:58 - 2015-03-04 14:52 - 00519692 _____ C:\WINDOWS\PFRO.log
2015-10-25 21:58 - 2013-12-24 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-25 21:58 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-24 09:39 - 2014-01-06 16:15 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2015-10-22 21:19 - 2014-01-05 23:31 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2015-10-20 15:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-20 11:46 - 2015-09-05 12:42 - 00925064 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-10-20 11:46 - 2015-09-05 12:42 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2015-10-20 11:46 - 2015-06-26 22:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-10-20 11:45 - 2015-07-04 01:18 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-10-20 11:41 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-17 10:32 - 2015-05-21 18:04 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-17 10:17 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-16 23:36 - 2013-12-26 04:04 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-16 05:51 - 2013-08-22 16:38 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 05:51 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 20:23 - 2014-12-18 20:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 20:23 - 2014-07-13 15:04 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-15 13:29 - 2014-06-19 09:20 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-15 08:56 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-15 08:53 - 2013-12-24 23:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-15 08:49 - 2013-12-24 23:08 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-14 17:05 - 2015-04-15 21:35 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-13 14:03 - 2015-01-07 18:47 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-13 14:02 - 2015-04-15 21:35 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-10-11 18:14 - 2013-12-24 22:25 - 00000000 ____D C:\Update
2015-10-11 18:13 - 2013-12-09 14:27 - 00000000 ____D C:\Program Files (x86)\Sony
2015-10-11 18:13 - 2013-12-09 13:52 - 00000000 ____D C:\Program Files\Sony
2015-09-27 15:03 - 2015-09-23 23:50 - 177783576 _____ C:\Users\*****\Desktop\Log Dateien.zip
2015-09-27 13:44 - 2013-12-09 14:27 - 00000000 ____D C:\WINDOWS\System32\Tasks\Sony Corporation
2015-09-27 13:44 - 2013-12-09 14:26 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-09-27 13:44 - 2013-12-09 14:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-26 10:20 - 2015-06-08 18:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-09-26 10:20 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-25 11:00 - 2014-07-25 11:00 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2014-01-09 19:21 - 2014-11-25 18:47 - 0000132 _____ () C:\Users\*****\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2015-02-18 22:21 - 2015-02-18 22:21 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
2013-12-25 00:32 - 2013-12-25 00:32 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\*****\AppData\Local\Temp\OpenOffice_4.1.1_Win_x86_install_de.exe
C:\Users\*****\AppData\Local\Temp\Quarantine.exe
C:\Users\*****\AppData\Local\Temp\SandboxieInstall.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-10-18 14:47

==================== Ende von FRST.txt ============================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
durchgeführt von ***** (2015-10-26 07:25:54)
Gestartet von C:\Users\*****\Desktop
Windows 8.1 (X64) (2013-12-24 23:44:00)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3654942749-2469333359-1553951443-500 - Administrator - Disabled)
***** (S-1-5-21-3654942749-2469333359-1553951443-1002 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-3654942749-2469333359-1553951443-501 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.3.0.322 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.3.0 - Adobe Systems Incorporated)
Age of Empires II - The Conquerors - 1.0e Patch FINAL (HKLM-x32\...\Age of Empires II - The Conquerors - 1.0e Patch FINAL_is1) (Version: 1.0e - tOrMeNtIuM/m0d)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Amazon Kindle (HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\Amazon Kindle) (Version:  - Amazon)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.13.5006 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{AFB3E440-3705-45C5-9D00-C26A2F3A3D5C}) (Version: 0.9.13.5006 - BlueStack Systems, Inc.)
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.1.6.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
ChrisPC Win Experience Index 1.05 (HKLM-x32\...\{1116089C-14B5-1A23-8113-6124567ABCDE}_is1) (Version:  - Chris P.C. srl)
Corel Painter 12 - IPM (Version: 12.4 - Corel Corporation) Hidden
Corel Painter 12 (HKLM\...\_{08A8CCEA-36DC-4634-AAAA-79463D644C0E}) (Version: 12.0.1.914 - Corel Corporation)
CSR Harmony Wireless Software Stack (HKLM\...\{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}) (Version: 2.1.63.0 - CSR Plc.)
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FotoPremio Gestaltungssoftware (HKLM-x32\...\{159618E2-96F1-4DD2-ADCE-B94BA7989DE7}}_is1) (Version: 3.5.9.0 - Foto Online Service GmbH)
GameRanger (HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\GameRanger) (Version:  - GameRanger Technologies)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 43953) (Version: 3.9.0.43953.7 - Intel)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1015 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{90621A56-901E-417D-A8CB-E8E3A6793C29}) (Version: 4.1.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c78a13fd-4324-4ddb-a613-746d2461441d}) (Version: 17.13.1 - Intel Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 de)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MusicBee 2.2 (HKLM-x32\...\MusicBee) (Version: 2.2 - Steven Mayall)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
NXPProximityInstaller (HKLM-x32\...\NXPProximityInstaller) (Version: 6.5.2.0 - NXP Semiconductors)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Painter 12 - Content (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Core (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Corex64 (Version: 12.1.1 - Corel Corporation) Hidden
Painter 12 - DE (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - EN (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - FR (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - IT (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Setup Files (Version: 12.1.1 - Corel Corporation) Hidden
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Pixum Fotobuch (HKLM-x32\...\Pixum Fotobuch) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SSDlife Free (HKLM-x32\...\{01005A18-DD20-4D81-9AB3-E2B870FE491F}) (Version: 2.3.54 - BinarySense Inc.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
StarMoney (x32 Version: 4.0.7.94 - StarFinanz) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{036400BD-B717-4D50-ACDC-96480C99EDD3}) (Version: 8.4.4.09186 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.3.8.13060 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.4.4.07220 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Touch Search (HKLM\...\{F792DDDD-71C8-419E-AE05-46B0CDB1BEC8}) (Version: 1.1.0.1511 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3654942749-2469333359-1553951443-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-3654942749-2469333359-1553951443-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

