Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TROJAN DNS Reply Sinkhole - Anubis -

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.09.2014, 09:03   #1
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Moin zusammen,

kann mir jemand bitte Infos zu diesem Trojaner und seiner Bekämpfung geben?

Danke bis denne

Gael

Alt 09.09.2014, 09:13   #2
schrauber
/// the machine
/// TB-Ausbilder
 

TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



hi,

wer findet den wo?

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.09.2014, 09:47   #3
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Moin,
danke für die schnelle Reaktion. Der Laptop einer Freundin meiner Tochter ist betroffen. Hier die Infos:

Betreff: Virusinfektion Zugangskennung EDU-7266804361 / Virusinfection
Login EDU-7266804361
Von: "Gigaspeedsurfer Essen-Duisburg Network Security"
<noreply@gigaspeedsurfer.de>

Weitere Daten zu dem Vorfall:

Schadsoftware: TROJAN DNS Reply Sinkhole - Anubis -

Rest ist im Anhang

bis denne gael
__________________
Angehängte Dateien
Dateityp: txt Addition.txt (52,9 KB, 192x aufgerufen)
Dateityp: txt FRST_09-09-2014_10-30-38.txt (57,9 KB, 187x aufgerufen)

Alt 10.09.2014, 07:34   #4
schrauber
/// the machine
/// TB-Ausbilder
 

TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.09.2014, 11:29   #5
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Moin,
danke für die präzisen Anweisungen:

[CODE]VAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Sandra at 2014-09-09 10:29:29
Running from C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WZXMHMP
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
ATI Catalyst Install Manager (HKLM\...\{8D1163BE-5ECD-0303-87F7-35ED38BBB2E1}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avira (HKLM-x32\...\{df495620-2ba9-412d-828d-b27f020d9fc8}) (Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.18.28431 - Avira Operations GmbH & Co. KG) Hidden
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.1 - BitTorrent Inc.)
calibre (HKLM-x32\...\{D060E2E3-5509-4420-AA04-FA197C6678C8}) (Version: 0.9.28 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0113.2257.41150 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0113.2257.41150 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0113.2257.41150 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0113.2257.41150 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0113.2257.41150 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0113.2257.41150 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2257.41150 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0113.2257.41150 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help English (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help French (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help German (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0113.2257.41150 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0113.2257.41150 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.296 - Corel Inc.)
CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EAX Unified (HKLM-x32\...\EAX Unified) (Version: - )
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.1.09180 - Sony Corporation)
Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
InterActual Player (HKLM-x32\...\InterActual Player) (Version: - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 16 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
LEGO® Harry Potter™: Die Jahre 1-4 (HKLM-x32\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games)
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG MC USB U330 driver (HKLM-x32\...\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}) (Version: 1.0.0.0000 - LG Electronics)
LG PC Suite III deinstallieren (HKLM-x32\...\{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1) (Version: - LG Electronics)
LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation)
Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
phase-6 2.1.2.1b (HKLM-x32\...\phase-6) (Version: 2.1.2.1b - phase-6)
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation)
PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.0.00.09250 - Sony Corporation)
PMB VAIO Edition Guide (x32 Version: 1.0.00.09250 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.0.01.11230 - Sony Corporation)
PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.0.01.11230 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.0.00.10150 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.0.00.10150 - Sony Corporation) Hidden
PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.0.01.12010 - Sony Corporation)
PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.0.01.12010 - Sony Corporation) Hidden
Prince of Persia The Sands of Time (HKLM-x32\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.)
Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.08 (07.05.2012) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.1.10160 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Wars Knights of the Old Republic (HKLM-x32\...\Star Wars Knights of the Old Republic) (Version: 1.3.0.0 - LucasArts)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated)
The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts)
Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version: - )
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 5.0.3.11130 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}) (Version: 3.6.0.09250 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{4427F384-B5BE-4769-B7D0-C784FC321EB1}) (Version: 3.6.0.09080 - Sony Corporation)
VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.6.0.09080 - Sony Corporation) Hidden
VAIO Content Metadata Manager Settings (HKLM-x32\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation)
VAIO Content Metadata Manager Settings (x32 Version: 3.6.0.09240 - Sony Corporation) Hidden
VAIO Content Metadata XML Interface Library (HKLM-x32\...\{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}) (Version: 3.6.0.09080 - Sony Corporation)
VAIO Content Metadata XML Interface Library (x32 Version: 3.6.0.09080 - Sony Corporation) Hidden
VAIO Content Monitoring Settings (x32 Version: 2.4.1.09180 - Sony Corporation) Hidden
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.0.10160 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.0.00.10130 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.6.0.09150 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.6.0.09150 - Sony Corporation) Hidden
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation)
VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.2.0.09240 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation)
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.0.00.09240 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation)
VAIO Personalization Manager (HKLM-x32\...\{A95187EF-BCF4-4468-B501-C0BAB976ADD1}) (Version: 2.0.0.06220 - Sony Corporation)
VAIO Personalization Manager (x32 Version: 2.0.0.06220 - Sony Corporation) Hidden
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.2.2.3 - Sony Corporation)
VAIO Quick Web Access (x32 Version: 1.2.2.3 - Sony Corporation) Hidden
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.1.0.11250 - Sony Corporation)
VAIO Update 5 (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.0.0.10300 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.0.10200 - Sony Corporation)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.)
YTD Video Downloader 4.2.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.2.2 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points =========================

29-08-2014 18:30:14 Revo Uninstaller's restore point - CHIP Updater
29-08-2014 18:32:15 Revo Uninstaller's restore point - Advanced SystemCare 7
29-08-2014 18:42:15 Revo Uninstaller's restore point - Spybot - Search & Destroy
07-09-2014 16:41:45 Windows-Sicherung
07-09-2014 16:42:41 Windows Update
08-09-2014 05:43:08 Revo Uninstaller's restore point - Ask Toolbar
08-09-2014 05:45:53 Revo Uninstaller's restore point - IObit Malware Fighter
08-09-2014 06:21:14 Revo Uninstaller's restore point - Avira
08-09-2014 06:42:25 Windows Update
08-09-2014 07:03:44 Windows-Sicherung
08-09-2014 07:26:20 Revo Uninstaller's restore point - Smart Defrag 3
08-09-2014 07:29:18 Revo Uninstaller's restore point - Avira
08-09-2014 07:39:21 avast! antivirus system restore point
08-09-2014 08:58:41 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-09-08 09:49 - 00450770 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {011C4551-7826-4424-82F9-DD15D29E9DE7} - System32\Tasks\Driver Booster SkipUAC (Sandra) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {0D7925BA-3493-4E13-8DBB-C5ACD0601A0A} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {14A41AB3-F4BC-40FE-86C9-2BA9F45276BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {1BC3C336-8B3C-462D-BA32-9EE66D410AF3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {245367CB-A966-448D-AF6F-45AF6B8DA8DF} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation)
Task: {2797CF22-023C-4578-899E-45610F506820} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2009-10-30] (Sony Corporation)
Task: {28CD8D46-DC49-4EF9-AD02-66D7112989FD} - System32\Tasks\{D473E0E1-1B41-471A-8A03-BC4CCB962C2C} => G:\Gothic3\gothic3.exe
Task: {2A969244-89F4-42A8-82B9-25AB45423508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10] (Google Inc.)
Task: {2BBFDF87-452C-4349-A3B4-7E0ABCD2833A} - System32\Tasks\{3E9A453F-19F9-450E-8908-11F4E90AE992} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.)
Task: {2EC3A27D-12FE-41D0-AB6E-529C61DFBB1C} - System32\Tasks\{3306B155-49B3-46F7-B566-D194D451941B} => Z:\setup.exe
Task: {2FBECC3C-69E9-4963-9ECE-DD0C8210DD4E} - System32\Tasks\{354FB7E9-6BBC-43B1-A11C-41AA253DA3FE} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.)
Task: {3B54A0C4-3995-41E4-BEAE-78B084CA00F7} - System32\Tasks\{74C71BEE-6702-43A1-A928-B2A8A6991CC0} => C:\Program Files (x86)\UBISOFT\Prince of Persia The Sands of Time\PrinceOfPersia.exe [2004-05-19] (UBISOFT)
Task: {4735FF79-7A38-465E-A9BC-6CC9CC964362} - System32\Tasks\{505DA512-BC75-4CE2-8235-0C2ED06BDFE9} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.)
Task: {53036282-5C1F-4E1B-868F-87882A33CB11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-08] (AVAST Software)
Task: {5927225C-54F7-4AE4-B6EC-09F94433FF28} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {59FD20D4-7A58-426E-84F4-B71695B7BA7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {5B049175-62E9-42F1-B02C-9BA5DF9E9B9A} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-09-24] (Sony Corporation)
Task: {6CBB887E-5533-4254-9D85-7D7727900B5A} - System32\Tasks\{CD230A95-E815-4D69-A42F-040A2CBFFEE1} => G:\Gothic3\gothic3.exe
Task: {7F71C938-09EA-403B-A2EC-36DF2AAF1048} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-10-19] (Sony Corporation)
Task: {817CDE71-8889-4F3C-8EE5-8047232D64D8} - System32\Tasks\{BCB50A56-86DD-4211-96B7-197CC48B12C6} => C:\Program Files (x86)\UBISOFT\Prince of Persia The Sands of Time\PrinceOfPersia.exe [2004-05-19] (UBISOFT)
Task: {88919CFE-400F-4D96-B859-D2311BA0FC99} - System32\Tasks\{858B6A46-0A20-4F38-A4AD-F0F273009EE9} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {91C7D7C8-260B-447F-A9B6-7921BB60CE6B} - System32\Tasks\{41940133-C5CF-4543-BE0B-8AD29713A9A4} => Firefox.exe
Task: {9412F9AD-AA44-489F-B3D4-489A79D5D90C} - System32\Tasks\{AF9614AC-037A-4920-85A0-38EDBD699C87} => Firefox.exe hxxp://ui.skype.com/ui/0/5.6.0.110/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {95752B59-34FD-43AA-9D26-05A821155AEE} - System32\Tasks\{0756066C-A65B-4ADF-956B-9D98A2A0493F} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.)
Task: {9AFEC5C2-B56F-4049-9C78-2724092E7464} - System32\Tasks\{9B4AF4F2-25D2-4A06-9312-20BC0065B89F} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: {A5BB8341-F22C-4776-91B9-B11F10AFB9A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A7FED3C2-4C44-4D00-827F-2C40B7561EEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10] (Google Inc.)
Task: {AC28F0E8-624C-4190-9F2A-4A035297BE7B} - System32\Tasks\{D5CB83F3-B6D8-42CA-992B-7DADF2C28A0F} => C:\Program Files (x86)\UBISOFT\Prince of Persia The Sands of Time\PrinceOfPersia.exe [2004-05-19] (UBISOFT)
Task: {B142F9E3-4060-4508-8C37-F2AC29BC1AAC} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-10-21] (Sony Corporation)
Task: {B7E71A6C-9D2A-4950-9837-0F12ABEC3EFF} - System32\Tasks\{247EEB1C-A377-492C-8081-94916061B52F} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.)
Task: {B945FB3C-90D3-467B-B2A6-3C3F34FBEF30} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: {CB2FF582-0B25-4E81-82C0-BDCD28701B25} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation)
Task: {CF055B68-02AD-4BFA-8ABE-7AF36ABFCBA2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {DF7DC4E9-5585-4F82-A505-8FA96005BFDB} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation)
Task: {E97DCE77-199E-41C4-AFAF-54B0E6A723D5} - System32\Tasks\{7DB9E92E-57D4-4CCD-A134-47B80690F348} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.)
Task: {F623D033-0E57-4762-B5B1-56A4755D9A53} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation)
Task: {FD900387-E5EB-4DC1-9D4B-0708AA8DAC9A} - System32\Tasks\{745FD3A5-4E2A-4717-8D8B-7F7020085917} => C:\Windows\SYSTEM32\msiexec.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-09 19:27 - 2011-05-02 06:40 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll
2010-12-17 18:13 - 2010-12-17 18:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 18:13 - 2010-12-17 18:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2014-09-08 09:40 - 2014-09-08 09:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-08 09:43 - 2014-09-08 09:43 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090800\algo.dll
2014-09-09 07:20 - 2014-09-09 07:20 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090802\algo.dll
2010-06-10 16:03 - 2009-12-01 22:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-06-10 16:03 - 2009-12-01 22:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll
2014-08-06 11:15 - 2014-07-14 16:49 - 00049744 _____ () C:\Users\Sandra\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-08-29 20:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-29 20:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-29 20:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-08 09:40 - 2014-09-08 09:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-14 16:49 - 2014-07-14 16:49 - 00065104 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-09-08 08:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-09-08 08:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Browser Defender Update Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FontCache => 3
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: fsssvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: ICQ Service => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: PDFPrint => c:\program files (x86)\pdf24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2014 07:48:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Name des fehlerhaften Moduls: RootkitRevealer.exe, Version: 1.71.0.0, Zeitstempel: 0x44e255aa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000040cd
ID des fehlerhaften Prozesses: 0x154c
Startzeit der fehlerhaften Anwendung: 0xRootkitRevealer.exe0
Pfad der fehlerhaften Anwendung: RootkitRevealer.exe1
Pfad des fehlerhaften Moduls: RootkitRevealer.exe2
Berichtskennung: RootkitRevealer.exe3

Error: (09/09/2014 07:32:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WinRAR.exe, Version 5.10.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1274

Startzeit: 01cfcbeedda90371

Endzeit: 15

Anwendungspfad: C:\Program Files (x86)\WinRAR\WinRAR.exe

Berichts-ID: 9edd72ac-37e2-11e4-b12a-5442495be127

Error: (09/09/2014 07:19:30 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (09/09/2014 07:19:29 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA}) (Fehlercode = 0x80042000)

Error: (09/08/2014 11:04:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary zchtqqsj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/08/2014 10:58:54 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary zchtqqsj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/08/2014 09:39:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary zchtqqsj.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (09/08/2014 09:35:00 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)

Error: (09/08/2014 09:35:00 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA}) (Fehlercode = 0x80042000)

Error: (09/08/2014 08:53:11 AM) (Source: VzCdbSvc) (EventID: 7) (User: )
Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019)


System errors:
=============
Error: (09/09/2014 09:07:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2014 09:07:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2014 09:07:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 09:07:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2014 09:07:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VAIO Entertainment Database Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 09:07:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (09/09/2014 09:07:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/09/2014 07:19:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/09/2014 07:19:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.

Error: (09/08/2014 09:34:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-08-24 13:11:44.354
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-24 13:11:44.154
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-24 13:11:43.944
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-24 13:11:43.724
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-12 12:10:06.811
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-12 12:10:06.631
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-12 12:10:06.441
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-08-12 12:10:06.251
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-10-18 16:30:31.756
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2012-10-18 16:30:31.663
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Sandra (administrator) on VAI on 09-09-2014 10:28:16
Running from C:\Users\Sandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1WZXMHMP
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Sandra\AppData\Local\Temp\FRST.tmp
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-04-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-08] (AVAST Software)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-10-28] (Samsung)
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-10-28] (Samsung)
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {2d462d8f-4439-11e1-a4dc-5442495be127} - H:\AutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {2d462dc6-4439-11e1-a4dc-5442495be127} - I:\AutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {6f1f4328-4436-11e1-a099-5442495be127} - H:\AutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {7b6ed59f-4b8b-11e1-a47d-f07bcbd3f455} - I:\AutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {835c9790-438b-11e1-8b60-5442495be127} - H:\AutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {835c980c-438b-11e1-8b60-5442495be127} - H:\AutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {a09cd49b-4869-11e1-8ce2-5442495be127} - H:\AutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {dcd1d923-aadb-11df-8fa0-f07bcbd3f455} - H:\USBAutoRun.exe
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\MountPoints2: {ed3bba96-b3c3-11e0-b2b5-5442495be127} - H:\iStudio.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {142310F0-2E28-4F32-950B-E6DEA5DE71EB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=9039EBF7-8574-48C4-B9D6-8B1F61B06528&apn_sauid=34B89E93-34ED-41C0-9997-538C366AB174
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {99EB16A3-5DA9-4506-B71B-4909363EB52D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {D33305C1-4CCF-4C96-AC9F-0A1A9D37406C} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {E84365FC-7CC1-47DC-886C-C0034D1D5BF1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
SearchScopes: HKCU - {FE8F747D-8BDE-4D37-8602-B94664EB3033} URL = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.uni-due.de/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\abs@avira.com [2014-09-08]
FF Extension: AD Block - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\searchads@instair.net [2014-06-22]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: NoScript - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-24]
FF Extension: AVG PrivacyFix - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2012-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-08]