==================== Wiederherstellungspunkte =========================

27-09-2015 13:43:36 Entfernt VAIO Update
09-10-2015 15:22:16 Geplanter Prüfpunkt
11-10-2015 18:13:13 Entfernt VAIO Easy Connect
14-10-2015 19:02:17 Windows Update
20-10-2015 11:41:14 Windows Update
25-10-2015 22:21:54 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-10-25 22:48 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {11C486F7-2341-4635-9F48-13E266AFC7DB} - System32\Tasks\Sony Corporation\VAIO Care\DeployVAIOManual => %ProgramData%\Sony Corporation\VAIO Care\VAIOUserGuideUpdate.exe
Task: {1996377D-F8FA-48ED-AB04-985E0FC2CF2E} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-23] (Sony Corporation)
Task: {24318F6B-3D56-4583-A134-A5D7FF497B8D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {2811A154-120E-473E-AE3D-C36EEAF84103} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-07-26] (Sony Corporation)
Task: {2E08F4B4-7042-4622-9EF0-8EEAF138526B} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {3F0819B7-3E4B-4EBD-9ED2-02AACFF6B6F4} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {41AB756D-8FFB-4C8C-8F75-19018005C477} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {4C1E65C6-43EF-4402-A22F-FC75B27ACB24} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {4F39EDCC-5614-4140-86F5-56146FBEE597} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {5A05ED04-4A4C-4172-AEEF-81C19C413F78} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {5D350E8E-E007-4752-9DC7-F6C3B6D0318D} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {5F6B745F-E4B0-4DC9-AE0B-9CC86EEC562F} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {6698C7D1-8AA7-434B-8983-1A866489D6B3} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {687B0779-40E9-4507-A962-CF31148416A2} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {696CED0E-4FCA-4846-8BE2-63F0C419D3EC} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIO Capture\VAIO Clip => C:\Program Files (x86)\Sony\VAIO Control Center\VAIO Clip.exe [2013-07-26] (Sony Corporation)
Task: {79E6B753-401B-486B-A01F-B108B65E6F8A} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {7EB238F9-5260-420E-9C6F-8A963C0C9BBC} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-07-26] (Sony Corporation)
Task: {90A45870-7463-464C-8769-2F6573993B59} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {912862F4-68AC-46EE-AC25-7B7171CC64ED} - System32\Tasks\{7F51232E-FEA8-4C93-8E2F-7206E50391DF} => pcalua.exe -a "C:\Program Files (x86)\JoWooD\SpellForce\SpellForce.exe" -d C:\PROGRA~2\JoWooD\SPELLF~1
Task: {934485BC-DA8A-4F29-90A4-864CA439A0F8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-15] (Microsoft Corporation)
Task: {A25C80C1-3F26-4C41-AFAF-95B7F743D98B} - System32\Tasks\{CBECC929-B36B-46FE-8C53-6B0631DA9A69} => pcalua.exe -a "C:\Program Files (x86)\StarCraft II\StarCraft II.exe" -d "C:\Program Files (x86)\StarCraft II"
Task: {AE70E917-60E0-4008-9733-2ED64018315C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {B1045CA4-8E66-4202-9FD1-002BFB618CBC} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: {BA2CAC9C-AABE-496F-B037-433FCD02AC51} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {CD477B39-45AD-4DEA-BD5A-F5D03A69FF85} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {D03134CF-316A-4271-AA2E-DCF9B38D85D2} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {E00EE8A7-3402-4C1A-BDBD-1273C9DD1B6B} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {E23B84CC-FA20-4392-BA26-32C16EDCC1AD} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {F63EA839-6B98-4548-85CE-840C0D1153DB} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-07-26] (Sony Corporation)
Task: {F6CC748B-17B8-4F8B-9626-3C9FA1C01208} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-07-26] (Sony Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-08-26 12:11 - 2015-08-26 12:11 - 00413336 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
2015-08-26 12:11 - 2015-08-26 12:11 - 00709272 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_modeler.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00130712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_process_input.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00025752 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_system_power_state_input.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00059544 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_quality_and_reliability_input.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00194712 _____ () C:\Program Files\Sony\VAIO Care\ESRV\acpi_battery_input.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00159896 _____ () C:\Program Files\Sony\VAIO Care\ESRV\sema_thermal_input.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00158360 _____ () C:\Program Files\Sony\VAIO Care\ESRV\wifi_input.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00050840 _____ () C:\Program Files\Sony\VAIO Care\ESRV\devices_use_input.dll
2015-08-26 12:11 - 2015-08-26 12:11 - 00032920 _____ () C:\Program Files\Sony\VAIO Care\ESRV\intel_disktrace_input.dll