Chrome: 
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ads Removal) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-27]
CHR Extension: (No Name) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-05]
CHR Extension: (AD Block) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb [2014-01-16]
CHR Extension: (AD Block) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic [2013-11-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-08] (AVAST Software)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-14] (Avira Operations GmbH & Co. KG)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2428968 2011-07-05] (mobile concepts GmbH)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [821760 2009-11-25] (Sony Corporation) [File not signed]
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1165680 2009-10-30] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation) [File not signed]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-05-15] (Synaptics Incorporated)
R1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-09-09] (Symantec Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
S0 mferkdet; system32\drivers\mferkdet.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 10:28 - 2014-09-09 10:28 - 00000000 ____D () C:\FRST
2014-09-09 09:09 - 2014-09-09 09:09 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.87f8.deleteme
2014-09-09 09:08 - 2014-09-09 09:42 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-09-09 09:08 - 2014-09-09 09:42 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-09-09 09:08 - 2014-09-09 09:32 - 00000000 ____D () C:\Users\Sandra\AppData\Local\NPE
2014-09-09 09:08 - 2014-09-09 09:08 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:07 - 2014-09-09 10:14 - 00000000 ____D () C:\Program Files\stinger
2014-09-09 09:07 - 2014-09-09 09:07 - 00000000 ____D () C:\Quarantine
2014-09-09 07:34 - 2014-09-09 07:48 - 00000000 ____D () C:\C't Helper
2014-09-09 07:30 - 2014-09-09 07:32 - 00000000 ____D () C:\totalcmd
2014-09-09 07:30 - 2014-09-09 07:30 - 00000632 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-09-09 07:30 - 2014-09-09 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-09-09 07:23 - 2014-09-09 07:23 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 07:23 - 2014-09-09 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 07:22 - 2014-09-09 07:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 10:56 - 2014-09-08 10:56 - 00000332 _____ () C:\Users\Sandra\Desktop\Memory Stick (E) - Verknüpfung.lnk
2014-09-08 10:56 - 2014-09-08 10:56 - 00000324 _____ () C:\Users\Sandra\Desktop\SD - MMC (F) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000501 _____ () C:\Users\Sandra\Desktop\Expansion Drive (H) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000483 _____ () C:\Users\Sandra\Desktop\Sonstiges (G) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000472 _____ () C:\Users\Sandra\Desktop\Privat (D) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000340 _____ () C:\Users\Sandra\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-09-08 10:54 - 2014-09-08 10:54 - 00000512 _____ () C:\Users\Sandra\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
2014-09-08 09:49 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-094938.backup
2014-09-08 09:46 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-094652.backup
2014-09-08 09:41 - 2014-09-08 09:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-08 09:41 - 2014-09-08 09:41 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\AVAST Software
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 09:40 - 2014-09-08 09:41 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 09:40 - 2014-09-08 09:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 09:40 - 2014-09-08 09:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 09:39 - 2014-09-08 09:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 09:38 - 2014-09-08 09:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 08:52 - 2014-09-09 07:20 - 00000202 _____ () C:\Windows\setupact.log
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 08:51 - 2014-09-09 07:18 - 00037888 _____ () C:\Windows\PFRO.log
2014-09-08 08:44 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 08:44 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 08:44 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 08:44 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 08:44 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 08:44 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 08:44 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 08:44 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 08:44 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-08 08:44 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-08 08:44 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 08:44 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 08:44 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-08 08:44 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 08:44 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-08 08:44 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-08 08:44 - 2013-10-01 22:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-08 08:44 - 2013-10-01 22:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-08 08:42 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-08 08:42 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-08 08:42 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-08 08:42 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-08 08:14 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-081442.backup
2014-09-08 08:10 - 2014-09-08 08:10 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 08:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-08 07:55 - 2014-09-08 08:04 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-09-08 07:50 - 2014-09-08 07:50 - 00000000 ____D () C:\ProgramData\Razer
2014-09-08 07:33 - 2014-09-08 07:35 - 00000000 ____D () C:\AdwCleaner
2014-09-08 07:33 - 2014-09-08 07:33 - 01370467 _____ () C:\Users\Sandra\Downloads\adwcleaner_3.309.exe
2014-08-29 20:45 - 2014-09-08 08:11 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-29 20:45 - 2014-09-08 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-29 20:45 - 2014-08-29 20:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-29 20:38 - 2014-08-29 20:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 20:32 - 2014-08-29 20:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-29 12:08 - 2014-08-29 14:08 - 00283136 ___SH () C:\Users\Sandra\Downloads\Thumbs.db
2014-08-29 12:00 - 2014-08-20 03:07 - 00022845 _____ () C:\Users\Sandra\Downloads\md5sum.txt
2014-08-29 11:57 - 2014-08-29 20:30 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-29 11:57 - 2014-08-29 12:00 - 639619072 _____ () C:\Users\Sandra\Downloads\rescue-system.iso
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-29 11:55 - 2014-08-29 11:55 - 01101648 _____ () C:\Users\Sandra\Downloads\Avira AntiVir Rescue System - CHIP-Installer.exe
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 _____ () C:\asc_rdflag
2014-08-28 16:49 - 2014-09-08 09:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 16:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 16:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 15:17 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:17 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:17 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 20:11 - 2014-08-21 20:11 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe
2014-08-17 22:30 - 2014-08-17 22:30 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 09:17 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 09:17 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 09:17 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 09:17 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 09:17 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 09:16 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 09:16 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 09:16 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 09:16 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 09:16 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 09:16 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 09:16 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 09:16 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 09:16 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 09:16 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 09:16 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 09:16 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 09:16 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 09:16 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 09:16 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 09:16 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 09:16 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 09:16 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 09:16 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 09:16 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 09:16 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 09:16 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 09:16 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 09:16 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 09:16 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 09:16 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 09:16 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 09:16 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 09:16 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 09:16 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 09:16 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 09:16 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 09:16 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 09:16 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 09:16 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 09:16 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 09:16 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 09:16 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 09:16 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 09:16 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 09:16 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 09:16 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 09:16 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 09:16 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 09:16 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 09:16 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 09:16 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 09:16 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 09:16 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 09:16 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 09:16 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 09:16 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 09:16 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 09:16 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 09:16 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 09:16 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 09:16 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 09:16 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 09:16 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 09:15 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 09:15 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-10 08:41 - 2014-08-10 08:41 - 00004815 _____ () C:\Users\Sandra\Downloads\Automatische Antwort_Gelesen_ Ihr Stromantrag vom 31.07.2014.html
2014-08-10 08:40 - 2014-08-10 08:40 - 00010823 _____ () C:\Users\Sandra\Downloads\Ihr Stromantrag vom 31.07.2014.html

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 10:28 - 2014-09-09 10:28 - 00000000 ____D () C:\FRST
2014-09-09 10:14 - 2014-09-09 09:07 - 00000000 ____D () C:\Program Files\stinger
2014-09-09 10:04 - 2010-06-10 15:38 - 01244394 _____ () C:\Windows\WindowsUpdate.log
2014-09-09 09:52 - 2010-06-10 15:44 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 09:52 - 2010-06-10 15:44 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 09:42 - 2014-09-09 09:08 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-09-09 09:42 - 2014-09-09 09:08 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-09-09 09:32 - 2014-09-09 09:08 - 00000000 ____D () C:\Users\Sandra\AppData\Local\NPE
2014-09-09 09:09 - 2014-09-09 09:09 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.87f8.deleteme
2014-09-09 09:08 - 2014-09-09 09:08 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:07 - 2014-09-09 09:07 - 00000000 ____D () C:\Quarantine
2014-09-09 07:48 - 2014-09-09 07:34 - 00000000 ____D () C:\C't Helper
2014-09-09 07:35 - 2010-07-27 14:39 - 00000000 ____D () C:\Users\Sandra\Desktop\Sicherheit
2014-09-09 07:33 - 2010-07-27 12:20 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{467208DB-642D-4A33-AD7F-AC2A06B7A759}
2014-09-09 07:32 - 2014-09-09 07:30 - 00000000 ____D () C:\totalcmd
2014-09-09 07:30 - 2014-09-09 07:30 - 00000632 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-09-09 07:30 - 2014-09-09 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-09-09 07:26 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 07:26 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 07:23 - 2014-09-09 07:23 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-09 07:23 - 2014-09-09 07:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-09 07:23 - 2012-10-18 08:37 - 00000000 ____D () C:\ProgramData\Avira
2014-09-09 07:23 - 2012-10-18 08:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-09 07:22 - 2014-09-09 07:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-09 07:20 - 2014-09-08 08:52 - 00000202 _____ () C:\Windows\setupact.log
2014-09-09 07:19 - 2013-11-04 17:05 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-09 07:18 - 2014-09-08 08:51 - 00037888 _____ () C:\Windows\PFRO.log
2014-09-09 07:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-08 10:56 - 2014-09-08 10:56 - 00000332 _____ () C:\Users\Sandra\Desktop\Memory Stick (E) - Verknüpfung.lnk
2014-09-08 10:56 - 2014-09-08 10:56 - 00000324 _____ () C:\Users\Sandra\Desktop\SD - MMC (F) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000501 _____ () C:\Users\Sandra\Desktop\Expansion Drive (H) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000483 _____ () C:\Users\Sandra\Desktop\Sonstiges (G) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000472 _____ () C:\Users\Sandra\Desktop\Privat (D) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000340 _____ () C:\Users\Sandra\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-09-08 10:54 - 2014-09-08 10:54 - 00000512 _____ () C:\Users\Sandra\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
2014-09-08 09:42 - 2014-08-28 16:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 09:41 - 2014-09-08 09:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-08 09:41 - 2014-09-08 09:41 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\AVAST Software
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 09:41 - 2014-09-08 09:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 09:41 - 2012-10-18 08:44 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-09-08 09:40 - 2014-09-08 09:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 09:40 - 2014-09-08 09:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 09:40 - 2014-09-08 09:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 09:39 - 2014-09-08 09:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 09:39 - 2014-09-08 09:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 09:34 - 2009-07-14 06:45 - 00464224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 09:29 - 2010-07-27 15:12 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 08:44 - 2013-02-18 13:19 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-08 08:44 - 2010-06-11 01:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-08 08:44 - 2010-06-11 01:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-08 08:44 - 2009-07-14 07:13 - 01594964 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-08 08:11 - 2014-08-29 20:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-08 08:10 - 2014-09-08 08:10 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 08:10 - 2014-08-29 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-08 08:10 - 2010-07-27 15:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-08 08:05 - 2010-07-27 15:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-08 08:05 - 2010-07-27 15:32 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-08 08:04 - 2014-09-08 07:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-09-08 07:50 - 2014-09-08 07:50 - 00000000 ____D () C:\ProgramData\Razer
2014-09-08 07:50 - 2011-11-30 20:11 - 00000000 ____D () C:\ProgramData\IObit
2014-09-08 07:42 - 2010-07-27 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 07:36 - 2012-05-03 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-08 07:35 - 2014-09-08 07:33 - 00000000 ____D () C:\AdwCleaner
2014-09-08 07:35 - 2010-07-27 15:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-08 07:33 - 2014-09-08 07:33 - 01370467 _____ () C:\Users\Sandra\Downloads\adwcleaner_3.309.exe
2014-09-08 07:27 - 2014-06-11 12:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-07 19:29 - 2014-05-15 19:01 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\ProductData
2014-09-07 19:29 - 2012-01-20 21:00 - 00000000 ____D () C:\Users\Gast
2014-09-07 19:29 - 2010-07-27 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-07 19:29 - 2010-07-27 15:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-07 19:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-07 18:41 - 2010-07-27 12:17 - 00000000 ____D () C:\Users\Sandra
2014-08-29 20:45 - 2014-08-29 20:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-29 20:38 - 2014-08-29 20:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 20:32 - 2014-08-29 20:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-29 20:30 - 2014-08-29 11:57 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-29 14:08 - 2014-08-29 12:08 - 00283136 ___SH () C:\Users\Sandra\Downloads\Thumbs.db
2014-08-29 13:53 - 2010-07-27 12:18 - 00125296 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 12:00 - 2014-08-29 11:57 - 639619072 _____ () C:\Users\Sandra\Downloads\rescue-system.iso
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-29 11:55 - 2014-08-29 11:55 - 01101648 _____ () C:\Users\Sandra\Downloads\Avira AntiVir Rescue System - CHIP-Installer.exe
2014-08-29 10:43 - 2013-05-13 16:37 - 00000121 _____ () C:\Users\Public\LMDebug.log
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 _____ () C:\asc_rdflag
2014-08-29 09:22 - 2014-02-15 12:07 - 98811904 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 05251072 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-08-28 22:38 - 2012-08-20 15:53 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-08-28 17:21 - 2012-03-07 19:59 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2012-10-04 15:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 09:28 - 2011-01-02 22:23 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\BitTorrent
2014-08-25 06:53 - 2010-07-27 16:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 15:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 20:11 - 2014-08-21 20:11 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe
2014-08-21 12:58 - 2012-04-07 20:36 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-21 12:58 - 2011-05-17 09:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-20 03:07 - 2014-08-29 12:00 - 00022845 _____ () C:\Users\Sandra\Downloads\md5sum.txt
2014-08-18 19:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 22:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 22:48 - 2013-08-14 23:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 22:48 - 2011-01-03 01:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-17 22:45 - 2010-07-31 19:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 09:59 - 2014-03-20 14:02 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Sandra)
2014-08-10 08:41 - 2014-08-10 08:41 - 00004815 _____ () C:\Users\Sandra\Downloads\Automatische Antwort_Gelesen_ Ihr Stromantrag vom 31.07.2014.html
2014-08-10 08:40 - 2014-08-10 08:40 - 00010823 _____ () C:\Users\Sandra\Downloads\Ihr Stromantrag vom 31.07.2014.html

Some content of TEMP:
====================
C:\Users\Sandra\AppData\Local\Temp\avgnt.exe
C:\Users\Sandra\AppData\Local\Temp\Quarantine.exe
C:\Users\Sandra\AppData\Local\Temp\TYCEOV.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally 
LastRegBack: 2014-09-07 19:15

==================== End Of Log ============================
         
--- --- ---




Danke für die Mühe - bis denne


Alt 10.09.2014, 20:20   #6
schrauber
/// the machine
/// TB-Ausbilder
 

TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



FRST auf dem Desktop speichern!!


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> TROJAN DNS Reply Sinkhole - Anubis -

Alt 12.09.2014, 07:04   #7
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Icon24