2015-09-18 08:58 - 2015-09-18 08:58 - 00244888 _____ () C:\Program Files\Sony\VAIO Care\analyzer.dll
2013-09-05 02:36 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-01-25 03:31 - 2013-12-19 19:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-13 12:20 - 2013-12-13 12:20 - 03359600 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-03-22 21:11 - 2012-03-22 21:11 - 00244944 _____ () C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe
2015-08-26 12:11 - 2015-08-26 12:11 - 00458904 _____ () C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
2015-08-26 12:11 - 2015-08-26 12:11 - 00185496 _____ () C:\Program Files\Sony\VAIO Care\ESRV\foreground_window_input.dll
2015-03-04 16:11 - 2015-03-04 16:11 - 01782784 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\3f4dc590466037f015f65bc07d1ea923\Windows.ApplicationModel.ni.dll
2014-10-27 01:57 - 2014-10-27 01:57 - 00632320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\c7f6d022c5d5aec4891cb6b3b9934336\Windows.Security.ni.dll
2014-10-27 01:57 - 2014-10-27 01:57 - 01278464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\f9ac074d298db459c5eff6d3256861c8\Windows.Storage.ni.dll
2014-10-27 01:57 - 2014-10-27 01:57 - 00207872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\a4efa88b742703220e527956d8ab4e84\Windows.System.ni.dll
2015-03-04 16:10 - 2015-03-04 16:10 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-10-27 01:57 - 2014-10-27 01:57 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2015-07-08 22:18 - 2015-07-08 22:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2014-01-07 14:38 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-29 05:39 - 2013-09-19 09:31 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-25 03:34 - 2013-12-19 21:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-02-04 16:29 - 2015-02-04 16:29 - 00347136 _____ () C:\Program Files\Sony\VAIO Care\Iolo\vosges.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\Pictures\clear_beach_sky-wide.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Andy"
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3654942749-2469333359-1553951443-1002\...\StartupApproved\Run: => "SecureBanking"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7D802054-6523-4965-93EB-F58F23A73BCE}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{980ACC21-C20B-4CD5-8969-805521D7C5A7}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A317DBB8-E40A-4005-AEF1-D0B9BBD65BE6}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EA7740AB-5A26-4985-A667-47B0826806EE}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{8DAF9710-2D70-45FC-B14F-6FA5F083A230}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{42C52E2A-D740-4E43-8C71-9C0B60C6AAC5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BC8ADF45-5E1B-4B09-B4BD-0E1E6EBF7B54}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{77D14E96-9225-4F22-B459-2E83CACDB7F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{7149160B-5714-4FA0-8C78-983F2AC6C1A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{B4507720-B8CE-4412-BC4F-1A32E7EE88FB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{C307AD2B-235A-4A97-B477-007643EA575A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{5EA28053-623D-4B25-8FBC-DE8F5DFD7173}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{EA075CE0-C352-4BC8-8358-545B2220BDA9}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [UDP Query User{C6FA6F2E-C5C2-4453-A48B-07AAA10860A5}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{5081F568-9F18-4F96-B7AB-098D96D69501}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{DA6AAE31-6FC5-486B-85D4-A0FF6AAB25A0}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{1FBDDFC2-B547-4560-8EA3-258716721D66}] => (Allow) LPort=7935
FirewallRules: [{9B072C11-E0DB-4795-B4CB-76CA785F4AAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2C39DD53-A91B-4F3E-8B78-A34CE91BF6BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6A95B9E8-DB93-4AC1-8365-6DD5F5791AC3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2EE204F1-878F-4CFE-9746-27E177707239}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6331E848-83D9-458F-856A-100845F6A5F8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8E398D8A-A07D-401D-B889-94F86A0E2983}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{CDB3BAF9-ACA1-476B-8889-6ACDCFDE58E8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BC19B6CB-F91A-44C0-8D17-90EA1936868A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D08E9F62-F0F2-496F-9DB0-A8A5EC39FC27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8BA0603B-D6C3-4290-84BA-8C5D3A07D717}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{6E93BEDF-2515-46B3-A04C-5F37009ACCDA}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [UDP Query User{D7BDD179-B081-46DD-845A-A864401B1C78}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [{6388C248-5341-403E-8664-C69929C96955}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{74A9671E-0D0C-44EC-9C67-EFD74ED74660}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{D9476801-EE7F-4CA5-AE01-5EADED1768C3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B15DD18B-F981-4FCE-95B6-F8E1B624173D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{0AD93610-9A56-4A4A-9266-247BA6F41378}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2BE23D80-CBF9-4183-A2ED-70F46C2B29ED}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0BE75289-A54F-47FF-850E-21ADF2F9B6CE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{698A6EC9-384D-4930-AFBB-F4286D15E8B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{222E97A5-419B-4AAD-88F5-03993A9C12D6}C:\users\*****\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\*****\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{773E0F50-CF7E-496E-93F0-4FC161943629}C:\users\*****\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\*****\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [TCP Query User{8CA44F5D-EA7F-4DC9-A505-56CE3B35E781}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{812377CC-09AD-4F31-A87D-098968726CC8}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{3AA748D5-7613-4A36-8345-49D4B98F6F4F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A3927EF1-3A09-4DCA-8730-4F0BBA122472}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{738F3D99-CF89-4364-9443-1D0E6A343ED9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DEB10D54-89C2-4902-9331-7A9F6A4F0A6E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D72A503D-9B4D-4D6D-BCA0-68B72A4BF290}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{58FEA869-C03D-4FEA-AE9E-ABA4E56B7135}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BA5A0C9E-F513-4887-9A76-625C51AE1312}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4078EE63-104A-457C-B863-8E2BB519C8A2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5CC08DC4-2CA0-4A09-ACE8-8A96B4663E74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E62D2583-ECEB-4ED1-9671-F3027744E3FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{81AF10B6-6170-4BD2-83E0-3A0337DEB97A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7F412D0-FF60-4AFB-9114-2906E65E1D0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0E8FFA7D-C982-4E0A-9625-E02D29F0F576}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{92571B79-DB59-47B1-9AFC-39B030CC7B5F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4061E69F-2E5F-4881-B76E-E76C32DB10F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9CD05140-D93F-4F62-ABE2-B0103E62B7DF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{45C78CA0-D623-400D-94F3-22435966CB59}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BDF08A11-A8AF-425B-A092-35041B788B56}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{616805ED-15C0-4119-B436-B069B626FF7E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E24AE355-A603-4358-BD2F-C40AC960702C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A9243F8-1763-413B-94AB-243E2E9A2A50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C584B1D4-1123-4A9B-B2F2-92661B039252}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E2A5FB3D-46E6-4449-B595-4E51E0941565}] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{06D65929-C099-4136-8B19-7AF44BFFC7B5}] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{5D0AA298-B067-462C-838D-20FF12914B30}] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [{F9EA65FA-7298-43FB-A11C-DC91F5425F8A}] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe
FirewallRules: [TCP Query User{C900BD3E-D157-4D6A-BEBA-D01B88EB1F02}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{C8DB6BFC-07B6-4903-B734-4CC694EE5D80}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{F1F5CD56-D272-4E27-AC21-17C3B9FB3683}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [UDP Query User{5C9DD565-33C9-4FE8-BF7A-42F1D2ED0448}C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{E28A2A2D-C516-4055-90AE-DB4434053FF7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FD2A05D0-B19C-48BD-8D14-D9D708B913A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{66781E34-E6E7-43CE-AD5A-0150BCDB8828}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F6746961-3C5F-4872-9922-578D54D2F893}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{912CECDE-84E2-48B1-AC00-2865BC7BE190}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F0580F28-4B38-4DA6-90D3-BD30ABC48647}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{2761773F-5B76-4F0E-B4DB-7755102B2E59}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{C29CBF9D-27D4-4E96-8FD0-DB9B84161415}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{CF0704C1-EAA7-4A7B-9B00-9FFE24D20682}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (10/25/2015 11:10:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Name des fehlerhaften Moduls: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006f58
ID des fehlerhaften Prozesses: 0x820
Startzeit der fehlerhaften Anwendung: 0xCsrBtOBEXService.exe0
Pfad der fehlerhaften Anwendung: CsrBtOBEXService.exe1
Pfad des fehlerhaften Moduls: CsrBtOBEXService.exe2
Berichtskennung: CsrBtOBEXService.exe3
Vollständiger Name des fehlerhaften Pakets: CsrBtOBEXService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CsrBtOBEXService.exe5