TROJAN DNS Reply Sinkhole - Anubis -



Moin,

07:52:19.0673 0x0c90 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
07:52:23.0513 0x0c90 ============================================================
07:52:23.0513 0x0c90 Current date / time: 2014/09/12 07:52:23.0513
07:52:23.0513 0x0c90 SystemInfo:
07:52:23.0514 0x0c90
07:52:23.0514 0x0c90 OS Version: 6.1.7601 ServicePack: 1.0
07:52:23.0514 0x0c90 Product type: Workstation
07:52:23.0514 0x0c90 ComputerName: VAI
07:52:23.0514 0x0c90 UserName: Sandra
07:52:23.0514 0x0c90 Windows directory: C:\Windows
07:52:23.0514 0x0c90 System windows directory: C:\Windows
07:52:23.0514 0x0c90 Running under WOW64
07:52:23.0514 0x0c90 Processor architecture: Intel x64
07:52:23.0514 0x0c90 Number of processors: 4
07:52:23.0514 0x0c90 Page size: 0x1000
07:52:23.0514 0x0c90 Boot type: Normal boot
07:52:23.0514 0x0c90 ============================================================
07:52:24.0826 0x0c90 KLMD registered as C:\Windows\system32\drivers\47826366.sys
07:52:25.0340 0x0c90 System UUID: {45EE284D-1B49-1601-AB19-090DCEC553B0}
07:52:26.0249 0x0c90 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:52:26.0264 0x0c90 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:52:26.0564 0x0c90 ============================================================
07:52:26.0564 0x0c90 \Device\Harddisk0\DR0:
07:52:26.0564 0x0c90 MBR partitions:
07:52:26.0564 0x0c90 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1611800, BlocksNum 0x32000
07:52:26.0564 0x0c90 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1643800, BlocksNum 0x1EB3B830
07:52:26.0586 0x0c90 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x20180000, BlocksNum 0xC969000
07:52:26.0596 0x0c90 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2CAE9800, BlocksNum 0xD89C000
07:52:26.0596 0x0c90 \Device\Harddisk3\DR3:
07:52:26.0634 0x0c90 MBR partitions:
07:52:26.0634 0x0c90 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
07:52:26.0634 0x0c90 ============================================================
07:52:26.0681 0x0c90 C: <-> \Device\Harddisk0\DR0\Partition2
07:52:26.0714 0x0c90 D: <-> \Device\Harddisk0\DR0\Partition3
07:52:26.0738 0x0c90 G: <-> \Device\Harddisk0\DR0\Partition4
07:52:26.0796 0x0c90 H: <-> \Device\Harddisk3\DR3\Partition1
07:52:26.0796 0x0c90 ============================================================
07:52:26.0796 0x0c90 Initialize success
07:52:26.0796 0x0c90 ============================================================
07:52:30.0815 0x0fa8 ============================================================
07:52:30.0815 0x0fa8 Scan started
07:52:30.0815 0x0fa8 Mode: Manual;
07:52:30.0815 0x0fa8 ============================================================
07:52:30.0815 0x0fa8 KSN ping started
07:52:33.0708 0x0fa8 KSN ping finished: true
07:52:35.0146 0x0fa8 ================ Scan system memory ========================
07:52:35.0146 0x0fa8 System memory - ok
07:52:35.0147 0x0fa8 ================ Scan services =============================
07:52:35.0399 0x0fa8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:52:35.0412 0x0fa8 1394ohci - ok
07:52:35.0504 0x0fa8 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:52:35.0510 0x0fa8 ACDaemon - ok
07:52:35.0561 0x0fa8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:52:35.0572 0x0fa8 ACPI - ok
07:52:35.0614 0x0fa8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:52:35.0616 0x0fa8 AcpiPmi - ok
07:52:35.0688 0x0fa8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:52:35.0691 0x0fa8 AdobeARMservice - ok
07:52:35.0732 0x0fa8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
07:52:35.0747 0x0fa8 adp94xx - ok
07:52:35.0796 0x0fa8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
07:52:35.0806 0x0fa8 adpahci - ok
07:52:35.0838 0x0fa8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
07:52:35.0844 0x0fa8 adpu320 - ok
07:52:35.0886 0x0fa8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:52:35.0889 0x0fa8 AeLookupSvc - ok
07:52:35.0940 0x0fa8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
07:52:35.0953 0x0fa8 AFD - ok
07:52:35.0991 0x0fa8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
07:52:35.0994 0x0fa8 agp440 - ok
07:52:36.0020 0x0fa8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
07:52:36.0024 0x0fa8 ALG - ok
07:52:36.0063 0x0fa8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
07:52:36.0065 0x0fa8 aliide - ok
07:52:36.0094 0x0fa8 [ 3260756E234083BD2BD1709C60B6E6D7, A9002C1E266DA8179888E4F2430F8DF2B333ABB1988E127DC11BEBA8F23F71BB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:52:36.0100 0x0fa8 AMD External Events Utility - ok
07:52:36.0112 0x0fa8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
07:52:36.0113 0x0fa8 amdide - ok
07:52:36.0133 0x0fa8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
07:52:36.0136 0x0fa8 AmdK8 - ok
07:52:36.0155 0x0fa8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
07:52:36.0158 0x0fa8 AmdPPM - ok
07:52:36.0184 0x0fa8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:52:36.0188 0x0fa8 amdsata - ok
07:52:36.0215 0x0fa8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
07:52:36.0221 0x0fa8 amdsbs - ok
07:52:36.0235 0x0fa8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:52:36.0237 0x0fa8 amdxata - ok
07:52:36.0300 0x0fa8 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
07:52:36.0312 0x0fa8 AntiVirSchedulerService - ok
07:52:36.0348 0x0fa8 [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
07:52:36.0360 0x0fa8 AntiVirService - ok
07:52:36.0403 0x0fa8 [ 1661F9C9E4B0049FA0A5E30264375A87, F6A457A9F63AF47E0429B039C043443F1EFFB18ED35B90DA448DE8AD16B3CBEC ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
07:52:36.0411 0x0fa8 ApfiltrService - ok
07:52:36.0439 0x0fa8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
07:52:36.0442 0x0fa8 AppID - ok
07:52:36.0464 0x0fa8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:52:36.0466 0x0fa8 AppIDSvc - ok
07:52:36.0497 0x0fa8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
07:52:36.0500 0x0fa8 Appinfo - ok
07:52:36.0527 0x0fa8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
07:52:36.0551 0x0fa8 arc - ok
07:52:36.0583 0x0fa8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
07:52:36.0587 0x0fa8 arcsas - ok
07:52:36.0618 0x0fa8 [ C130BC4A51B1382B2BE8E44579EC4C0A, CC1FD33ED7CAD87A504D8678F8482CAECACD18C727BB97FFB86F39255563EEF2 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
07:52:36.0620 0x0fa8 ArcSoftKsUFilter - ok
07:52:36.0719 0x0fa8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:52:36.0722 0x0fa8 aspnet_state - ok
07:52:36.0749 0x0fa8 [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
07:52:36.0751 0x0fa8 aswHwid - ok
07:52:36.0770 0x0fa8 [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
07:52:36.0774 0x0fa8 aswMonFlt - ok
07:52:36.0800 0x0fa8 [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
07:52:36.0804 0x0fa8 aswRdr - ok
07:52:36.0834 0x0fa8 [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
07:52:36.0837 0x0fa8 aswRvrt - ok
07:52:36.0894 0x0fa8 [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
07:52:36.0927 0x0fa8 aswSnx - ok
07:52:36.0994 0x0fa8 [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP C:\Windows\system32\drivers\aswSP.sys
07:52:37.0006 0x0fa8 aswSP - ok
07:52:37.0040 0x0fa8 [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm C:\Windows\system32\drivers\aswStm.sys
07:52:37.0043 0x0fa8 aswStm - ok
07:52:37.0079 0x0fa8 [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
07:52:37.0086 0x0fa8 aswVmm - ok
07:52:37.0107 0x0fa8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:52:37.0110 0x0fa8 AsyncMac - ok
07:52:37.0138 0x0fa8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
07:52:37.0140 0x0fa8 atapi - ok
07:52:37.0318 0x0fa8 [ 39F704F12F9F70C57AB0F44AE466A0B8, 9E01E81864A25BDE5CAABE5EA2E47046406F96FD8D5BEFD2BC3851060A80D6E9 ] athr C:\Windows\system32\DRIVERS\athrx.sys
07:52:37.0488 0x0fa8 athr - ok
07:52:37.0751 0x0fa8 [ F3A362B683B6158CC47D7E8E58B7DDC9, 3C3A531A8C48825ABA0BC4E74CCA1FB11A785E842DFAFA95E7C0D1850EE81D4F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:52:37.0975 0x0fa8 atikmdag - ok
07:52:38.0043 0x0fa8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:52:38.0063 0x0fa8 AudioEndpointBuilder - ok
07:52:38.0086 0x0fa8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:52:38.0107 0x0fa8 AudioSrv - ok
07:52:38.0187 0x0fa8 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:52:38.0189 0x0fa8 avast! Antivirus - ok
07:52:38.0227 0x0fa8 [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
07:52:38.0231 0x0fa8 avgntflt - ok
07:52:38.0270 0x0fa8 [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
07:52:38.0274 0x0fa8 avipbb - ok
07:52:38.0298 0x0fa8 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
07:52:38.0300 0x0fa8 avkmgr - ok
07:52:38.0333 0x0fa8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:52:38.0336 0x0fa8 AxInstSV - ok
07:52:38.0370 0x0fa8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
07:52:38.0383 0x0fa8 b06bdrv - ok
07:52:38.0408 0x0fa8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:52:38.0417 0x0fa8 b57nd60a - ok
07:52:38.0454 0x0fa8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
07:52:38.0459 0x0fa8 BDESVC - ok
07:52:38.0468 0x0fa8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
07:52:38.0470 0x0fa8 Beep - ok
07:52:38.0525 0x0fa8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
07:52:38.0546 0x0fa8 BFE - ok
07:52:38.0617 0x0fa8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
07:52:38.0682 0x0fa8 BITS - ok
07:52:38.0715 0x0fa8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
07:52:38.0718 0x0fa8 blbdrive - ok
07:52:38.0741 0x0fa8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:52:38.0745 0x0fa8 bowser - ok
07:52:38.0760 0x0fa8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
07:52:38.0762 0x0fa8 BrFiltLo - ok
07:52:38.0783 0x0fa8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
07:52:38.0784 0x0fa8 BrFiltUp - ok
07:52:38.0812 0x0fa8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
07:52:38.0817 0x0fa8 Browser - ok
07:52:38.0860 0x0fa8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:52:38.0869 0x0fa8 Brserid - ok
07:52:38.0891 0x0fa8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:52:38.0894 0x0fa8 BrSerWdm - ok
07:52:38.0909 0x0fa8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:52:38.0910 0x0fa8 BrUsbMdm - ok
07:52:38.0925 0x0fa8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:52:38.0927 0x0fa8 BrUsbSer - ok
07:52:38.0961 0x0fa8 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:52:38.0963 0x0fa8 BthEnum - ok
07:52:38.0978 0x0fa8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
07:52:38.0980 0x0fa8 BTHMODEM - ok
07:52:38.0997 0x0fa8 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:52:39.0001 0x0fa8 BthPan - ok
07:52:39.0052 0x0fa8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
07:52:39.0068 0x0fa8 BTHPORT - ok
07:52:39.0096 0x0fa8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
07:52:39.0100 0x0fa8 bthserv - ok
07:52:39.0139 0x0fa8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
07:52:39.0142 0x0fa8 BTHUSB - ok
07:52:39.0172 0x0fa8 [ 6E04458E98DAF28826482E41A7A62DF5, 995B371E7384CC05D3A0B462B31A3EA56D8715A93D15B45DB3A78C7F7CF13A40 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
07:52:39.0174 0x0fa8 btusbflt - ok
07:52:39.0179 0x0fa8 btwaudio - ok
07:52:39.0185 0x0fa8 btwavdt - ok
07:52:39.0190 0x0fa8 btwl2cap - ok
07:52:39.0197 0x0fa8 btwrchid - ok
07:52:39.0220 0x0fa8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:52:39.0224 0x0fa8 cdfs - ok
07:52:39.0259 0x0fa8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:52:39.0267 0x0fa8 cdrom - ok
07:52:39.0302 0x0fa8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
07:52:39.0307 0x0fa8 CertPropSvc - ok
07:52:39.0447 0x0fa8 [ 3D23B88A78A22DD32895FC8E2ACDA244, ABB54BC87F20483B783C5D4E654791ACBF16C19EE01D7470136E6B2F6EFEF52A ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
07:52:39.0563 0x0fa8 CGVPNCliSrvc - ok
07:52:39.0596 0x0fa8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
07:52:39.0600 0x0fa8 circlass - ok
07:52:39.0631 0x0fa8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
07:52:39.0642 0x0fa8 CLFS - ok
07:52:39.0701 0x0fa8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:52:39.0704 0x0fa8 clr_optimization_v2.0.50727_32 - ok
07:52:39.0739 0x0fa8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:52:39.0742 0x0fa8 clr_optimization_v2.0.50727_64 - ok
07:52:39.0811 0x0fa8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:52:39.0814 0x0fa8 clr_optimization_v4.0.30319_32 - ok
07:52:39.0831 0x0fa8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:52:39.0835 0x0fa8 clr_optimization_v4.0.30319_64 - ok
07:52:39.0860 0x0fa8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
07:52:39.0862 0x0fa8 CmBatt - ok
07:52:39.0891 0x0fa8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:52:39.0893 0x0fa8 cmdide - ok
07:52:39.0942 0x0fa8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
07:52:39.0956 0x0fa8 CNG - ok
07:52:39.0984 0x0fa8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
07:52:39.0985 0x0fa8 Compbatt - ok
07:52:40.0021 0x0fa8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:52:40.0023 0x0fa8 CompositeBus - ok
07:52:40.0027 0x0fa8 COMSysApp - ok
07:52:40.0049 0x0fa8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
07:52:40.0051 0x0fa8 crcdisk - ok
07:52:40.0092 0x0fa8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:52:40.0098 0x0fa8 CryptSvc - ok
07:52:40.0161 0x0fa8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:52:40.0179 0x0fa8 DcomLaunch - ok
07:52:40.0220 0x0fa8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
07:52:40.0230 0x0fa8 defragsvc - ok
07:52:40.0263 0x0fa8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:52:40.0268 0x0fa8 DfsC - ok
07:52:40.0310 0x0fa8 [ E428DFFA96FAD07D8CA3C9082563A225, F3D2E94A9FF2CF68CC99A8B42B8DEA5E57D46000D1845DC0908224493480C79F ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
07:52:40.0314 0x0fa8 dg_ssudbus - ok
07:52:40.0365 0x0fa8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
07:52:40.0374 0x0fa8 Dhcp - ok
07:52:40.0407 0x0fa8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
07:52:40.0409 0x0fa8 discache - ok
07:52:40.0429 0x0fa8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
07:52:40.0432 0x0fa8 Disk - ok
07:52:40.0477 0x0fa8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:52:40.0483 0x0fa8 Dnscache - ok
07:52:40.0522 0x0fa8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
07:52:40.0531 0x0fa8 dot3svc - ok
07:52:40.0592 0x0fa8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
07:52:40.0598 0x0fa8 DPS - ok
07:52:40.0649 0x0fa8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:52:40.0651 0x0fa8 drmkaud - ok
07:52:40.0713 0x0fa8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:52:40.0740 0x0fa8 DXGKrnl - ok
07:52:40.0784 0x0fa8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
07:52:40.0788 0x0fa8 EapHost - ok
07:52:40.0934 0x0fa8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
07:52:41.0044 0x0fa8 ebdrv - ok
07:52:41.0079 0x0fa8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
07:52:41.0082 0x0fa8 EFS - ok
07:52:41.0157 0x0fa8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:52:41.0177 0x0fa8 ehRecvr - ok
07:52:41.0206 0x0fa8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
07:52:41.0211 0x0fa8 ehSched - ok
07:52:41.0252 0x0fa8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
07:52:41.0268 0x0fa8 elxstor - ok
07:52:41.0300 0x0fa8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:52:41.0302 0x0fa8 ErrDev - ok
07:52:41.0361 0x0fa8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
07:52:41.0373 0x0fa8 EventSystem - ok
07:52:41.0412 0x0fa8 [ 334C907536E815E56CD13108A6D5FB9D, 0CEA0A330607B44A4CF0F0D5C92E91C7E2157404410F651CC4F8BA14A74523AE ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
07:52:41.0425 0x0fa8 ewusbmbb - ok
07:52:41.0457 0x0fa8 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
07:52:41.0462 0x0fa8 ew_hwusbdev - ok
07:52:41.0475 0x0fa8 [ 55E0EDA185869F7EA67EA97FD0655B39, D4A51E383102AA48F022EFCA08FAC389336A22C1DF60E17815117EFA60716964 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
07:52:41.0477 0x0fa8 ew_usbenumfilter - ok
07:52:41.0503 0x0fa8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
07:52:41.0510 0x0fa8 exfat - ok
07:52:41.0538 0x0fa8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:52:41.0545 0x0fa8 fastfat - ok
07:52:41.0601 0x0fa8 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
07:52:41.0621 0x0fa8 Fax - ok
07:52:41.0642 0x0fa8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
07:52:41.0644 0x0fa8 fdc - ok
07:52:41.0680 0x0fa8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
07:52:41.0682 0x0fa8 fdPHost - ok
07:52:41.0692 0x0fa8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
07:52:41.0695 0x0fa8 FDResPub - ok
07:52:41.0732 0x0fa8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:52:41.0735 0x0fa8 FileInfo - ok
07:52:41.0747 0x0fa8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:52:41.0750 0x0fa8 Filetrace - ok
07:52:41.0765 0x0fa8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
07:52:41.0767 0x0fa8 flpydisk - ok
07:52:41.0810 0x0fa8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:52:41.0819 0x0fa8 FltMgr - ok
07:52:41.0888 0x0fa8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
07:52:41.0921 0x0fa8 FontCache - ok
07:52:41.0971 0x0fa8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:52:41.0974 0x0fa8 FontCache3.0.0.0 - ok
07:52:42.0002 0x0fa8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:52:42.0005 0x0fa8 FsDepends - ok
07:52:42.0031 0x0fa8 [ C2E475625F2C6F7DCDE4E920523A0573, C316D2223008BD5EA022AFB79CC21B841939FA8D511729455E787E59A27A0DE6 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
07:52:42.0034 0x0fa8 fssfltr - ok
07:52:42.0153 0x0fa8 [ 4E2E6FEDFE4A3445DBD0C623A242362D, 3A580014BA8D5A8031FF26940D8DA6792F6041BF7B4B243E3F3C678F1AAB0310 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
07:52:42.0193 0x0fa8 fsssvc - ok
07:52:42.0231 0x0fa8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:52:42.0233 0x0fa8 Fs_Rec - ok
07:52:42.0267 0x0fa8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:52:42.0273 0x0fa8 fvevol - ok
07:52:42.0301 0x0fa8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
07:52:42.0304 0x0fa8 gagp30kx - ok
07:52:42.0361 0x0fa8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
07:52:42.0383 0x0fa8 gpsvc - ok
07:52:42.0426 0x0fa8 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:52:42.0430 0x0fa8 gupdate - ok
07:52:42.0450 0x0fa8 [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:52:42.0455 0x0fa8 gupdatem - ok
07:52:42.0481 0x0fa8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:52:42.0484 0x0fa8 hcw85cir - ok
07:52:42.0528 0x0fa8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:52:42.0542 0x0fa8 HdAudAddService - ok
07:52:42.0572 0x0fa8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:52:42.0577 0x0fa8 HDAudBus - ok
07:52:42.0616 0x0fa8 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:52:42.0619 0x0fa8 HECIx64 - ok
07:52:42.0645 0x0fa8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
07:52:42.0648 0x0fa8 HidBatt - ok
07:52:42.0671 0x0fa8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
07:52:42.0676 0x0fa8 HidBth - ok
07:52:42.0694 0x0fa8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
07:52:42.0697 0x0fa8 HidIr - ok
07:52:42.0743 0x0fa8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
07:52:42.0747 0x0fa8 hidserv - ok
07:52:42.0772 0x0fa8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:52:42.0775 0x0fa8 HidUsb - ok
07:52:42.0822 0x0fa8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:52:42.0828 0x0fa8 hkmsvc - ok
07:52:42.0864 0x0fa8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:52:42.0872 0x0fa8 HomeGroupListener - ok
07:52:42.0915 0x0fa8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:52:42.0922 0x0fa8 HomeGroupProvider - ok
07:52:42.0947 0x0fa8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:52:42.0951 0x0fa8 HpSAMD - ok
07:52:43.0017 0x0fa8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:52:43.0039 0x0fa8 HTTP - ok
07:52:43.0075 0x0fa8 [ 871DE49EFF65CEABF15415F93148DF5A, 8FD66237135BB2A405CA6F0BDFE9163161123F5AEE89A37A8C4ABFF1C9E20A91 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
07:52:43.0080 0x0fa8 huawei_enumerator - ok
07:52:43.0121 0x0fa8 [ 04D1DE1E8ACE40CA396502C90524E945, C579D0C9D08617E91EAC4EE0D74BBE2911E1D76BF10D7120CCEEB0C23A9EF8E6 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
07:52:43.0128 0x0fa8 hwdatacard - ok
07:52:43.0156 0x0fa8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:52:43.0157 0x0fa8 hwpolicy - ok
07:52:43.0201 0x0fa8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:52:43.0205 0x0fa8 i8042prt - ok
07:52:43.0259 0x0fa8 [ 073A606333B6F7BBF20AA856DF7F0997, 513927CA430511A5B95F6CBE5FBD20F8C2202B609F88C4526C174A4FF7F761FC ] iaStor C:\Windows\system32\drivers\iaStor.sys
07:52:43.0272 0x0fa8 iaStor - ok
07:52:43.0341 0x0fa8 [ CC800D2D9FD467542BAC7C186C4774AD, 2C2B975DAE6643D3CC5B93B6B58266C0B7E752651FB73B512ECA44FADB8AB839 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
07:52:43.0342 0x0fa8 IAStorDataMgrSvc - ok
07:52:43.0383 0x0fa8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:52:43.0395 0x0fa8 iaStorV - ok
07:52:43.0477 0x0fa8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:52:43.0501 0x0fa8 idsvc - ok
07:52:43.0517 0x0fa8 IEEtwCollectorService - ok
07:52:43.0828 0x0fa8 [ 31D1AFF484D8A0906CF8D44251EC390F, 607644B1AE4F379BCE0824F263BFF4B4C026D7314D7A59E7FA7A1224307F0C82 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:52:44.0113 0x0fa8 igfx - ok
07:52:44.0152 0x0fa8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
07:52:44.0155 0x0fa8 iirsp - ok
07:52:44.0239 0x0fa8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
07:52:44.0264 0x0fa8 IKEEXT - ok
07:52:44.0293 0x0fa8 [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\Windows\system32\drivers\Impcd.sys
07:52:44.0300 0x0fa8 Impcd - ok
07:52:44.0466 0x0fa8 [ 39246F2CFBF1D32C3A12E242661EC039, EADF06D9B142844C16C2B0E412D708DB02BA07E2CD96BBFB2F0984DD6BB63E28 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:52:44.0612 0x0fa8 IntcAzAudAddService - ok
07:52:44.0664 0x0fa8 [ 408B401CD7CDB075C7470B0FF7BA8D0B, A3BC4ED47094D6A78732012D9020E0C31583E6132E3C0FD1FD64C80AFCC4738F ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
07:52:44.0672 0x0fa8 IntcDAud - ok
07:52:44.0686 0x0fa8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
07:52:44.0688 0x0fa8 intelide - ok
07:52:44.0725 0x0fa8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:52:44.0728 0x0fa8 intelppm - ok
07:52:44.0765 0x0fa8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:52:44.0770 0x0fa8 IPBusEnum - ok
07:52:44.0804 0x0fa8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:52:44.0807 0x0fa8 IpFilterDriver - ok
07:52:44.0859 0x0fa8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:52:44.0876 0x0fa8 iphlpsvc - ok
07:52:44.0905 0x0fa8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:52:44.0908 0x0fa8 IPMIDRV - ok
07:52:44.0940 0x0fa8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:52:44.0945 0x0fa8 IPNAT - ok
07:52:44.0959 0x0fa8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:52:44.0961 0x0fa8 IRENUM - ok
07:52:45.0000 0x0fa8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:52:45.0002 0x0fa8 isapnp - ok
07:52:45.0043 0x0fa8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:52:45.0053 0x0fa8 iScsiPrt - ok
07:52:45.0112 0x0fa8 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
07:52:45.0115 0x0fa8 IviRegMgr - ok
07:52:45.0139 0x0fa8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:52:45.0141 0x0fa8 kbdclass - ok
07:52:45.0173 0x0fa8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:52:45.0175 0x0fa8 kbdhid - ok
07:52:45.0191 0x0fa8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
07:52:45.0194 0x0fa8 KeyIso - ok
07:52:45.0224 0x0fa8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:52:45.0228 0x0fa8 KSecDD - ok
07:52:45.0247 0x0fa8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:52:45.0253 0x0fa8 KSecPkg - ok
07:52:45.0282 0x0fa8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:52:45.0284 0x0fa8 ksthunk - ok
07:52:45.0329 0x0fa8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
07:52:45.0342 0x0fa8 KtmRm - ok
07:52:45.0390 0x0fa8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:52:45.0400 0x0fa8 LanmanServer - ok
07:52:45.0443 0x0fa8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:52:45.0450 0x0fa8 LanmanWorkstation - ok
07:52:45.0480 0x0fa8 [ 174803F2EEA3B22165DFE0E5A1F20685, 165EEF66706F38B78C338FD86AF4B25F83B6819024A25E9E646BC8B84682D59E ] LgBttPort C:\Windows\system32\DRIVERS\lgbtpt64.sys
07:52:45.0482 0x0fa8 LgBttPort - ok
07:52:45.0493 0x0fa8 [ 565F93BB7C0361E61B3DAEA670C354D6, E11C466C73BC46A1E56ACDB046BF7801949E8B9D9C617086172A134966BC3974 ] lgbusenum C:\Windows\system32\DRIVERS\lgbtbs64.sys
07:52:45.0495 0x0fa8 lgbusenum - ok
07:52:45.0531 0x0fa8 [ ABF477857B7CED873362EC92C6CE10A7, 08FC44EFACBF147EAF8AD5C4EC7977401A7EA3A184924A5803ECC7E74B405F04 ] LGVMODEM C:\Windows\system32\DRIVERS\lgvmdm64.sys
07:52:45.0534 0x0fa8 LGVMODEM - ok
07:52:45.0702 0x0fa8 [ D69FDDADA5CF0097966C4F52C2E6FEBA, 35FA7E4658AFCCE293F31E66B695D45D31A0ADF4C837DA1C801F7577B73754AC ] LiveUpdateSvc C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
07:52:45.0755 0x0fa8 LiveUpdateSvc - ok
07:52:45.0777 0x0fa8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:52:45.0780 0x0fa8 lltdio - ok
07:52:45.0820 0x0fa8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:52:45.0830 0x0fa8 lltdsvc - ok
07:52:45.0850 0x0fa8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:52:45.0853 0x0fa8 lmhosts - ok
07:52:45.0915 0x0fa8 [ 5460828F8951D310B42B442877603B8D, B6F78F69EFFBD550D650C189A1295483C1F99FC406A10186F90818A8E53F82B8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:52:45.0922 0x0fa8 LMS - ok
07:52:45.0948 0x0fa8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
07:52:45.0953 0x0fa8 LSI_FC - ok
07:52:45.0975 0x0fa8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
07:52:45.0979 0x0fa8 LSI_SAS - ok
07:52:45.0998 0x0fa8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
07:52:46.0001 0x0fa8 LSI_SAS2 - ok
07:52:46.0019 0x0fa8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
07:52:46.0024 0x0fa8 LSI_SCSI - ok
07:52:46.0055 0x0fa8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
07:52:46.0061 0x0fa8 luafv - ok
07:52:46.0095 0x0fa8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:52:46.0100 0x0fa8 Mcx2Svc - ok
07:52:46.0123 0x0fa8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
07:52:46.0126 0x0fa8 megasas - ok
07:52:46.0147 0x0fa8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
07:52:46.0156 0x0fa8 MegaSR - ok
07:52:46.0221 0x0fa8 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:52:46.0224 0x0fa8 Microsoft Office Groove Audit Service - ok
07:52:46.0253 0x0fa8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
07:52:46.0257 0x0fa8 MMCSS - ok
07:52:46.0486 0x0fa8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
07:52:46.0491 0x0fa8 Modem - ok
07:52:46.0511 0x0fa8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:52:46.0514 0x0fa8 monitor - ok
07:52:46.0598 0x0fa8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:52:46.0604 0x0fa8 mouclass - ok
07:52:46.0637 0x0fa8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:52:46.0641 0x0fa8 mouhid - ok
07:52:46.0689 0x0fa8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:52:46.0694 0x0fa8 mountmgr - ok
07:52:46.0743 0x0fa8 [ 43BCA4038E290F75B5B6FECBFF5288A2, 52076DC16CDBD5A86AF2157528E56B52442489C45429B5EE39D7B34863414682 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:52:46.0748 0x0fa8 MozillaMaintenance - ok
07:52:46.0788 0x0fa8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
07:52:46.0795 0x0fa8 mpio - ok
07:52:46.0831 0x0fa8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:52:46.0834 0x0fa8 mpsdrv - ok
07:52:46.0916 0x0fa8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:52:46.0961 0x0fa8 MpsSvc - ok
07:52:46.0998 0x0fa8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:52:47.0004 0x0fa8 MRxDAV - ok
07:52:47.0054 0x0fa8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:52:47.0066 0x0fa8 mrxsmb - ok
07:52:47.0133 0x0fa8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:52:47.0146 0x0fa8 mrxsmb10 - ok
07:52:47.0178 0x0fa8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:52:47.0183 0x0fa8 mrxsmb20 - ok
07:52:47.0224 0x0fa8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
07:52:47.0227 0x0fa8 msahci - ok
07:52:47.0269 0x0fa8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:52:47.0275 0x0fa8 msdsm - ok
07:52:47.0298 0x0fa8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
07:52:47.0305 0x0fa8 MSDTC - ok
07:52:47.0344 0x0fa8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:52:47.0346 0x0fa8 Msfs - ok
07:52:47.0357 0x0fa8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:52:47.0359 0x0fa8 mshidkmdf - ok
07:52:47.0397 0x0fa8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:52:47.0399 0x0fa8 msisadrv - ok
07:52:47.0433 0x0fa8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:52:47.0441 0x0fa8 MSiSCSI - ok
07:52:47.0447 0x0fa8 msiserver - ok
07:52:47.0476 0x0fa8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:52:47.0478 0x0fa8 MSKSSRV - ok
07:52:47.0510 0x0fa8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:52:47.0511 0x0fa8 MSPCLOCK - ok
07:52:47.0527 0x0fa8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:52:47.0529 0x0fa8 MSPQM - ok
07:52:47.0583 0x0fa8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:52:47.0597 0x0fa8 MsRPC - ok
07:52:47.0635 0x0fa8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:52:47.0638 0x0fa8 mssmbios - ok
07:52:47.0661 0x0fa8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:52:47.0663 0x0fa8 MSTEE - ok
07:52:47.0682 0x0fa8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
07:52:47.0684 0x0fa8 MTConfig - ok
07:52:47.0710 0x0fa8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
07:52:47.0713 0x0fa8 Mup - ok
07:52:47.0777 0x0fa8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
07:52:47.0794 0x0fa8 napagent - ok
07:52:47.0849 0x0fa8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:52:47.0860 0x0fa8 NativeWifiP - ok
07:52:47.0932 0x0fa8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
07:52:47.0969 0x0fa8 NDIS - ok
07:52:48.0001 0x0fa8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:52:48.0004 0x0fa8 NdisCap - ok
07:52:48.0030 0x0fa8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:52:48.0032 0x0fa8 NdisTapi - ok
07:52:48.0066 0x0fa8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:52:48.0069 0x0fa8 Ndisuio - ok
07:52:48.0121 0x0fa8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:52:48.0126 0x0fa8 NdisWan - ok
07:52:48.0175 0x0fa8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:52:48.0181 0x0fa8 NDProxy - ok
07:52:48.0226 0x0fa8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:52:48.0229 0x0fa8 NetBIOS - ok
07:52:48.0292 0x0fa8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:52:48.0302 0x0fa8 NetBT - ok
07:52:48.0358 0x0fa8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
07:52:48.0365 0x0fa8 Netlogon - ok
07:52:48.0443 0x0fa8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
07:52:48.0461 0x0fa8 Netman - ok
07:52:48.0506 0x0fa8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:52:48.0512 0x0fa8 NetMsmqActivator - ok
07:52:48.0528 0x0fa8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:52:48.0532 0x0fa8 NetPipeActivator - ok
07:52:48.0605 0x0fa8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
07:52:48.0624 0x0fa8 netprofm - ok
07:52:48.0651 0x0fa8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:52:48.0655 0x0fa8 NetTcpActivator - ok
07:52:48.0663 0x0fa8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:52:48.0668 0x0fa8 NetTcpPortSharing - ok
07:52:48.0721 0x0fa8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
07:52:48.0724 0x0fa8 nfrd960 - ok
07:52:48.0752 0x0fa8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:52:48.0765 0x0fa8 NlaSvc - ok
07:52:48.0793 0x0fa8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:52:48.0796 0x0fa8 Npfs - ok
07:52:48.0824 0x0fa8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
07:52:48.0828 0x0fa8 nsi - ok
07:52:48.0846 0x0fa8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:52:48.0848 0x0fa8 nsiproxy - ok
07:52:48.0963 0x0fa8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:52:49.0025 0x0fa8 Ntfs - ok
07:52:49.0046 0x0fa8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
07:52:49.0048 0x0fa8 Null - ok
07:52:49.0078 0x0fa8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:52:49.0084 0x0fa8 nvraid - ok
07:52:49.0124 0x0fa8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:52:49.0132 0x0fa8 nvstor - ok
07:52:49.0156 0x0fa8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:52:49.0162 0x0fa8 nv_agp - ok
07:52:49.0244 0x0fa8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:52:49.0260 0x0fa8 odserv - ok
07:52:49.0299 0x0fa8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:52:49.0302 0x0fa8 ohci1394 - ok
07:52:49.0335 0x0fa8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:52:49.0342 0x0fa8 ose - ok
07:52:49.0393 0x0fa8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:52:49.0404 0x0fa8 p2pimsvc - ok
07:52:49.0458 0x0fa8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
07:52:49.0475 0x0fa8 p2psvc - ok
07:52:49.0515 0x0fa8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
07:52:49.0523 0x0fa8 Parport - ok
07:52:49.0557 0x0fa8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:52:49.0564 0x0fa8 partmgr - ok
07:52:49.0604 0x0fa8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
07:52:49.0616 0x0fa8 PcaSvc - ok
07:52:49.0669 0x0fa8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
07:52:49.0682 0x0fa8 pci - ok
07:52:49.0726 0x0fa8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
07:52:49.0729 0x0fa8 pciide - ok
07:52:49.0772 0x0fa8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
07:52:49.0786 0x0fa8 pcmcia - ok
07:52:49.0805 0x0fa8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
07:52:49.0810 0x0fa8 pcw - ok
07:52:49.0862 0x0fa8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:52:49.0885 0x0fa8 PEAUTH - ok
07:52:49.0978 0x0fa8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:52:49.0985 0x0fa8 PerfHost - ok
07:52:50.0122 0x0fa8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
07:52:50.0191 0x0fa8 pla - ok
07:52:50.0273 0x0fa8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:52:50.0303 0x0fa8 PlugPlay - ok
07:52:50.0392 0x0fa8 [ 627FA58ADC043704F9D14CA44340956F, 92306D5EE64812775E2A2E65F6666A5805CC4DD8BEB3E2FC64CCA087EF471D1F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
07:52:50.0412 0x0fa8 PMBDeviceInfoProvider - ok
07:52:50.0454 0x0fa8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:52:50.0462 0x0fa8 PNRPAutoReg - ok
07:52:50.0496 0x0fa8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:52:50.0515 0x0fa8 PNRPsvc - ok
07:52:50.0587 0x0fa8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:52:50.0610 0x0fa8 PolicyAgent - ok
07:52:50.0658 0x0fa8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
07:52:50.0676 0x0fa8 Power - ok
07:52:50.0717 0x0fa8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:52:50.0725 0x0fa8 PptpMiniport - ok
07:52:50.0760 0x0fa8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
07:52:50.0765 0x0fa8 Processor - ok
07:52:50.0805 0x0fa8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
07:52:50.0819 0x0fa8 ProfSvc - ok
07:52:50.0836 0x0fa8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:52:50.0842 0x0fa8 ProtectedStorage - ok
07:52:50.0880 0x0fa8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:52:50.0886 0x0fa8 Psched - ok
07:52:50.0922 0x0fa8 [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
07:52:50.0929 0x0fa8 PSI_SVC_2 - ok
07:52:51.0030 0x0fa8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
07:52:51.0087 0x0fa8 ql2300 - ok
07:52:51.0119 0x0fa8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
07:52:51.0126 0x0fa8 ql40xx - ok
07:52:51.0157 0x0fa8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
07:52:51.0170 0x0fa8 QWAVE - ok
07:52:51.0182 0x0fa8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:52:51.0186 0x0fa8 QWAVEdrv - ok
07:52:51.0212 0x0fa8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:52:51.0214 0x0fa8 RasAcd - ok
07:52:51.0233 0x0fa8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:52:51.0237 0x0fa8 RasAgileVpn - ok
07:52:51.0264 0x0fa8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
07:52:51.0272 0x0fa8 RasAuto - ok
07:52:51.0318 0x0fa8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:52:51.0328 0x0fa8 Rasl2tp - ok
07:52:51.0398 0x0fa8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
07:52:51.0422 0x0fa8 RasMan - ok
07:52:51.0454 0x0fa8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:52:51.0459 0x0fa8 RasPppoe - ok
07:52:51.0475 0x0fa8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:52:51.0479 0x0fa8 RasSstp - ok
07:52:51.0534 0x0fa8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:52:51.0554 0x0fa8 rdbss - ok
07:52:51.0590 0x0fa8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
07:52:51.0594 0x0fa8 rdpbus - ok
07:52:51.0610 0x0fa8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:52:51.0612 0x0fa8 RDPCDD - ok
07:52:51.0634 0x0fa8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:52:51.0636 0x0fa8 RDPENCDD - ok
07:52:51.0653 0x0fa8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:52:51.0655 0x0fa8 RDPREFMP - ok
07:52:51.0696 0x0fa8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:52:51.0699 0x0fa8 RdpVideoMiniport - ok
07:52:51.0740 0x0fa8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:52:51.0752 0x0fa8 RDPWD - ok
07:52:51.0796 0x0fa8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:52:51.0806 0x0fa8 rdyboost - ok
07:52:51.0834 0x0fa8 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6, A0E808EA9A58FC99D694A9EBF1F7248B79CAA44D9E6E30A07CDEDBC72A8F3610 ] regi C:\Windows\system32\drivers\regi.sys
07:52:51.0837 0x0fa8 regi - ok
07:52:51.0876 0x0fa8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:52:51.0887 0x0fa8 RemoteAccess - ok
07:52:51.0930 0x0fa8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:52:51.0944 0x0fa8 RemoteRegistry - ok
07:52:51.0982 0x0fa8 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:52:51.0991 0x0fa8 RFCOMM - ok
07:52:52.0029 0x0fa8 [ 5CA4ABD888B602551B59BAA26941C167, F6FC0F828153E07EAFFAB6E11556DA23A5F6D9FC063E36947B1AC73E7E7E705E ] rimspci C:\Windows\system32\drivers\rimssne64.sys
07:52:52.0037 0x0fa8 rimspci - ok
07:52:52.0065 0x0fa8 [ BB6E138AEB351728959DA5E2731D8140, E6656869A03380EB96A31E4E5FF4D565916EB0A7ED334330D2DD039390441D15 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
07:52:52.0072 0x0fa8 risdsnpe - ok
07:52:52.0122 0x0fa8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:52:52.0131 0x0fa8 RpcEptMapper - ok
07:52:52.0161 0x0fa8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
07:52:52.0167 0x0fa8 RpcLocator - ok
07:52:52.0243 0x0fa8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
07:52:52.0268 0x0fa8 RpcSs - ok
07:52:52.0300 0x0fa8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:52:52.0304 0x0fa8 rspndr - ok
07:52:52.0346 0x0fa8 [ C435AC77704EB16E85C9D630F4D4B4F7, DA508641AC9DFEDEE7E025B13CE0629C316742C4E95765FEDEF1A24112F45435 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
07:52:52.0357 0x0fa8 RTHDMIAzAudService - ok
07:52:52.0474 0x0fa8 [ 6B318F9443740A907D1C8F3460C19009, 8F923FB6DBE280466C6E3658BC9EC3B33CB95BC33854E3F91C03DCD53D3A891B ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
07:52:52.0485 0x0fa8 SampleCollector - ok
07:52:52.0514 0x0fa8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
07:52:52.0520 0x0fa8 SamSs - ok
07:52:52.0576 0x0fa8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:52:52.0585 0x0fa8 sbp2port - ok
07:52:52.0668 0x0fa8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:52:52.0687 0x0fa8 SCardSvr - ok
07:52:52.0731 0x0fa8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:52:52.0734 0x0fa8 scfilter - ok
07:52:52.0821 0x0fa8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
07:52:52.0854 0x0fa8 Schedule - ok
07:52:52.0892 0x0fa8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
07:52:52.0895 0x0fa8 SCPolicySvc - ok
07:52:52.0942 0x0fa8 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
07:52:52.0951 0x0fa8 sdbus - ok
07:52:53.0001 0x0fa8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:52:53.0018 0x0fa8 SDRSVC - ok
07:52:53.0228 0x0fa8 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
07:52:53.0323 0x0fa8 SDScannerService - ok
07:52:53.0469 0x0fa8 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
07:52:53.0532 0x0fa8 SDUpdateService - ok
07:52:53.0579 0x0fa8 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
07:52:53.0594 0x0fa8 SDWSCService - ok
07:52:53.0625 0x0fa8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:52:53.0625 0x0fa8 secdrv - ok
07:52:53.0657 0x0fa8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
07:52:53.0672 0x0fa8 seclogon - ok
07:52:53.0703 0x0fa8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
07:52:53.0703 0x0fa8 SENS - ok
07:52:53.0735 0x0fa8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:52:53.0735 0x0fa8 SensrSvc - ok
07:52:53.0766 0x0fa8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
07:52:53.0766 0x0fa8 Serenum - ok
07:52:53.0797 0x0fa8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
07:52:53.0813 0x0fa8 Serial - ok
07:52:53.0844 0x0fa8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
07:52:53.0859 0x0fa8 sermouse - ok
07:52:53.0922 0x0fa8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
07:52:53.0937 0x0fa8 SessionEnv - ok
07:52:53.0953 0x0fa8 [ 70F9C476B62DE4F2823E918A6C181ADE, E1A641418A6CB4FA38BB29B86934838B28D8909B8066E5089D85BF72FD61F4C4 ] SFEP C:\Windows\system32\drivers\SFEP.sys
07:52:53.0953 0x0fa8 SFEP - ok
07:52:54.0000 0x0fa8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:52:54.0000 0x0fa8 sffdisk - ok
07:52:54.0031 0x0fa8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:52:54.0031 0x0fa8 sffp_mmc - ok
07:52:54.0078 0x0fa8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:52:54.0078 0x0fa8 sffp_sd - ok