Error: (10/25/2015 11:10:24 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (10/25/2015 11:09:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (10/25/2015 10:58:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: nvxdsync.exe, Version: 8.17.13.3221, Zeitstempel: 0x52b32dce
Name des fehlerhaften Moduls: nvxdsync.exe, Version: 8.17.13.3221, Zeitstempel: 0x52b32dce
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001d067
ID des fehlerhaften Prozesses: 0x3d8
Startzeit der fehlerhaften Anwendung: 0xnvxdsync.exe0
Pfad der fehlerhaften Anwendung: nvxdsync.exe1
Pfad des fehlerhaften Moduls: nvxdsync.exe2
Berichtskennung: nvxdsync.exe3
Vollständiger Name des fehlerhaften Pakets: nvxdsync.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvxdsync.exe5

Error: (10/25/2015 10:58:24 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (10/25/2015 10:35:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Name des fehlerhaften Moduls: CsrBtOBEXService.exe, Version: 2.1.63.0, Zeitstempel: 0x4f68683b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000006f58
ID des fehlerhaften Prozesses: 0x2af8
Startzeit der fehlerhaften Anwendung: 0xCsrBtOBEXService.exe0
Pfad der fehlerhaften Anwendung: CsrBtOBEXService.exe1
Pfad des fehlerhaften Moduls: CsrBtOBEXService.exe2
Berichtskennung: CsrBtOBEXService.exe3
Vollständiger Name des fehlerhaften Pakets: CsrBtOBEXService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CsrBtOBEXService.exe5

Error: (10/25/2015 10:21:02 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (10/25/2015 10:14:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 41.0.2.5765, Zeitstempel: 0x561ef9f1
Name des fehlerhaften Moduls: mozglue.dll, Version: 41.0.2.5765, Zeitstempel: 0x561ee53f
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ec91
ID des fehlerhaften Prozesses: 0xcd8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (10/25/2015 10:03:10 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (10/25/2015 09:58:36 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
  bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
  bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


Systemfehler:
=============
Error: (10/25/2015 11:10:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CSR OBEX-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (10/25/2015 10:58:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064

Error: (10/25/2015 10:57:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/25/2015 10:57:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/25/2015 10:57:58 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {B3E53F1A-1C31-4A43-A66D-321FA322BCE7}

Error: (10/25/2015 10:57:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024001e fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602 (Definition 1.209.461.0)

Error: (10/25/2015 10:57:57 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/25/2015 10:50:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BrYNSvc" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (10/25/2015 10:50:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CSR OBEX-Dienst" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (10/25/2015 10:50:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CSR Bluetooth Audio-Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-09-05 13:46:47.951
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-05 13:46:47.406
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-05 13:46:46.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-05 13:46:45.869
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 8087.8 MB
Verfügbarer physikalischer RAM: 5296.33 MB
Summe virtueller Speicher: 9367.8 MB
Verfügbarer virtueller Speicher: 6351.96 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:201.27 GB) (Free:90.62 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 1B9A29CC)

Partition: GPT.

==================== Ende von Addition.txt ============================

MrXxx 26.10.2015 07:41
Hab doch noch Gmer geschafft - dabei wurden mir 2 Fehlermeldungen angezeigt.
1) C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird
2) C:\Users\*****\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-10-26 07:37:06
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f SAMSUNG_MZNTD256HAGL-00000 rev.DXT2300Q 238,47GB
Running: of3gspmf.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwlyypow.sys