07:52:54.0109 0x0fa8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
07:52:54.0109 0x0fa8 sfloppy - ok
07:52:54.0187 0x0fa8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:52:54.0218 0x0fa8 SharedAccess - ok
07:52:54.0265 0x0fa8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:52:54.0281 0x0fa8 ShellHWDetection - ok
07:52:54.0327 0x0fa8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
07:52:54.0327 0x0fa8 SiSRaid2 - ok
07:52:54.0359 0x0fa8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
07:52:54.0359 0x0fa8 SiSRaid4 - ok
07:52:54.0421 0x0fa8 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
07:52:54.0421 0x0fa8 SkypeUpdate - ok
07:52:54.0468 0x0fa8 [ E77CB3736A702D46A6FB15FB4A9894E3, A341AD51825D4DB8A68ADDABE0FD17693DE387B0DA11800D427B8EA31577626C ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
07:52:54.0483 0x0fa8 SmartDefragDriver - ok
07:52:54.0499 0x0fa8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:52:54.0515 0x0fa8 Smb - ok
07:52:54.0593 0x0fa8 [ 6BCB5360B6994B72588D4A37790CB6DA, 9B76157B1A6D292847D3651CD6B7F9546C16639CCE7A54962A3D6E71AC9D4A13 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
07:52:54.0593 0x0fa8 SmbDrvI - ok
07:52:54.0671 0x0fa8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:52:54.0671 0x0fa8 SNMPTRAP - ok
07:52:54.0764 0x0fa8 [ 98886C88A1CB13D61672AE2C638B7E1C, C0FCECA18FBE413C9B7D975CEE944D35215E89983BEEA935C7C8BC5D8E659E5F ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
07:52:54.0780 0x0fa8 SOHCImp - ok
07:52:54.0795 0x0fa8 [ 442A13F395546F4564C377296D43B564, 971E62942996DF4674109127F6A147B26D8D3FDE37CF110642DED321FACBDCB9 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
07:52:54.0795 0x0fa8 SOHDBSvr - ok
07:52:54.0842 0x0fa8 [ 556681BE668D71DC162391A45422B52C, 2968B0C4955E3211DE0E2BC5755896F81C76862F6FA1092C87490CB0BF63005E ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
07:52:54.0858 0x0fa8 SOHDms - ok
07:52:54.0889 0x0fa8 [ 72B46103E4111439109ACF5882627C24, 0D04C7FF33BB2CCDFDFCF9DE4123CCA383FD1FC703B41ED8813CD742AF4BA931 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
07:52:54.0905 0x0fa8 SOHDs - ok
07:52:54.0951 0x0fa8 [ 725B6E9CD1959271AC993DC035E1606D, AF3EDDD1CDBAD300B23F20FCB490F334DC76C855D68FF6C405240B36327F66E4 ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
07:52:54.0951 0x0fa8 SOHPlMgr - ok
07:52:54.0998 0x0fa8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
07:52:54.0998 0x0fa8 spldr - ok
07:52:55.0076 0x0fa8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
07:52:55.0107 0x0fa8 Spooler - ok
07:52:55.0295 0x0fa8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
07:52:55.0451 0x0fa8 sppsvc - ok
07:52:55.0497 0x0fa8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:52:55.0513 0x0fa8 sppuinotify - ok
07:52:55.0575 0x0fa8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:52:55.0591 0x0fa8 srv - ok
07:52:55.0638 0x0fa8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:52:55.0653 0x0fa8 srv2 - ok
07:52:55.0669 0x0fa8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:52:55.0685 0x0fa8 srvnet - ok
07:52:55.0747 0x0fa8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:52:55.0763 0x0fa8 SSDPSRV - ok
07:52:55.0794 0x0fa8 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
07:52:55.0809 0x0fa8 SSPORT - ok
07:52:55.0841 0x0fa8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:52:55.0856 0x0fa8 SstpSvc - ok
07:52:55.0903 0x0fa8 [ AAF6F247F1DC370C593B4430974EAD9C, 232D0D62EC83A5537ADB28B5DC01074BA812FE6C70C54F70CD7A5EF1BC19D3E1 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
07:52:55.0919 0x0fa8 ssudmdm - ok
07:52:55.0950 0x0fa8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
07:52:55.0950 0x0fa8 stexstor - ok
07:52:56.0028 0x0fa8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
07:52:56.0059 0x0fa8 stisvc - ok
07:52:56.0090 0x0fa8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
07:52:56.0090 0x0fa8 swenum - ok
07:52:56.0168 0x0fa8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
07:52:56.0199 0x0fa8 swprv - ok
07:52:56.0231 0x0fa8 [ 8F63178D1DB81BB79270AE55ECDD8321, 607779DE4382C9342D12894D2B5585917EF05EFC84EC7263AA18C1E96ED0011C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
07:52:56.0246 0x0fa8 SynTP - ok
07:52:56.0371 0x0fa8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
07:52:56.0433 0x0fa8 SysMain - ok
07:52:56.0480 0x0fa8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:52:56.0496 0x0fa8 TabletInputService - ok
07:52:56.0527 0x0fa8 [ 4EF44915E522F3ECD1A3FF540AA64126, 3B7ABB4B263F5DC7E12BEBD0512A13877236E0C020B7FE618EE84FAB3E3BF991 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
07:52:56.0527 0x0fa8 tap0901 - ok
07:52:56.0589 0x0fa8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
07:52:56.0605 0x0fa8 TapiSrv - ok
07:52:56.0652 0x0fa8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
07:52:56.0667 0x0fa8 TBS - ok
07:52:56.0839 0x0fa8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:52:56.0933 0x0fa8 Tcpip - ok
07:52:56.0995 0x0fa8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:52:57.0042 0x0fa8 TCPIP6 - ok
07:52:57.0073 0x0fa8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:52:57.0089 0x0fa8 tcpipreg - ok
07:52:57.0104 0x0fa8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:52:57.0104 0x0fa8 TDPIPE - ok
07:52:57.0151 0x0fa8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:52:57.0151 0x0fa8 TDTCP - ok
07:52:57.0198 0x0fa8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:52:57.0213 0x0fa8 tdx - ok
07:52:57.0260 0x0fa8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
07:52:57.0260 0x0fa8 TermDD - ok
07:52:57.0369 0x0fa8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
07:52:57.0385 0x0fa8 TermService - ok
07:52:57.0416 0x0fa8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
07:52:57.0416 0x0fa8 Themes - ok
07:52:57.0447 0x0fa8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
07:52:57.0447 0x0fa8 THREADORDER - ok
07:52:57.0510 0x0fa8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
07:52:57.0525 0x0fa8 TrkWks - ok
07:52:57.0588 0x0fa8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:52:57.0603 0x0fa8 TrustedInstaller - ok
07:52:57.0650 0x0fa8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:52:57.0666 0x0fa8 tssecsrv - ok
07:52:57.0697 0x0fa8 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:52:57.0713 0x0fa8 TsUsbFlt - ok
07:52:57.0759 0x0fa8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:52:57.0759 0x0fa8 tunnel - ok
07:52:57.0806 0x0fa8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
07:52:57.0806 0x0fa8 uagp35 - ok
07:52:57.0853 0x0fa8 [ 63F6D08C54D5B3C1B12A6172032055C7, 87D872731D2C85E1A0ED3128CB7AB91AF00D830B0E4307054ABFD1D3900C990D ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
07:52:57.0853 0x0fa8 uCamMonitor - ok
07:52:57.0900 0x0fa8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:52:57.0915 0x0fa8 udfs - ok
07:52:57.0962 0x0fa8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:52:57.0962 0x0fa8 UI0Detect - ok
07:52:57.0993 0x0fa8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:52:57.0993 0x0fa8 uliagpkx - ok
07:52:58.0025 0x0fa8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
07:52:58.0025 0x0fa8 umbus - ok
07:52:58.0056 0x0fa8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
07:52:58.0056 0x0fa8 UmPass - ok
07:52:58.0259 0x0fa8 [ 9E89C2D6945389270DE067CE51FF7425, C6FD14DF4FE967760F3127D6CF663CC0FB40C91D966AC17A571DD4E659498506 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:52:58.0321 0x0fa8 UNS - ok
07:52:58.0383 0x0fa8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
07:52:58.0415 0x0fa8 upnphost - ok
07:52:58.0446 0x0fa8 [ 5FCC71487888589A9244AF54CFEFAB29, 26ABD7B15B92231CB3090E888B15673964DC50BEDF65583A3FEA74DD315D5088 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
07:52:58.0461 0x0fa8 usbbus - ok
07:52:58.0493 0x0fa8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:52:58.0493 0x0fa8 usbccgp - ok
07:52:58.0524 0x0fa8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:52:58.0539 0x0fa8 usbcir - ok
07:52:58.0586 0x0fa8 [ 3FB6E423F7567C92C32EA786F5FD0C69, E9914DCCC0898497B4300D3D5ED424670551A4C8CB8F4DBF860BB86DBFCEF71A ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
07:52:58.0586 0x0fa8 UsbDiag - ok
07:52:58.0633 0x0fa8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:52:58.0633 0x0fa8 usbehci - ok
07:52:58.0680 0x0fa8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:52:58.0695 0x0fa8 usbhub - ok
07:52:58.0742 0x0fa8 [ 78D551F5B93488B4666F5FC8DD4815F3, 04036C917AB2F5ADD556C29BDD767859D48812EAC6081EC6EF510AF2167BE967 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
07:52:58.0742 0x0fa8 USBModem - ok
07:52:58.0773 0x0fa8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:52:58.0773 0x0fa8 usbohci - ok
07:52:58.0820 0x0fa8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:52:58.0820 0x0fa8 usbprint - ok
07:52:58.0851 0x0fa8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:52:58.0851 0x0fa8 usbscan - ok
07:52:58.0898 0x0fa8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:52:58.0898 0x0fa8 USBSTOR - ok
07:52:58.0929 0x0fa8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:52:58.0929 0x0fa8 usbuhci - ok
07:52:58.0976 0x0fa8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:52:58.0976 0x0fa8 usbvideo - ok
07:52:59.0007 0x0fa8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
07:52:59.0007 0x0fa8 UxSms - ok
07:52:59.0070 0x0fa8 [ 4E7135D6D0127067E4CFEE12259F895D, 2542257E3912591AC4902FF08E43C46CC91BA97D67EED9375CC5DB5DEE71797F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
07:52:59.0070 0x0fa8 VAIO Entertainment TV Device Arbitration Service - ok
07:52:59.0132 0x0fa8 [ D4197CF0C8567046FD4AF28FF47AF528, C51AE4696FA6991125BE0D285C3B1ABEB40F07503DFF1FF8B85BB36A9E6BDFF3 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
07:52:59.0148 0x0fa8 VAIO Event Service - ok
07:52:59.0335 0x0fa8 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14, 7763407EEE646FA4E74DC0C25853D2B94A91524EB6A1058ECB3A352A5BE7A730 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
07:52:59.0366 0x0fa8 VAIO Power Management - ok
07:52:59.0413 0x0fa8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
07:52:59.0413 0x0fa8 VaultSvc - ok
07:52:59.0507 0x0fa8 [ 6A740F5FF3246C3BE3DD317299EFC88E, 2A5792EA6AE6ADB84682413628E2518202EA0FF9002E2E85F33767DCEF68575C ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
07:52:59.0538 0x0fa8 VCFw - ok
07:52:59.0600 0x0fa8 [ FD03AC6CD1571AA8B2FF56D3C600E26E, B92C35E7034FD4C2FD9534CE72A697A564CD99CDCC32A3B477B91931E70C64E2 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
07:52:59.0616 0x0fa8 VcmIAlzMgr - ok
07:52:59.0678 0x0fa8 [ 9D9B34B430B4DC683112F59C80D20AB8, 5C54E84F9349BAAA6FCF95C08C5CD266F524EF3F4EB9D7D34595046DCDF38878 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
07:52:59.0709 0x0fa8 VcmINSMgr - ok
07:52:59.0787 0x0fa8 [ DFE10C68EF4684F7754FCCA39A4CC6BA, 292AA33D849FD9E5A4ABB10F3ACA80E5287384932B0108BE2FC90BD2ADE3AEC2 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
07:52:59.0803 0x0fa8 VcmXmlIfHelper - ok
07:52:59.0850 0x0fa8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:52:59.0850 0x0fa8 vdrvroot - ok
07:52:59.0912 0x0fa8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
07:52:59.0943 0x0fa8 vds - ok
07:52:59.0990 0x0fa8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:52:59.0990 0x0fa8 vga - ok
07:53:00.0021 0x0fa8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
07:53:00.0021 0x0fa8 VgaSave - ok
07:53:00.0068 0x0fa8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:53:00.0068 0x0fa8 vhdmp - ok
07:53:00.0115 0x0fa8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
07:53:00.0115 0x0fa8 viaide - ok
07:53:00.0146 0x0fa8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:53:00.0162 0x0fa8 volmgr - ok
07:53:00.0209 0x0fa8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:53:00.0224 0x0fa8 volmgrx - ok
07:53:00.0271 0x0fa8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:53:00.0287 0x0fa8 volsnap - ok
07:53:00.0349 0x0fa8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
07:53:00.0365 0x0fa8 vsmraid - ok
07:53:00.0427 0x0fa8 [ 33655F6B36AA8702960AB1568ED82A01, 5B8F1B26B8CA8A61EF5C083329F4A5626912CD0F56C006B772830261B7170BB0 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
07:53:00.0458 0x0fa8 VSNService - ok
07:53:00.0567 0x0fa8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
07:53:00.0614 0x0fa8 VSS - ok
07:53:00.0817 0x0fa8 [ C460F38BCA36929693892DEC77857114, 230362A5B8F7BCA5484C62D219E3EF3CF2C0732669BBBA48DE8DB3282C4F87C9 ] VUAgent C:\Program Files\Sony\VAIO Update\vuagent.exe
07:53:00.0864 0x0fa8 VUAgent - ok
07:53:00.0895 0x0fa8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:53:00.0895 0x0fa8 vwifibus - ok
07:53:00.0926 0x0fa8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:53:00.0942 0x0fa8 vwififlt - ok
07:53:00.0957 0x0fa8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
07:53:00.0957 0x0fa8 vwifimp - ok
07:53:01.0004 0x0fa8 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C, 01E849A34BFE41CCC8DE74795BE0B3963742772E898D1CB216F1D330274A23A1 ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
07:53:01.0020 0x0fa8 VzCdbSvc - ok
07:53:01.0082 0x0fa8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
07:53:01.0113 0x0fa8 W32Time - ok
07:53:01.0160 0x0fa8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
07:53:01.0160 0x0fa8 WacomPen - ok
07:53:01.0207 0x0fa8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:53:01.0223 0x0fa8 WANARP - ok
07:53:01.0238 0x0fa8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:53:01.0238 0x0fa8 Wanarpv6 - ok
07:53:01.0363 0x0fa8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:53:01.0410 0x0fa8 WatAdminSvc - ok
07:53:01.0535 0x0fa8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
07:53:01.0581 0x0fa8 wbengine - ok
07:53:01.0628 0x0fa8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:53:01.0644 0x0fa8 WbioSrvc - ok
07:53:01.0706 0x0fa8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:53:01.0722 0x0fa8 wcncsvc - ok
07:53:01.0737 0x0fa8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:53:01.0753 0x0fa8 WcsPlugInService - ok
07:53:01.0784 0x0fa8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
07:53:01.0784 0x0fa8 Wd - ok
07:53:01.0878 0x0fa8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:53:01.0909 0x0fa8 Wdf01000 - ok
07:53:01.0925 0x0fa8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:53:01.0925 0x0fa8 WdiServiceHost - ok
07:53:01.0940 0x0fa8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:53:01.0956 0x0fa8 WdiSystemHost - ok
07:53:02.0003 0x0fa8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
07:53:02.0034 0x0fa8 WebClient - ok
07:53:02.0081 0x0fa8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:53:02.0112 0x0fa8 Wecsvc - ok
07:53:02.0127 0x0fa8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:53:02.0127 0x0fa8 wercplsupport - ok
07:53:02.0159 0x0fa8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
07:53:02.0174 0x0fa8 WerSvc - ok
07:53:02.0205 0x0fa8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:53:02.0205 0x0fa8 WfpLwf - ok
07:53:02.0237 0x0fa8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:53:02.0237 0x0fa8 WIMMount - ok
07:53:02.0268 0x0fa8 WinDefend - ok
07:53:02.0283 0x0fa8 WinHttpAutoProxySvc - ok
07:53:02.0361 0x0fa8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:53:02.0377 0x0fa8 Winmgmt - ok
07:53:02.0533 0x0fa8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
07:53:02.0673 0x0fa8 WinRM - ok
07:53:02.0720 0x0fa8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:53:02.0720 0x0fa8 WinUsb - ok
07:53:02.0767 0x0fa8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
07:53:02.0798 0x0fa8 Wlansvc - ok
07:53:02.0985 0x0fa8 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:53:03.0048 0x0fa8 wlidsvc - ok
07:53:03.0095 0x0fa8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:53:03.0095 0x0fa8 WmiAcpi - ok
07:53:03.0126 0x0fa8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:53:03.0141 0x0fa8 wmiApSrv - ok
07:53:03.0141 0x0fa8 WMPNetworkSvc - ok
07:53:03.0173 0x0fa8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:53:03.0188 0x0fa8 WPCSvc - ok
07:53:03.0219 0x0fa8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:53:03.0235 0x0fa8 WPDBusEnum - ok
07:53:03.0266 0x0fa8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:53:03.0282 0x0fa8 ws2ifsl - ok
07:53:03.0313 0x0fa8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
07:53:03.0329 0x0fa8 wscsvc - ok
07:53:03.0344 0x0fa8 WSearch - ok
07:53:03.0500 0x0fa8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
07:53:03.0578 0x0fa8 wuauserv - ok
07:53:03.0609 0x0fa8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:53:03.0609 0x0fa8 WudfPf - ok
07:53:03.0625 0x0fa8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:53:03.0641 0x0fa8 WUDFRd - ok
07:53:03.0672 0x0fa8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:53:03.0687 0x0fa8 wudfsvc - ok
07:53:03.0719 0x0fa8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
07:53:03.0734 0x0fa8 WwanSvc - ok
07:53:03.0781 0x0fa8 [ 64F88AF327AA74E03658AE32B48CCB8B, 52C8941D96F2EF89BBC4A4268DC59E5BC89AE2DAB199C13BBFF11C2606BE7FFA ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
07:53:03.0781 0x0fa8 yukonw7 - ok
07:53:03.0828 0x0fa8 ================ Scan global ===============================
07:53:03.0875 0x0fa8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:53:03.0921 0x0fa8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:53:03.0937 0x0fa8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:53:03.0968 0x0fa8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:53:04.0031 0x0fa8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:53:04.0046 0x0fa8 [ Global ] - ok
07:53:04.0046 0x0fa8 ================ Scan MBR ==================================
07:53:04.0062 0x0fa8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:53:04.0421 0x0fa8 \Device\Harddisk0\DR0 - ok
07:53:04.0701 0x0fa8 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk3\DR3
07:53:05.0107 0x0fa8 \Device\Harddisk3\DR3 - ok
07:53:05.0107 0x0fa8 ================ Scan VBR ==================================
07:53:05.0169 0x0fa8 [ 8AE46857A3A5EE500035954E84F56262 ] \Device\Harddisk0\DR0\Partition1
07:53:05.0169 0x0fa8 \Device\Harddisk0\DR0\Partition1 - ok
07:53:05.0185 0x0fa8 [ 78A6DF0537AECE20622803433B375514 ] \Device\Harddisk0\DR0\Partition2
07:53:05.0185 0x0fa8 \Device\Harddisk0\DR0\Partition2 - ok
07:53:05.0201 0x0fa8 [ 15CEE6ABC525CE29C3CAAB4358495EBE ] \Device\Harddisk0\DR0\Partition3
07:53:05.0201 0x0fa8 \Device\Harddisk0\DR0\Partition3 - ok
07:53:05.0232 0x0fa8 [ AE04D84165D90D323F99441DE8DCE34A ] \Device\Harddisk0\DR0\Partition4
07:53:05.0232 0x0fa8 \Device\Harddisk0\DR0\Partition4 - ok
07:53:05.0232 0x0fa8 [ 6454F3AF44FB0CFEBE225CDFB3121082 ] \Device\Harddisk3\DR3\Partition1
07:53:05.0310 0x0fa8 \Device\Harddisk3\DR3\Partition1 - ok
07:53:05.0310 0x0fa8 ================ Scan generic autorun ======================
07:53:05.0310 0x0fa8 Apoint - ok
07:53:05.0310 0x0fa8 SynTPEnh - ok
07:53:05.0372 0x0fa8 [ 4B5F92605D77D07041D8C05955A4B0B3, BA8E2AB779CC4FCA64DB54452E4D8543AA91305BA448E41D04132E5B760FD0E4 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
07:53:05.0388 0x0fa8 CDAServer - ok
07:53:05.0513 0x0fa8 [ AAA55BD633DBDB39746CC2394A04187F, 2F22135FCE51B31047A231DB9B22F9FB1F29CED67E32660B56F7FA68BBCD5235 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
07:53:05.0559 0x0fa8 RtHDVBg_Dolby - ok
07:53:05.0622 0x0fa8 [ 4E55E8FC9707CEAEC5610A2D0B8940B2, 346ABCF0585C03AEA96380251DDFA048D39CC01FC6C3506E8D10DA344D8C3D3D ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
07:53:05.0637 0x0fa8 StartCCC - ok
07:53:05.0700 0x0fa8 [ EF4BF6AB09A06867104DAC48DF35E779, 8B459DB06DF1CAC2B35B041D3DD5C0C15B6A942CC38CE31FD2D0883EC2C0AA22 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
07:53:05.0715 0x0fa8 IAStorIcon - ok
07:53:05.0918 0x0fa8 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
07:53:06.0105 0x0fa8 SDTray - ok
07:53:06.0324 0x0fa8 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
07:53:06.0511 0x0fa8 AvastUI.exe - ok
07:53:06.0620 0x0fa8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:53:06.0651 0x0fa8 Sidebar - ok
07:53:06.0698 0x0fa8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:53:06.0714 0x0fa8 mctadmin - ok
07:53:06.0792 0x0fa8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
07:53:06.0823 0x0fa8 Sidebar - ok
07:53:06.0854 0x0fa8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
07:53:06.0854 0x0fa8 mctadmin - ok
07:53:06.0854 0x0fa8 Waiting for KSN requests completion. In queue: 112
07:53:07.0868 0x0fa8 Waiting for KSN requests completion. In queue: 112
07:53:08.0882 0x0fa8 Waiting for KSN requests completion. In queue: 112
07:53:09.0959 0x0fa8 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
07:53:09.0990 0x0fa8 Win FW state via NFP2: enabled
07:53:12.0876 0x0fa8 ============================================================
07:53:12.0876 0x0fa8 Scan finished
07:53:12.0876 0x0fa8 ============================================================
07:53:12.0876 0x10e4 Detected object count: 0
07:53:12.0876 0x10e4 Actual detected object count: 0
07:55:37.0629 0x0e90 Deinitialize success