---- User code sections - GMER 2.1 ----

.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                                                      00007ffc26b73e10 7 bytes JMP 00007ffd264502d0
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                                                              00007ffc26b73e20 7 bytes JMP 00007ffd26450308
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                                                                00007ffc26c239b0 7 bytes JMP 00007ffd264503b0
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                                                              00007ffc26c23ef0 7 bytes JMP 00007ffd26450340
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                                                                00007ffc26c23fe0 7 bytes JMP 00007ffd26450378
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                                                      00007ffc26c506c0 7 bytes JMP 00007ffd26450228
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                                                        00007ffc26c50730 7 bytes JMP 00007ffd26450298
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW                                                                                      00007ffc26c50760 7 bytes JMP 00007ffd26450260
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                                                00007ffc264621d0 5 bytes JMP 00007ffd26450180
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                                                            00007ffc264629d0 7 bytes JMP 00007ffd264500d8
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                          00007ffc26464310 5 bytes JMP 00007ffd26450110
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                                                              00007ffc26468900 5 bytes JMP 00007ffd26450148
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                                                00007ffc28a76d90 10 bytes JMP 00007ffd26450490
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                                                            00007ffc28a874a0 5 bytes JMP 00007ffd26450458
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                                      00007ffc28a87560 1 byte JMP 00007ffd264503e8
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2                                                                                  00007ffc28a87562 7 bytes {JMP 0xfffffffffd9c8e88}
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                                                            00007ffc28a96b10 5 bytes JMP 00007ffd26450420
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                        00007ffc27161500 8 bytes JMP 00007ffd264501b8
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                          00007ffc27161750 8 bytes JMP 00007ffd264501f0
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory                                                                                                00007ffc1f5a7750 5 bytes JMP 00007ffd1f5900d8
.text  C:\WINDOWS\System32\dwm.exe[4692] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1                                                                                                00007ffc1f5a8ee0 5 bytes JMP 00007ffd1f590110
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                      00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                          00007ffc28f64f3c 8 bytes [60, 6E, 45, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                      00007ffc28f65216 8 bytes [50, 6E, 45, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                            00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                      00007ffc28f657af 8 bytes [30, 6E, 45, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                              00007ffc28f65964 8 bytes [20, 6E, 45, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                        00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                            00007ffc28f65f5e 8 bytes [F0, 6D, 45, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                        00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                      00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                            00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                          00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                              00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                              00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                            00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                            00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                        00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                        00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                              00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                        00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                    00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[7448] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                              00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                  00007ffc28f64f3c 8 bytes [60, 6E, 07, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                              00007ffc28f65216 8 bytes [50, 6E, 07, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                    00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                              00007ffc28f657af 8 bytes [30, 6E, 07, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                      00007ffc28f65964 8 bytes [20, 6E, 07, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                    00007ffc28f65f5e 8 bytes [F0, 6D, 07, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                              00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                    00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                  00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                      00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                      00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                    00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                    00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                      00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                            00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                        00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1780] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                        00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                    00007ffc28f64f3c 8 bytes [60, 6E, 82, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                00007ffc28f65216 8 bytes [50, 6E, 82, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                      00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                00007ffc28f657af 8 bytes [30, 6E, 82, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                        00007ffc28f65964 8 bytes [20, 6E, 82, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                  00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                      00007ffc28f65f5e 8 bytes [F0, 6D, 82, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                  00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                      00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                    00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                        00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                        00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                      00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                      00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                  00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                  00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                        00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                  00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                              00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                          00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[7204] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                          00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                            00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                00007ffc28f64f3c 8 bytes [60, 6E, C6, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                            00007ffc28f65216 8 bytes [50, 6E, C6, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                  00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                            00007ffc28f657af 8 bytes [30, 6E, C6, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                    00007ffc28f65964 8 bytes [20, 6E, C6, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                              00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78  00007ffc28f65f5e 8 bytes [F0, 6D, C6, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                              00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                            00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                  00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                    00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                    00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                  00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                  00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                              00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                              00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                    00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                              00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                          00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                      00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe[980] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                      00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                    00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                        00007ffc28f64f3c 8 bytes [60, 6E, 1E, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                    00007ffc28f65216 8 bytes [50, 6E, 1E, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                          00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                    00007ffc28f657af 8 bytes [30, 6E, 1E, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                            00007ffc28f65964 8 bytes [20, 6E, 1E, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                      00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                          00007ffc28f65f5e 8 bytes [F0, 6D, 1E, 7E, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                      00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                    00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                          00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                        00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                            00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                            00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                          00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                          00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                      00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                      00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                            00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                      00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                  00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                              00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2096] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                              00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                    00007ffc28f64f3c 8 bytes [60, 6E, 21, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                00007ffc28f65216 8 bytes [50, 6E, 21, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                      00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                  00007ffc28f657af 8 bytes [30, 6E, 21, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                        00007ffc28f65964 8 bytes [20, 6E, 21, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                    00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                      00007ffc28f65f5e 8 bytes [F0, 6D, 21, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                    00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                  00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                        00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                      00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                          00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                          00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                        00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                        00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                    00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                    00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                          00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                    00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                            00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe[5660] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                          00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                              00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                  00007ffc28f64f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                              00007ffc28f65216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                    00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                00007ffc28f657af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                      00007ffc28f65964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                  00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                    00007ffc28f65f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                  00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                      00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                      