Danke für die Mühen -

Bis denne Gael

P.S.: Ein Merkwürdigkei noch: Verknüpfungen von Laufwerken auf dem Desktop lassen sich
nicht entfernen

Alt 12.09.2014, 20:13   #8
schrauber
/// the machine
/// TB-Ausbilder
 

TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.09.2014, 12:15   #9
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Icon26

TROJAN DNS Reply Sinkhole - Anubis -



Moin,
hier kommt das nächste Logfile:

Code:
ATTFilter
ComboFix 14-09-12.01 - Sandra 14.09.2014  12:46:53.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3950.2187 [GMT 2:00]
ausgeführt von:: c:\users\Sandra\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sandra\AppData\Roaming\Origin
c:\users\Sandra\AppData\Roaming\Origin\local.xml
c:\users\Sandra\AppData\Roaming\Origin\local_2a410aa9b5a451cb9327d81814b23702.xml
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-14 bis 2014-09-14  ))))))))))))))))))))))))))))))
.
.
2014-09-14 10:40 . 2014-08-21 03:43	11319192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{61A6A5CC-1EE3-4F26-97EF-A1D5E65E2919}\mpengine.dll
2014-09-12 05:40 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-09-12 05:39 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-09-12 05:39 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-12 05:39 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-12 05:39 . 2014-07-07 01:40	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-09-12 05:39 . 2014-07-07 01:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-09-12 05:39 . 2014-07-07 01:39	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-09-11 08:13 . 2014-09-11 08:13	--------	d-----w-	c:\users\Sandra\AppData\Local\CrashDumps
2014-09-11 08:00 . 2014-09-11 08:04	--------	d-----w-	C:\Downloads
2014-09-10 07:01 . 2014-08-18 22:15	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-09-10 06:50 . 2014-08-01 11:53	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-10 06:50 . 2014-08-01 11:35	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 06:49 . 2014-06-24 03:29	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-10 06:49 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2014-09-10 06:44 . 2014-09-10 06:44	--------	d-----w-	C:\OETemp
2014-09-10 06:39 . 2014-06-27 02:08	2777088	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-10 06:39 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-09 08:28 . 2014-09-09 08:30	--------	d-----w-	C:\FRST
2014-09-09 07:09 . 2014-09-09 07:09	177680	----a-w-	c:\windows\system32\mfevtps.exe.87f8.deleteme
2014-09-09 07:08 . 2014-09-09 07:32	--------	d-----w-	c:\users\Sandra\AppData\Local\NPE
2014-09-09 07:08 . 2014-09-09 07:08	--------	d-----w-	c:\programdata\Norton
2014-09-09 07:07 . 2014-09-09 07:07	--------	d-----w-	C:\Quarantine
2014-09-09 07:07 . 2014-09-09 08:14	--------	d-----w-	c:\program files\stinger
2014-09-09 05:34 . 2014-09-09 05:48	--------	d-----w-	C:\C't Helper
2014-09-09 05:30 . 2014-09-09 05:32	--------	d-----w-	C:\totalcmd
2014-09-09 05:22 . 2014-09-10 06:41	--------	d-----w-	c:\programdata\Package Cache
2014-09-08 07:41 . 2014-09-08 07:41	--------	d-----w-	c:\users\Sandra\AppData\Roaming\AVAST Software
2014-09-08 07:40 . 2014-09-08 07:40	92008	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-09-08 07:40 . 2014-09-08 07:40	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-09-08 07:40 . 2014-09-08 07:41	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-09-08 07:40 . 2014-09-08 07:40	1041168	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-09-08 07:40 . 2014-09-08 07:40	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-09-08 07:40 . 2014-09-08 07:40	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-09-08 07:40 . 2014-09-08 07:40	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-09-08 07:40 . 2014-09-08 07:40	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-09-08 07:40 . 2014-09-08 07:40	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-09-08 07:40 . 2014-09-08 07:40	43152	----a-w-	c:\windows\avastSS.scr
2014-09-08 07:39 . 2014-09-08 07:39	--------	d-----w-	c:\program files\AVAST Software
2014-09-08 07:38 . 2014-09-08 07:39	--------	d-----w-	c:\programdata\AVAST Software
2014-09-08 06:42 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDYAK.DLL
2014-09-08 06:42 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDTAT.DLL
2014-09-08 06:42 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDRU1.DLL
2014-09-08 06:42 . 2014-07-09 02:03	6656	----a-w-	c:\windows\system32\KBDRU.DLL
2014-09-08 06:42 . 2014-07-09 02:03	7168	----a-w-	c:\windows\system32\KBDBASH.DLL
2014-09-08 06:42 . 2014-07-09 01:31	7168	----a-w-	c:\windows\SysWow64\KBDYAK.DLL
2014-09-08 06:42 . 2014-07-09 01:31	6656	----a-w-	c:\windows\SysWow64\KBDBASH.DLL
2014-09-08 06:10 . 2013-09-20 08:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2014-09-08 05:55 . 2014-09-08 06:04	--------	d-----w-	c:\users\Sandra\AppData\Roaming\Wise Registry Cleaner
2014-09-08 05:55 . 2014-09-08 05:55	--------	d-----w-	c:\program files (x86)\Wise
2014-09-08 05:50 . 2014-09-08 05:50	--------	d-----w-	c:\programdata\Razer
2014-09-08 05:33 . 2014-09-08 05:35	--------	d-----w-	C:\AdwCleaner
2014-09-08 05:26 . 2014-09-08 05:27	3231696	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-08-29 18:45 . 2014-09-10 12:59	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-29 18:38 . 2014-08-29 18:38	--------	d-----w-	c:\program files\CCleaner
2014-08-29 09:57 . 2014-08-29 09:57	--------	d-----w-	c:\users\Sandra\AppData\Roaming\Abelssoft
2014-08-29 09:57 . 2014-08-29 09:57	--------	d-----w-	c:\programdata\XDMessagingv4
2014-08-29 09:57 . 2014-08-29 09:57	--------	d-----w-	c:\users\Sandra\AppData\Local\Abelssoft
2014-08-28 14:49 . 2014-09-08 07:42	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-28 14:49 . 2014-08-28 14:49	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-28 14:49 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-08-28 14:49 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-28 14:49 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-28 13:17 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-28 13:17 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-28 13:17 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-21 18:11 . 2014-08-21 18:11	--------	d-----w-	c:\users\Sandra\AppData\Local\Adobe
2014-08-17 20:30 . 2014-08-17 20:30	99480	----a-w-	c:\windows\SysWow64\infocardapi.dll
2014-08-17 20:30 . 2014-08-17 20:30	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-08-17 20:30 . 2014-08-17 20:30	619672	----a-w-	c:\windows\SysWow64\icardagt.exe
2014-08-17 20:30 . 2014-08-17 20:30	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-17 20:30 . 2014-08-17 20:30	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-17 20:30 . 2014-08-17 20:30	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-17 20:30 . 2014-08-17 20:30	171160	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-17 20:30 . 2014-08-17 20:30	1389208	----a-w-	c:\windows\system32\icardagt.exe
2014-08-17 07:17 . 2014-07-16 03:23	2048	----a-w-	c:\windows\system32\tzres.dll
2014-08-17 07:17 . 2014-07-16 02:46	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-08-17 07:17 . 2014-06-03 10:02	3241984	----a-w-	c:\windows\system32\msi.dll
2014-08-17 07:17 . 2014-06-03 10:02	1941504	----a-w-	c:\windows\system32\authui.dll
2014-08-17 07:17 . 2014-06-03 09:29	2363392	----a-w-	c:\windows\SysWow64\msi.dll
2014-08-17 07:17 . 2014-06-03 09:29	1805824	----a-w-	c:\windows\SysWow64\authui.dll
2014-08-17 07:17 . 2014-06-03 10:02	112064	----a-w-	c:\windows\system32\consent.exe
2014-08-17 07:17 . 2014-06-03 10:02	504320	----a-w-	c:\windows\system32\msihnd.dll
2014-08-17 07:17 . 2014-06-03 09:29	337408	----a-w-	c:\windows\SysWow64\msihnd.dll
2014-08-17 07:16 . 2014-06-25 02:05	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-08-17 07:16 . 2014-06-16 02:10	985536	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2014-08-17 07:15 . 2014-07-14 02:02	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-17 07:15 . 2014-07-14 01:40	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 06:41 . 2010-07-31 17:12	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-08-28 13:07 . 2012-07-17 12:37	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 04:53 . 2010-07-27 14:12	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-08-21 10:58 . 2012-04-07 18:36	699568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-21 10:58 . 2011-05-17 07:49	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-15 14:20 . 2013-05-06 11:17	42040	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-07 19:41 . 2013-04-03 07:59	117712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-06-22 16:32 . 2014-06-22 16:32	2162992	----a-w-	c:\windows\system32\YamahaAE.dll
2014-06-22 16:32 . 2014-06-22 16:32	2117424	----a-w-	c:\windows\system32\SStudio.dll
2014-06-22 16:32 . 2014-06-22 16:32	2101848	----a-w-	c:\windows\system32\WavesGUILib64.dll
2014-06-22 16:32 . 2014-06-22 16:32	889592	----a-w-	c:\windows\system32\sl3apo64.dll
2014-06-22 16:32 . 2014-06-22 16:32	724728	----a-w-	c:\windows\system32\sltech64.dll
2014-06-22 16:32 . 2014-06-22 16:32	3962840	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2014-06-22 16:32 . 2014-06-22 16:32	2834648	----a-w-	c:\windows\system32\RtPgEx64.dll
2014-06-22 16:32 . 2014-06-22 16:32	246008	----a-w-	c:\windows\system32\slprp64.dll
2014-06-22 16:32 . 2014-06-22 16:32	1959128	----a-w-	c:\windows\system32\RTSnMg64.cpl
2014-06-22 16:32 . 2014-06-22 16:32	1048824	----a-w-	c:\windows\system32\slcnt64.dll
2014-06-22 16:32 . 2014-06-22 16:32	628952	----a-w-	c:\windows\system32\RtDataProc64.dll
2014-06-22 16:32 . 2014-06-22 16:32	1022168	----a-w-	c:\windows\system32\RtkApi64.dll
2014-06-22 16:32 . 2014-06-22 16:32	948952	----a-w-	c:\windows\system32\RCoInstII64.dll
2014-06-22 16:32 . 2014-06-22 16:32	60636160	----a-w-	c:\windows\system32\RCoRes64.dat
2014-06-22 16:32 . 2014-06-22 16:32	2800344	----a-w-	c:\windows\system32\RltkAPO64.dll
2014-06-22 16:32 . 2014-06-22 16:32	942384	----a-w-	c:\windows\system32\NAHIMICAPOSettingsIPC.dll
2014-06-22 16:32 . 2014-06-22 16:32	5751048	----a-w-	c:\windows\system32\NAHIMICAPOlfx.dll
2014-06-22 16:32 . 2014-06-22 16:32	12894808	----a-w-	c:\windows\system32\MaxxVoiceAPO3064.dll
2014-06-22 16:32 . 2014-06-22 16:32	956504	----a-w-	c:\windows\system32\MaxxVoiceAPO2064.dll
2014-06-22 16:32 . 2014-06-22 16:32	3959384	----a-w-	c:\windows\system32\MaxxAudioVnN64.dll
2014-06-22 16:32 . 2014-06-22 16:32	28343384	----a-w-	c:\windows\system32\MaxxAudioVnA64.dll
2014-06-22 16:32 . 2014-06-22 16:32	1934424	----a-w-	c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-22 16:32 . 2014-06-22 16:32	14863448	----a-w-	c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-22 16:32 . 2014-06-22 16:32	900696	----a-w-	c:\windows\SysWow64\MaxxAudioAPOShell.dll
2014-06-22 16:32 . 2014-06-22 16:32	291488	----a-w-	c:\windows\system32\ICEsoundAPO64.dll
2014-06-22 16:32 . 2014-06-22 16:32	2041432	----a-w-	c:\windows\system32\MaxxAudioEQ64.dll
2014-06-22 16:32 . 2014-06-22 16:32	1317976	----a-w-	c:\windows\system32\MaxxAudioAPO6064.dll
2014-06-22 16:32 . 2014-06-22 16:32	1168472	----a-w-	c:\windows\system32\MaxxAudioAPO5064.dll
2014-06-22 16:32 . 2014-06-22 16:32	1136728	----a-w-	c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-22 16:32 . 2014-06-22 16:32	1063512	----a-w-	c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-22 16:32 . 2014-06-22 16:32	6218072	----a-w-	c:\windows\system32\DDPP64A.dll
2014-06-22 16:32 . 2014-06-22 16:32	33592	----a-w-	c:\windows\system32\audioLibVc.dll
2014-06-22 16:32 . 2014-06-22 16:32	315736	----a-w-	c:\windows\system32\DDPO64A.dll
2014-06-22 16:32 . 2014-06-22 16:32	261464	----a-w-	c:\windows\system32\DDPA64.dll
2014-06-22 16:32 . 2014-06-22 16:32	1939800	----a-w-	c:\windows\system32\DDPD64A.dll
2014-06-22 16:31 . 2014-06-22 16:31	97624	----a-w-	c:\windows\system32\RTEEL64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	78680	----a-w-	c:\windows\system32\RTEEG64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	3746408	----a-w-	c:\windows\system32\SETC008.tmp
2014-06-22 16:31 . 2014-06-22 16:31	372056	----a-w-	c:\windows\system32\RTEEP64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	237968	----a-w-	c:\windows\system32\drivers\RtHDMIVX.sys
2014-06-22 16:31 . 2014-06-22 16:31	204120	----a-w-	c:\windows\system32\RTEED64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	2526824	----a-w-	c:\windows\system32\RHDMEx64.dll
2014-06-22 16:31 . 2014-06-22 16:31	92264	----a-w-	c:\windows\system32\SETC746.tmp
2014-06-22 16:31 . 2014-06-22 16:31	74592	----a-w-	c:\windows\system32\R4EEG64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	7163744	----a-w-	c:\windows\system32\R4EEP64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	433504	----a-w-	c:\windows\system32\R4EED64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	310104	----a-w-	c:\windows\system32\RH3DHT64.dll
2014-06-22 16:31 . 2014-06-22 16:31	310104	----a-w-	c:\windows\system32\RH3DAA64.dll
2014-06-22 16:31 . 2014-06-22 16:31	141152	----a-w-	c:\windows\system32\R4EEL64H.dll
2014-06-22 16:31 . 2014-06-22 16:31	123744	----a-w-	c:\windows\system32\R4EEA64H.dll
2014-06-18 02:18 . 2014-07-11 21:49	692736	----a-w-	c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-11 21:49	646144	----a-w-	c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-08 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 20:03	98304	------w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0SmartDefragBootTime.exe\0\0sdnclean64.exe
.
R2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe;c:\program files\Sony\VAIO Care\collsvc.exe [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\vuagent.exe;c:\program files\Sony\VAIO Update\vuagent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:44]
.
2014-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10 13:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-08 07:40	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	164016	----a-w-	c:\users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-04-09 1381744]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE: Free YouTube Download - c:\users\Sandra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\64259445A51224F6870235C40275C414E4: NameServer = 192.168.178.1
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\64259445A51224F6870264F6E60275C414E40273234303: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uni-due.de/
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-IMFservice
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{10921475-03CE-4E04-90CE-E2E7EF20C814} - c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,e7,35,23,0e,19,80,41,b5,b8,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,e7,35,23,0e,19,80,41,b5,b8,c4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,d2,5d,8c,64,7a,b4,4e,9f,cc,d9,\
.
[HKEY_USERS\S-1-5-21-932800437-1018891856-1275781363-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,82,09,01,44,c8,8c,25,dd,32,ef,78,5f,3c,61,d6,06,8f,5f,27,e4,7e,f8,
   7e,8f,77,4c,5b,2c,8e,52,45,2b,68,38,17,fa,27,c3,bd,75,fe,53,bb,7b,1a,51,0c,\
"??"=hex:83,1f,24,f7,8a,99,45,2a,6b,c9,7e,60,69,32,5a,c6
.
[HKEY_USERS\S-1-5-21-932800437-1018891856-1275781363-1000\Software\SecuROM\License information*]
"datasecu"=hex:80,c5,a8,4f,77,40,dd,69,ff,eb,e4,93,e4,9b,13,de,b5,a6,42,96,67,
   6f,dc,25,dc,25,dc,35,72,4e,1c,d4,00,e9,5f,92,ec,1d,98,ba,2c,83,38,5d,3a,e8,\
"rkeysecu"=hex:da,fe,1f,83,ac,21,28,50,cd,68,93,91,c7,87,51,41
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-14  13:07:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-14 11:07
.
Vor Suchlauf: 20 Verzeichnis(se), 121.241.407.488 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 120.812.638.208 Bytes frei
.
- - End Of File - - 4E255452077904551325B1C55E1CE16B
         