00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                  00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                  00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                        00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                  00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                              00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                          00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[5716] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                        00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                    00007ffc28f64f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                00007ffc28f65216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                      00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                00007ffc28f657af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                        00007ffc28f65964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                  00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                      00007ffc28f65f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                  00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                      00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                    00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                        00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                        00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                      00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                  00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                  00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                        00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                  00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                              00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                          00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe[696] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                          00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                    00007ffc28f64f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                00007ffc28f65216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                      00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                  00007ffc28f657af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                        00007ffc28f65964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                    00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                      00007ffc28f65f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                    00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                  00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                        00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                      00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                          00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                          00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                        00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                    00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                    00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                          00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                    00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                            00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[668] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                          00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation                                                                  00007ffc26b73e10 7 bytes JMP 00007ffd264503b0
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW                                                                        00007ffc26b73e20 7 bytes JMP 00007ffd264503e8
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW                                                                          00007ffc26c239b0 7 bytes JMP 00007ffd26450490
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW                                                                          00007ffc26c23ef0 7 bytes JMP 00007ffd26450420
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA                                                                          00007ffc26c23fe0 7 bytes JMP 00007ffd26450458
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx                                                                  00007ffc26c506c0 7 bytes JMP 00007ffd26450308
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW                                                                    00007ffc26c50730 7 bytes JMP 00007ffd26450378
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleFileNameExW                                                                  00007ffc26c50760 7 bytes JMP 00007ffd26450340
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                                          00007ffc26ced050 7 bytes JMP 00007ffd26450228
.text  C:\Program Files\Sony\VAIO Care\VCSystemTray.exe[2204] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                                        00007ffc26d1b170 5 bytes JMP 00007ffd26450260
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation                                                                      00007ffc26b73e10 7 bytes JMP 00007ffd264503b0
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW                                                                              00007ffc26b73e20 7 bytes JMP 00007ffd264503e8
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW                                                                                00007ffc26c239b0 7 bytes JMP 00007ffd26450490
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW                                                                              00007ffc26c23ef0 7 bytes JMP 00007ffd26450420
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA                                                                                00007ffc26c23fe0 7 bytes JMP 00007ffd26450458
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx                                                                      00007ffc26c506c0 7 bytes JMP 00007ffd26450308
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW                                                                        00007ffc26c50730 7 bytes JMP 00007ffd26450378
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleFileNameExW                                                                      00007ffc26c50760 7 bytes JMP 00007ffd26450340
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                                                00007ffc264621d0 5 bytes JMP 00007ffd26450180
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                                            00007ffc264629d0 7 bytes JMP 00007ffd264500d8
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                                          00007ffc26464310 5 bytes JMP 00007ffd26450110
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                                              00007ffc26468900 5 bytes JMP 00007ffd26450148
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance                                                                              00007ffc26ced050 7 bytes JMP 00007ffd26450228
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket                                                                              00007ffc26d1b170 5 bytes JMP 00007ffd26450260
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                                                00007ffc28a76d90 10 bytes JMP 00007ffd26450570
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                                            00007ffc28a874a0 5 bytes JMP 00007ffd26450538
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                                      00007ffc28a87560 9 bytes JMP 00007ffd264504c8
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                                            00007ffc28a96b10 5 bytes JMP 00007ffd26450500
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                        00007ffc27161500 8 bytes JMP 00007ffd264501b8
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                          00007ffc27161750 8 bytes JMP 00007ffd264501f0
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex                                                                                00007ffc1b72ead0 5 bytes JMP 00007ffc264502d0
.text  C:\Program Files\Sony\VAIO Care\VCAdmin.exe[7660] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9                                                                                  00007ffc1b75eb90 6 bytes JMP 00007ffc26450298
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                        00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                            00007ffc28f64f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                        00007ffc28f65216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                              00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                        00007ffc28f657af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                00007ffc28f65964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                          00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                              00007ffc28f65f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                          00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                        00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                              00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                              00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                          00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                          00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                          00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                      00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                  00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\PROGRA~1\Sony\VAIOCA~1\Iolo\IOLOTO~1.EXE[3408] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                  00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlDecompressBuffer + 132                                                                            00007ffc28f64b14 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlPrefixString + 316                                                                                00007ffc28f64f3c 8 bytes [60, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocIoCompletion + 710                                                                            00007ffc28f65216 8 bytes [50, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitForWnfMetaNotification + 479                                                                  00007ffc28f6540f 8 bytes {JMP 0xffffffffffffffee}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUserThreadStart + 911                                                                              00007ffc28f657af 8 bytes [30, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!TpAllocWork + 420                                                                                    00007ffc28f65964 8 bytes [20, 6E, F8, 7F, 00, 00, 00, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlWaitOnAddress + 657                                                                                00007ffc28f65f01 8 bytes {JMP 0xffffffffffffff9e}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!RtlUnsubscribeWnfNotificationWaitForCompletion + 78                                                  00007ffc28f65f5e 8 bytes [F0, 6D, F8, 7F, 00, 00, 00, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                00007ffc28fe12a0 8 bytes {JMP QWORD [RIP-0x7baf7]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                              00007ffc28fe1420 8 bytes {JMP QWORD [RIP-0x7bac2]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                    00007ffc28fe1450 8 bytes {JMP QWORD [RIP-0x7c51a]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                  00007ffc28fe1570 8 bytes {JMP QWORD [RIP-0x7c167]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                      00007ffc28fe1620 8 bytes {JMP QWORD [RIP-0x7c410]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                      00007ffc28fe1ce0 8 bytes {JMP QWORD [RIP-0x7bd88]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                    00007ffc28fe1fe0 8 bytes {JMP QWORD [RIP-0x7c0e5]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                    00007ffc28fe2860 8 bytes {JMP QWORD [RIP-0x7cbfe]}
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\system32\wow64cpu.dll!CpuSetContext + 438                                                                                00000000773f13f6 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\system32\wow64cpu.dll!CpuGetContext + 387                                                                                00000000773f1583 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\system32\wow64cpu.dll!CpuSetInstructionPointer + 49                                                                      00000000773f1621 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\system32\wow64cpu.dll!CpuProcessInit + 68                                                                                00000000773f1674 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\system32\wow64cpu.dll!CpuGetStackPointer + 23                                                                            00000000773f16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 9                                                                        00000000773f16e9 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text  C:\Users\*****\Desktop\of3gspmf.exe[8104] C:\WINDOWS\system32\wow64cpu.dll!CpuNotifyAffinityChange + 71                                                                      00000000773f1727 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [8096:4116]                                                                                                                                        fffff9600082f2d0
Thread  C:\WINDOWS\Explorer.EXE [4892:3128]                                                                                                                                              00007ffc0d83e630
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [6472:4888]                                                                                                                                        0000000000f3a794
Thread  C:\WINDOWS\SYSTEM32\ntdll.dll [6472:7092]                                                                                                                                        0000000000f34980

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 26.10.2015 13:58
hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

MrXxx 26.10.2015 15:33
Code:
# AdwCleaner v5.014 - Bericht erstellt am 26/10/2015 um 15:30:04
# Aktualisiert am 18/10/2015 von Xplode
# Datenbank : 2015-10-26.2 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : ***** - *****-LAPTOP
# Gestartet von : C:\Users\Benedikt\Downloads\AdwCleaner_5.014.exe
# Option : Suchlauf
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [623 Bytes] ##########
Nichts gefunden, komisch ist aber, dass mein Laptop seit Kurzem sehr langsam ist...kann das ein Indiz auf eine versteckte Infektion sein und sollte ich mein Online-Banking-Account erstmal sperren lassen? Bin da etwas paranoid...Leider habe ich damals zu diesem PC keine CD bekommen, weiß also auch nicht, wie ich das System neuaufsetzten soll...

schrauber 27.10.2015 19:23
Ich sehe keine Infektion.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



http://support2.microsoft.com/kb/929135/de

Bitte einen Clean Boot machen. Wenn das Problem dann weg ist, einzeln wieder Dienste aktivieren, dazwischen immer einen Reboot machen. Solange bis Du weißt welcher Dienst die Probleme macht.

Diesen dann hier benennen.

MrXxx 29.10.2015 23:06
Hallo Schrauber,
den Log von Eset mach ich morgen fertig
hier die Log Datei vom Security Programm

Code:
Results of screen317's Security Check version 1.009 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender             
Kaspersky Internet Security 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.10004) 
 Java 8 Update 65 
 Java version 32-bit out of Date!
 Adobe Flash Player        19.0.0.226 
 Adobe Reader XI 
 Mozilla Firefox (41.0.2)
````````Process Check: objlist.exe by Laurent```````` 
 Kaspersky Lab Kaspersky Internet Security 16.0.0 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 16.0.0 avpui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
Ich habe noch eine Frage zu Spam-Mails:
Ich habe gerade in meinem Mailpostfach eine Mail gefunden, die direkt an meinen vollen Namen (also auch Nachname) adressiert war. Dachte es wäre was bezüglich Uni und dort drinnen stand was von 4000 Euro im Monat verdienen, wir suchen übers Internet(!) Bewerber blabla.
Schnell die Mail geschlossen und gelöscht. Seltsamer Weise habe ich keinen Link gesehen und auch keinen Anhang? Ich hoffe, ich habe mir jetzt nicht gerade doch noch einen Virus draufgezogen (hier auf dem Lappi) oder kommt die Maleware erst, wenn man dort Kontakt aufnimmt (Sonst macht die Mail ja keinen Sinn...so ohne Infektion)? Habe ein wenig Angst vor verstecken Plugins etc. in der Mail, die unsichtbar sind. Ein anschließender Malewarebytes Scan hat nichts gefunden, AdwCleaner und JRT auch nicht.

Bin etwas verwirrt, woher die meinen Namen haben, aber vielleicht ist der auch extrahiert aus meiner direkten E-Mail Adresse?

schrauber 30.10.2015 21:08
Das ist nur ne Spam Mail. Wenn man nicht auf den Link klickt passt das. Ist dein Vor-und Nachname zufällig in der Emailadresse enthalten? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19