Bis denne & vielen Dank &schönes WE
Gael

Alt 14.09.2014, 15:19   #10
schrauber
/// the machine
/// TB-Ausbilder
 

TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.09.2014, 10:35   #11
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Moin,

hier sind die Logfiles:

[CODE]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sandra on 15.09.2014 at 10:43:36,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{142310F0-2E28-4F32-950B-E6DEA5DE71EB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FE8F747D-8BDE-4D37-8602-B94664EB3033}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\wrv3a96c.default\extensions\staged
Successfully deleted the following from C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\wrv3a96c.default\prefs.js

user_pref("browser.bdtoolbar.search_searchbar", false);
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Emptied folder: C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\wrv3a96c.default\minidumps [252 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.09.2014 at 10:52:57,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.310 - Bericht erstellt am 15/09/2014 um 11:04:06
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sandra - VAI
# Gestartet von : C:\Downloads\adwcleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
Ordner Gelöscht : C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0 (x86 de)

[ Datei : C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [5712 octets] - [08/09/2014 07:33:57]
AdwCleaner[R1].txt - [1299 octets] - [15/09/2014 10:40:45]
AdwCleaner[R2].txt - [1359 octets] - [15/09/2014 10:57:45]
AdwCleaner[S0].txt - [5353 octets] - [08/09/2014 07:35:33]
AdwCleaner[S1].txt - [1280 octets] - [15/09/2014 11:04:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1340 octets] ##########
         
--- --- ---
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2014/09/15 10:16:55 +0200</date>

<logfile>mbam-log-2014-09-15 (10-16-52).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.2.1012</version>

<malware-database>v2014.09.15.04</malware-database>

<rootkit-database>v2014.09.13.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>Sandra</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>365013</objects>

<time>1156</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>0</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items> </items>

</mbam-log>
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Sandra (administrator) on VAI on 15-09-2014 11:20:44
Running from I:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-04-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-08] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {99EB16A3-5DA9-4506-B71B-4909363EB52D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {D33305C1-4CCF-4C96-AC9F-0A1A9D37406C} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {E84365FC-7CC1-47DC-886C-C0034D1D5BF1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.uni-due.de/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\abs@avira.com [2014-09-08]
FF Extension: AD Block - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\searchads@instair.net [2014-06-22]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-12]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: NoScript - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-24]
FF Extension: AVG PrivacyFix - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2012-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-08]

Chrome: 
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-27]
CHR Extension: (AD Block) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb [2014-01-16]
CHR Extension: (AD Block) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic [2013-11-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-08] (AVAST Software)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2428968 2011-07-05] (mobile concepts GmbH)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [821760 2009-11-25] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-05-15] (Synaptics Incorporated)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 10:52 - 2014-09-15 10:52 - 00001864 _____ () C:\Users\Sandra\Desktop\JRT.txt
2014-09-15 10:43 - 2014-09-15 10:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:07 - 2014-09-14 13:07 - 00037100 _____ () C:\ComboFix.txt
2014-09-14 12:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 12:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 12:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 12:43 - 2014-09-14 13:07 - 00000000 ____D () C:\Qoobox
2014-09-14 12:43 - 2014-09-14 13:04 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 12:41 - 2014-09-14 12:42 - 05577449 ____R (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-09-12 07:40 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-12 07:39 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 07:39 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 07:39 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 07:39 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 07:39 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 07:39 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-11 10:13 - 2014-09-11 10:13 - 00000000 ____D () C:\Users\Sandra\AppData\Local\CrashDumps
2014-09-11 10:04 - 2014-09-11 10:04 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-09-11 10:01 - 2014-09-11 10:04 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-09-10 09:02 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:02 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:02 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:02 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:02 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:02 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:02 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:02 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:02 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:02 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 09:02 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:02 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 09:02 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:02 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 09:02 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:02 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:02 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:02 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 09:02 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 09:02 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 09:02 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 09:02 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 09:02 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 09:01 - 2014-09-10 09:01 - 00000000 ____D () C:\Update
2014-09-10 09:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 09:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 09:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 09:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 09:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 09:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 09:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 09:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 09:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 09:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 09:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 09:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 09:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 09:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 09:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 09:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 09:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 08:50 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:50 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:49 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:49 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:44 - 2014-09-10 08:44 - 00000000 ____D () C:\OETemp
2014-09-10 08:39 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 08:39 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 10:28 - 2014-09-15 11:20 - 00000000 ____D () C:\FRST
2014-09-09 09:09 - 2014-09-09 09:09 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.87f8.deleteme
2014-09-09 09:08 - 2014-09-09 09:32 - 00000000 ____D () C:\Users\Sandra\AppData\Local\NPE
2014-09-09 09:08 - 2014-09-09 09:08 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:07 - 2014-09-09 10:14 - 00000000 ____D () C:\Program Files\stinger
2014-09-09 09:07 - 2014-09-09 09:07 - 00000000 ____D () C:\Quarantine
2014-09-09 07:34 - 2014-09-09 07:48 - 00000000 ____D () C:\C't Helper
2014-09-09 07:30 - 2014-09-09 07:32 - 00000000 ____D () C:\totalcmd
2014-09-09 07:30 - 2014-09-09 07:30 - 00000632 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-09-09 07:30 - 2014-09-09 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-09-09 07:22 - 2014-09-10 08:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 10:56 - 2014-09-08 10:56 - 00000332 _____ () C:\Users\Sandra\Desktop\Memory Stick (E) - Verknüpfung.lnk
2014-09-08 10:56 - 2014-09-08 10:56 - 00000324 _____ () C:\Users\Sandra\Desktop\SD - MMC (F) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000501 _____ () C:\Users\Sandra\Desktop\Expansion Drive (H) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000483 _____ () C:\Users\Sandra\Desktop\Sonstiges (G) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000472 _____ () C:\Users\Sandra\Desktop\Privat (D) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000340 _____ () C:\Users\Sandra\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-09-08 10:54 - 2014-09-08 10:54 - 00000512 _____ () C:\Users\Sandra\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
2014-09-08 09:49 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-094938.backup
2014-09-08 09:46 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-094652.backup
2014-09-08 09:41 - 2014-09-12 07:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-08 09:41 - 2014-09-08 09:41 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\AVAST Software
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 09:40 - 2014-09-08 09:41 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 09:40 - 2014-09-08 09:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 09:40 - 2014-09-08 09:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 09:39 - 2014-09-08 09:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 09:38 - 2014-09-08 09:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 08:52 - 2014-09-15 11:06 - 00001725 _____ () C:\Windows\setupact.log
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 08:51 - 2014-09-15 11:05 - 00039548 _____ () C:\Windows\PFRO.log
2014-09-08 08:44 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 08:44 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 08:44 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 08:44 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 08:44 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 08:44 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 08:44 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 08:44 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 08:44 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-08 08:44 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-08 08:44 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 08:44 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 08:44 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-08 08:44 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 08:44 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-08 08:44 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-08 08:42 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-08 08:42 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-08 08:14 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-081442.backup
2014-09-08 08:10 - 2014-09-08 08:10 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 08:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-08 07:55 - 2014-09-08 08:04 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-09-08 07:50 - 2014-09-08 07:50 - 00000000 ____D () C:\ProgramData\Razer
2014-09-08 07:33 - 2014-09-15 11:04 - 00000000 ____D () C:\AdwCleaner
2014-08-29 20:45 - 2014-09-10 14:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-29 20:45 - 2014-09-08 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-29 20:45 - 2014-08-29 20:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-29 20:38 - 2014-08-29 20:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 20:32 - 2014-08-29 20:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-29 12:08 - 2014-09-09 10:46 - 00307200 ___SH () C:\Users\Sandra\Downloads\Thumbs.db
2014-08-29 11:57 - 2014-08-29 20:30 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 _____ () C:\asc_rdflag
2014-08-28 16:49 - 2014-09-15 10:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 16:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 16:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 15:17 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:17 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:17 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 20:11 - 2014-08-21 20:11 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe
2014-08-17 22:30 - 2014-08-17 22:30 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 09:17 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 09:17 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-17 09:17 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 09:17 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-17 09:17 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-17 09:17 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-17 09:16 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 09:16 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 09:16 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 09:15 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 09:15 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 11:20 - 2014-09-09 10:28 - 00000000 ____D () C:\FRST
2014-09-15 11:20 - 2010-06-10 15:38 - 01684213 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 11:18 - 2010-06-10 15:44 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 11:14 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 11:14 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 11:06 - 2014-09-08 08:52 - 00001725 _____ () C:\Windows\setupact.log
2014-09-15 11:06 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 11:05 - 2014-09-08 08:51 - 00039548 _____ () C:\Windows\PFRO.log
2014-09-15 11:04 - 2014-09-08 07:33 - 00000000 ____D () C:\AdwCleaner
2014-09-15 10:52 - 2014-09-15 10:52 - 00001864 _____ () C:\Users\Sandra\Desktop\JRT.txt
2014-09-15 10:52 - 2010-06-10 15:44 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 10:43 - 2014-09-15 10:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 10:41 - 2010-06-11 01:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 10:41 - 2010-06-11 01:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 10:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 10:16 - 2014-08-28 16:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:07 - 2014-09-14 13:07 - 00037100 _____ () C:\ComboFix.txt
2014-09-14 13:07 - 2014-09-14 12:43 - 00000000 ____D () C:\Qoobox
2014-09-14 13:04 - 2014-09-14 12:43 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 12:59 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-14 12:43 - 2010-07-27 12:20 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{467208DB-642D-4A33-AD7F-AC2A06B7A759}
2014-09-14 12:42 - 2014-09-14 12:41 - 05577449 ____R (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-09-12 07:45 - 2014-09-08 09:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-11 10:13 - 2014-09-11 10:13 - 00000000 ____D () C:\Users\Sandra\AppData\Local\CrashDumps
2014-09-11 10:12 - 2010-06-10 16:04 - 00000000 ____D () C:\Temp
2014-09-11 10:05 - 2010-05-20 01:01 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-09-11 10:04 - 2014-09-11 10:04 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-09-11 10:04 - 2014-09-11 10:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-09-11 10:03 - 2010-06-10 15:56 - 00000000 ____D () C:\Program Files\Sony
2014-09-11 10:03 - 2010-05-19 23:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 10:01 - 2010-06-10 15:55 - 00000000 ____D () C:\Windows\System32\Tasks\SONY
2014-09-11 09:55 - 2013-11-04 17:05 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-10 15:00 - 2012-01-20 21:00 - 00000000 ____D () C:\Users\Gast
2014-09-10 14:59 - 2014-08-29 20:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 12:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-10 09:18 - 2010-08-18 17:21 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-09-10 09:12 - 2014-05-15 19:01 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\ProductData
2014-09-10 09:12 - 2010-07-27 12:17 - 00000000 ____D () C:\Users\Sandra
2014-09-10 09:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-10 09:11 - 2012-10-18 08:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-10 09:08 - 2011-01-03 01:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 09:01 - 2014-09-10 09:01 - 00000000 ____D () C:\Update
2014-09-10 08:50 - 2013-02-18 13:19 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 08:48 - 2013-08-14 23:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 08:44 - 2014-09-10 08:44 - 00000000 ____D () C:\OETemp
2014-09-10 08:44 - 2012-10-18 08:44 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-09-10 08:44 - 2012-10-18 08:37 - 00000000 ____D () C:\ProgramData\Avira
2014-09-10 08:41 - 2014-09-09 07:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 08:41 - 2010-07-31 19:12 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 10:46 - 2014-08-29 12:08 - 00307200 ___SH () C:\Users\Sandra\Downloads\Thumbs.db
2014-09-09 10:14 - 2014-09-09 09:07 - 00000000 ____D () C:\Program Files\stinger
2014-09-09 09:32 - 2014-09-09 09:08 - 00000000 ____D () C:\Users\Sandra\AppData\Local\NPE
2014-09-09 09:09 - 2014-09-09 09:09 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.87f8.deleteme
2014-09-09 09:08 - 2014-09-09 09:08 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:07 - 2014-09-09 09:07 - 00000000 ____D () C:\Quarantine
2014-09-09 07:48 - 2014-09-09 07:34 - 00000000 ____D () C:\C't Helper
2014-09-09 07:35 - 2010-07-27 14:39 - 00000000 ____D () C:\Users\Sandra\Desktop\Sicherheit
2014-09-09 07:32 - 2014-09-09 07:30 - 00000000 ____D () C:\totalcmd
2014-09-09 07:30 - 2014-09-09 07:30 - 00000632 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-09-09 07:30 - 2014-09-09 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-09-08 10:56 - 2014-09-08 10:56 - 00000332 _____ () C:\Users\Sandra\Desktop\Memory Stick (E) - Verknüpfung.lnk
2014-09-08 10:56 - 2014-09-08 10:56 - 00000324 _____ () C:\Users\Sandra\Desktop\SD - MMC (F) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000501 _____ () C:\Users\Sandra\Desktop\Expansion Drive (H) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000483 _____ () C:\Users\Sandra\Desktop\Sonstiges (G) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000472 _____ () C:\Users\Sandra\Desktop\Privat (D) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000340 _____ () C:\Users\Sandra\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-09-08 10:54 - 2014-09-08 10:54 - 00000512 _____ () C:\Users\Sandra\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
2014-09-08 09:49 - 2009-07-14 04:34 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140910-150058.backup
2014-09-08 09:41 - 2014-09-08 09:41 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\AVAST Software
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 09:41 - 2014-09-08 09:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 09:40 - 2014-09-08 09:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 09:40 - 2014-09-08 09:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 09:39 - 2014-09-08 09:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 09:39 - 2014-09-08 09:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 09:34 - 2009-07-14 06:45 - 00464224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 08:10 - 2014-09-08 08:10 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 08:10 - 2014-08-29 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-08 08:10 - 2010-07-27 15:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-08 08:05 - 2010-07-27 15:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-08 08:05 - 2010-07-27 15:32 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-08 08:04 - 2014-09-08 07:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-09-08 07:50 - 2014-09-08 07:50 - 00000000 ____D () C:\ProgramData\Razer
2014-09-08 07:50 - 2011-11-30 20:11 - 00000000 ____D () C:\ProgramData\IObit
2014-09-08 07:42 - 2010-07-27 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 07:36 - 2012-05-03 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-08 07:35 - 2010-07-27 15:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-08 07:27 - 2014-06-11 12:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-07 19:29 - 2010-07-27 15:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-29 20:45 - 2014-08-29 20:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-29 20:38 - 2014-08-29 20:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 20:32 - 2014-08-29 20:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-29 20:30 - 2014-08-29 11:57 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-29 13:53 - 2010-07-27 12:18 - 00125296 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-29 10:43 - 2013-05-13 16:37 - 00000121 _____ () C:\Users\Public\LMDebug.log
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 _____ () C:\asc_rdflag
2014-08-29 09:22 - 2014-02-15 12:07 - 98811904 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 05251072 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-08-28 22:38 - 2012-08-20 15:53 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-08-28 17:21 - 2012-03-07 19:59 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2012-10-04 15:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 09:28 - 2011-01-02 22:23 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\BitTorrent
2014-08-25 06:53 - 2010-07-27 16:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 15:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 20:11 - 2014-08-21 20:11 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe
2014-08-21 12:58 - 2012-04-07 20:36 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-21 12:58 - 2011-05-17 09:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-19 20:05 - 2014-09-10 09:01 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 09:01 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 09:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 09:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 09:01 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 09:01 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 09:01 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 09:02 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 09:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 09:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 09:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 09:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 09:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-10 09:01 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-10 09:02 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 09:02 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 09:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 09:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-10 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-10 09:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-10 09:02 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-10 09:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-10 09:02 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-10 09:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-10 09:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 09:01 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-10 09:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-10 09:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-10 09:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 09:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-10 09:02 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-10 09:02 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-10 09:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-10 09:01 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-10 09:02 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-10 09:01 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-10 09:01 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-10 09:01 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-10 09:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-10 09:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 09:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-10 09:02 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 09:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-10 09:01 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-10 09:01 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-10 09:01 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-10 09:01 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 09:01 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-10 09:01 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-10 09:01 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-10 09:01 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-10 09:01 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-10 09:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-10 09:01 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 22:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-17 22:30 - 2014-08-17 22:30 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-17 22:30 - 2014-08-17 22:30 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 09:59 - 2014-03-20 14:02 - 00002856 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Sandra)

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 19:15

==================== End Of Log ============================
         
--- --- ---


danke für die Mühen bis denne Gael

Alt 15.09.2014, 18:52   #12
schrauber
/// the machine
/// TB-Ausbilder
 

TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.09.2014, 06:32   #13
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Moin,

hier sind die entsprechenden LogFiles:

Code:
ATTFilter
Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Spybot - Search & Destroy 
 Wise Registry Cleaner 8.23  
 Java(TM) 6 Update 31  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 14.0.0.179  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Firefox (32.0) 
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avguard.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 


ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=0f6b6b016fc89e44819e5b010bd1ae04
# engine=20199
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-17 07:53:47
# local_time=2014-09-17 09:53:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 91 7603 821739 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 292391 162613477 0 0
# scanned=275518
# found=0
# cleaned=0
# scan_time=7228
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Sandra (administrator) on VAI on 18-09-2014 07:18:00
Running from C:\Users\Sandra\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-08-28] (Synaptics Incorporated)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-04-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-21] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-08] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\S-1-5-21-932800437-1018891856-1275781363-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * SmartDefragBootTime.exesdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {99EB16A3-5DA9-4506-B71B-4909363EB52D} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {D33305C1-4CCF-4C96-AC9F-0A1A9D37406C} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {E84365FC-7CC1-47DC-886C-C0034D1D5BF1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name -> {53707962-6F74-2D53-2644-206D7942484F} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.uni-due.de/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\abs@avira.com [2014-09-08]
FF Extension: AD Block - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\searchads@instair.net [2014-06-22]
FF Extension: WOT - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-12]
FF Extension: DownloadHelper - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: NoScript - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-05-24]
FF Extension: AVG PrivacyFix - C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\wrv3a96c.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2012-11-05]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-08]

Chrome: 
=======
CHR Profile: C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-27]
CHR Extension: (AD Block) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb [2014-01-16]
CHR Extension: (AD Block) - C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojkdcodhlkmiakbangobnmdhieapagic [2013-11-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-08] (AVAST Software)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2428968 2011-07-05] (mobile concepts GmbH)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation) [File not signed]
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
R2 VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [821760 2009-11-25] (Sony Corporation) [File not signed]
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [244736 2009-12-16] (Intel(R) Corporation) [File not signed]
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-05-15] (Synaptics Incorporated)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 07:18 - 2014-09-18 07:18 - 00020047 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-09-18 07:17 - 2014-09-18 07:17 - 02105856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe
2014-09-17 22:57 - 2014-09-17 22:57 - 00001138 _____ () C:\Users\Sandra\Desktop\checkup.txt
2014-09-17 19:52 - 2014-09-17 19:52 - 00854417 _____ () C:\Users\Sandra\Downloads\SecurityCheck.exe
2014-09-17 19:52 - 2014-09-17 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-17 19:48 - 2014-09-17 19:48 - 02347384 _____ (ESET) C:\Users\Sandra\Downloads\esetsmartinstaller_deu.exe
2014-09-15 10:43 - 2014-09-15 10:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:07 - 2014-09-14 13:07 - 00037100 _____ () C:\ComboFix.txt
2014-09-14 12:44 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 12:44 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 12:44 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 12:44 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 12:43 - 2014-09-14 13:07 - 00000000 ____D () C:\Qoobox
2014-09-14 12:43 - 2014-09-14 13:04 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 12:41 - 2014-09-14 12:42 - 05577449 ____R (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-09-12 07:40 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-12 07:39 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 07:39 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 07:39 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 07:39 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 07:39 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 07:39 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-11 10:13 - 2014-09-11 10:13 - 00000000 ____D () C:\Users\Sandra\AppData\Local\CrashDumps
2014-09-11 10:04 - 2014-09-11 10:04 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-09-11 10:01 - 2014-09-11 10:04 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-09-10 09:02 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 09:02 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 09:02 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 09:02 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 09:02 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 09:02 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 09:02 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 09:02 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 09:02 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 09:02 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 09:02 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 09:02 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 09:02 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 09:02 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 09:02 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 09:02 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 09:02 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 09:02 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 09:02 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 09:02 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 09:02 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 09:02 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 09:02 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 09:01 - 2014-09-10 09:01 - 00000000 ____D () C:\Update
2014-09-10 09:01 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 09:01 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 09:01 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 09:01 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 09:01 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 09:01 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 09:01 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 09:01 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 09:01 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 09:01 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 09:01 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 09:01 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 09:01 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 09:01 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 09:01 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 09:01 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 09:01 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 09:01 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 09:01 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 09:01 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 09:01 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 09:01 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 09:01 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 09:01 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 09:01 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 09:01 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 09:01 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 09:01 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 09:01 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 09:01 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 09:01 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 09:01 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 09:01 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 08:50 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 08:50 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 08:49 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 08:49 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:44 - 2014-09-10 08:44 - 00000000 ____D () C:\OETemp
2014-09-10 08:39 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 08:39 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 10:28 - 2014-09-18 07:18 - 00000000 ____D () C:\FRST
2014-09-09 09:09 - 2014-09-09 09:09 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.87f8.deleteme
2014-09-09 09:08 - 2014-09-09 09:32 - 00000000 ____D () C:\Users\Sandra\AppData\Local\NPE
2014-09-09 09:08 - 2014-09-09 09:08 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:07 - 2014-09-09 10:14 - 00000000 ____D () C:\Program Files\stinger
2014-09-09 09:07 - 2014-09-09 09:07 - 00000000 ____D () C:\Quarantine
2014-09-09 07:34 - 2014-09-09 07:48 - 00000000 ____D () C:\C't Helper
2014-09-09 07:30 - 2014-09-09 07:32 - 00000000 ____D () C:\totalcmd
2014-09-09 07:30 - 2014-09-09 07:30 - 00000632 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-09-09 07:30 - 2014-09-09 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-09-09 07:22 - 2014-09-10 08:41 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 10:56 - 2014-09-08 10:56 - 00000332 _____ () C:\Users\Sandra\Desktop\Memory Stick (E) - Verknüpfung.lnk
2014-09-08 10:56 - 2014-09-08 10:56 - 00000324 _____ () C:\Users\Sandra\Desktop\SD - MMC (F) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000501 _____ () C:\Users\Sandra\Desktop\Expansion Drive (H) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000483 _____ () C:\Users\Sandra\Desktop\Sonstiges (G) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000472 _____ () C:\Users\Sandra\Desktop\Privat (D) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000340 _____ () C:\Users\Sandra\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-09-08 10:54 - 2014-09-08 10:54 - 00000512 _____ () C:\Users\Sandra\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
2014-09-08 09:49 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-094938.backup
2014-09-08 09:46 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-094652.backup
2014-09-08 09:41 - 2014-09-12 07:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-08 09:41 - 2014-09-08 09:41 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\AVAST Software
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 09:40 - 2014-09-08 09:41 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 09:40 - 2014-09-08 09:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 09:40 - 2014-09-08 09:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 09:39 - 2014-09-08 09:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 09:38 - 2014-09-08 09:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 08:52 - 2014-09-18 06:45 - 00001837 _____ () C:\Windows\setupact.log
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 08:51 - 2014-09-15 11:05 - 00039548 _____ () C:\Windows\PFRO.log
2014-09-08 08:44 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 08:44 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 08:44 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 08:44 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 08:44 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 08:44 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 08:44 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 08:44 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 08:44 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-08 08:44 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-08 08:44 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 08:44 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 08:44 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-08 08:44 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 08:44 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-08 08:44 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-08 08:42 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-08 08:42 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-08 08:42 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-08 08:42 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-08 08:14 - 2010-07-27 16:15 - 00414782 _____ () C:\Windows\system32\Drivers\etc\hosts.20140908-081442.backup
2014-09-08 08:10 - 2014-09-08 08:10 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 08:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-08 07:55 - 2014-09-08 08:04 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-09-08 07:50 - 2014-09-08 07:50 - 00000000 ____D () C:\ProgramData\Razer
2014-09-08 07:33 - 2014-09-15 11:04 - 00000000 ____D () C:\AdwCleaner
2014-08-29 20:45 - 2014-09-10 14:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-29 20:45 - 2014-09-08 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-29 20:45 - 2014-08-29 20:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-29 20:38 - 2014-08-29 20:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 20:32 - 2014-08-29 20:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-29 12:08 - 2014-09-09 10:46 - 00307200 ___SH () C:\Users\Sandra\Downloads\Thumbs.db
2014-08-29 11:57 - 2014-08-29 20:30 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 _____ () C:\asc_rdflag
2014-08-28 16:49 - 2014-09-15 11:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-28 16:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 16:49 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-28 15:17 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 15:17 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 15:17 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 20:11 - 2014-08-21 20:11 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 07:18 - 2014-09-18 07:18 - 00020047 _____ () C:\Users\Sandra\Downloads\FRST.txt
2014-09-18 07:18 - 2014-09-09 10:28 - 00000000 ____D () C:\FRST
2014-09-18 07:17 - 2014-09-18 07:17 - 02105856 _____ (Farbar) C:\Users\Sandra\Downloads\FRST64.exe
2014-09-18 07:13 - 2012-05-03 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 07:10 - 2010-06-10 15:44 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 06:54 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 06:54 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 06:52 - 2010-06-10 15:44 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 06:50 - 2010-06-10 15:38 - 01723299 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 06:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 06:45 - 2014-09-08 08:52 - 00001837 _____ () C:\Windows\setupact.log
2014-09-17 22:57 - 2014-09-17 22:57 - 00001138 _____ () C:\Users\Sandra\Desktop\checkup.txt
2014-09-17 22:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-17 19:52 - 2014-09-17 19:52 - 00854417 _____ () C:\Users\Sandra\Downloads\SecurityCheck.exe
2014-09-17 19:52 - 2014-09-17 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-17 19:49 - 2014-09-17 19:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-17 19:48 - 2014-09-17 19:48 - 02347384 _____ (ESET) C:\Users\Sandra\Downloads\esetsmartinstaller_deu.exe
2014-09-17 19:48 - 2010-07-27 12:20 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{467208DB-642D-4A33-AD7F-AC2A06B7A759}
2014-09-15 11:29 - 2014-08-28 16:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 11:29 - 2012-10-04 15:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 11:05 - 2014-09-08 08:51 - 00039548 _____ () C:\Windows\PFRO.log
2014-09-15 11:04 - 2014-09-08 07:33 - 00000000 ____D () C:\AdwCleaner
2014-09-15 10:43 - 2014-09-15 10:43 - 00000000 ____D () C:\Windows\ERUNT
2014-09-15 10:41 - 2010-06-11 01:31 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 10:41 - 2010-06-11 01:31 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 10:41 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 13:07 - 2014-09-14 13:07 - 00037100 _____ () C:\ComboFix.txt
2014-09-14 13:07 - 2014-09-14 12:43 - 00000000 ____D () C:\Qoobox
2014-09-14 13:04 - 2014-09-14 12:43 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 12:59 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-14 12:42 - 2014-09-14 12:41 - 05577449 ____R (Swearware) C:\Users\Sandra\Downloads\ComboFix.exe
2014-09-12 07:45 - 2014-09-08 09:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-11 10:13 - 2014-09-11 10:13 - 00000000 ____D () C:\Users\Sandra\AppData\Local\CrashDumps
2014-09-11 10:12 - 2010-06-10 16:04 - 00000000 ____D () C:\Temp
2014-09-11 10:05 - 2010-05-20 01:01 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-09-11 10:04 - 2014-09-11 10:04 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-09-11 10:04 - 2014-09-11 10:01 - 00000000 ____D () C:\Windows\System32\Tasks\Sony Corporation
2014-09-11 10:03 - 2010-06-10 15:56 - 00000000 ____D () C:\Program Files\Sony
2014-09-11 10:03 - 2010-05-19 23:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-11 10:01 - 2010-06-10 15:55 - 00000000 ____D () C:\Windows\System32\Tasks\SONY
2014-09-11 09:55 - 2013-11-04 17:05 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-10 15:00 - 2012-01-20 21:00 - 00000000 ____D () C:\Users\Gast
2014-09-10 14:59 - 2014-08-29 20:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-10 09:18 - 2010-08-18 17:21 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-09-10 09:12 - 2014-05-15 19:01 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\ProductData
2014-09-10 09:12 - 2010-07-27 12:17 - 00000000 ____D () C:\Users\Sandra
2014-09-10 09:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-09-10 09:11 - 2012-10-18 08:37 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-10 09:08 - 2011-01-03 01:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 09:01 - 2014-09-10 09:01 - 00000000 ____D () C:\Update
2014-09-10 08:50 - 2013-02-18 13:19 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 08:48 - 2013-08-14 23:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 08:44 - 2014-09-10 08:44 - 00000000 ____D () C:\OETemp
2014-09-10 08:44 - 2012-10-18 08:44 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Avira
2014-09-10 08:44 - 2012-10-18 08:37 - 00000000 ____D () C:\ProgramData\Avira
2014-09-10 08:41 - 2014-09-09 07:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-10 08:41 - 2010-07-31 19:12 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 10:46 - 2014-08-29 12:08 - 00307200 ___SH () C:\Users\Sandra\Downloads\Thumbs.db
2014-09-09 10:14 - 2014-09-09 09:07 - 00000000 ____D () C:\Program Files\stinger
2014-09-09 09:32 - 2014-09-09 09:08 - 00000000 ____D () C:\Users\Sandra\AppData\Local\NPE
2014-09-09 09:09 - 2014-09-09 09:09 - 00177680 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe.87f8.deleteme
2014-09-09 09:08 - 2014-09-09 09:08 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:07 - 2014-09-09 09:07 - 00000000 ____D () C:\Quarantine
2014-09-09 07:48 - 2014-09-09 07:34 - 00000000 ____D () C:\C't Helper
2014-09-09 07:35 - 2010-07-27 14:39 - 00000000 ____D () C:\Users\Sandra\Desktop\Sicherheit
2014-09-09 07:32 - 2014-09-09 07:30 - 00000000 ____D () C:\totalcmd
2014-09-09 07:30 - 2014-09-09 07:30 - 00000632 _____ () C:\Users\Public\Desktop\Total Commander.lnk
2014-09-09 07:30 - 2014-09-09 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2014-09-08 10:56 - 2014-09-08 10:56 - 00000332 _____ () C:\Users\Sandra\Desktop\Memory Stick (E) - Verknüpfung.lnk
2014-09-08 10:56 - 2014-09-08 10:56 - 00000324 _____ () C:\Users\Sandra\Desktop\SD - MMC (F) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000501 _____ () C:\Users\Sandra\Desktop\Expansion Drive (H) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000483 _____ () C:\Users\Sandra\Desktop\Sonstiges (G) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000472 _____ () C:\Users\Sandra\Desktop\Privat (D) - Verknüpfung.lnk
2014-09-08 10:55 - 2014-09-08 10:55 - 00000340 _____ () C:\Users\Sandra\Desktop\CD-Laufwerk - Verknüpfung.lnk
2014-09-08 10:54 - 2014-09-08 10:54 - 00000512 _____ () C:\Users\Sandra\Desktop\Lokaler Datenträger (C) - Verknüpfung.lnk
2014-09-08 09:49 - 2009-07-14 04:34 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140910-150058.backup
2014-09-08 09:41 - 2014-09-08 09:41 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\AVAST Software
2014-09-08 09:41 - 2014-09-08 09:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-08 09:41 - 2014-09-08 09:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-08 09:40 - 2014-09-08 09:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-08 09:40 - 2014-09-08 09:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-08 09:40 - 2014-09-08 09:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-08 09:39 - 2014-09-08 09:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-08 09:39 - 2014-09-08 09:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-08 09:34 - 2009-07-14 06:45 - 00464224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 08:52 - 2014-09-08 08:52 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-08 08:10 - 2014-09-08 08:10 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-08 08:10 - 2014-08-29 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-08 08:10 - 2010-07-27 15:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-08 08:05 - 2010-07-27 15:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-08 08:05 - 2010-07-27 15:32 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-08 08:04 - 2014-09-08 07:55 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2014-09-08 07:55 - 2014-09-08 07:55 - 00000000 ____D () C:\Program Files (x86)\Wise
2014-09-08 07:50 - 2014-09-08 07:50 - 00000000 ____D () C:\ProgramData\Razer
2014-09-08 07:50 - 2011-11-30 20:11 - 00000000 ____D () C:\ProgramData\IObit
2014-09-08 07:42 - 2010-07-27 14:40 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-08 07:35 - 2010-07-27 15:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-09-07 19:29 - 2010-07-27 15:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-29 20:45 - 2014-08-29 20:45 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-29 20:38 - 2014-08-29 20:38 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-29 20:38 - 2014-08-29 20:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-29 20:32 - 2014-08-29 20:32 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-08-29 20:30 - 2014-08-29 11:57 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-29 13:53 - 2010-07-27 12:18 - 00125296 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Abelssoft
2014-08-29 11:57 - 2014-08-29 11:57 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-29 10:43 - 2013-05-13 16:37 - 00000121 _____ () C:\Users\Public\LMDebug.log
2014-08-29 09:22 - 2014-08-29 09:22 - 00000000 _____ () C:\asc_rdflag
2014-08-29 09:22 - 2014-02-15 12:07 - 98811904 _____ () C:\Windows\system32\config\SOFTWARE.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 05251072 _____ () C:\Windows\system32\config\DEFAULT.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 00061440 _____ () C:\Windows\system32\config\SAM.iodefrag.bak
2014-08-29 09:22 - 2014-02-15 12:07 - 00028672 _____ () C:\Windows\system32\config\SECURITY.iodefrag.bak
2014-08-28 22:38 - 2012-08-20 15:53 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\vlc
2014-08-28 17:21 - 2012-03-07 19:59 - 00000000 ____D () C:\ProgramData\YouTube Downloader
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-28 16:49 - 2014-08-28 16:49 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-27 09:28 - 2011-01-02 22:23 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\BitTorrent
2014-08-25 06:53 - 2010-07-27 16:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 15:17 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 15:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 15:17 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 20:11 - 2014-08-21 20:11 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe
2014-08-21 12:58 - 2012-04-07 20:36 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-21 12:58 - 2011-05-17 09:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-19 20:05 - 2014-09-10 09:01 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-10 09:01 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-10 09:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-10 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-10 09:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-10 09:01 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-10 09:01 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-10 09:01 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-10 09:02 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-10 09:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-10 09:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-10 09:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-10 09:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-10 09:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-10 09:01 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-10 09:02 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-10 09:02 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-10 09:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-10 09:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-17 22:24

==================== End Of Log ============================
         
--- --- --- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014 Ran by Sandra at 2014-09-18 07:19:06 Running from C:\Users\Sandra\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.) ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft) ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft) Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft) ATI Catalyst Install Manager (HKLM\...\{8D1163BE-5ECD-0303-87F7-35ED38BBB2E1}) (Version: 3.0.750.0 - ATI Technologies, Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.6.1 - BitTorrent Inc.) calibre (HKLM-x32\...\{D060E2E3-5509-4420-AA04-FA197C6678C8}) (Version: 0.9.28 - Kovid Goyal) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2010.0113.2257.41150 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0113.2257.41150 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2010.0113.2257.41150 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2010.0113.2257.41150 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0113.2257.41150 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0113.2257.41150 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0113.2257.41150 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0113.2257.41150 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help English (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help French (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help German (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0113.2256.41150 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0113.2256.41150 - ATI) Hidden ccc-core-static (x32 Version: 2010.0113.2257.41150 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2010.0113.2257.41150 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform) Common Desktop Agent (Version: 1.53.0 - OEM) Hidden Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.296 - Corel Inc.) CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.) EAX Unified (HKLM-x32\...\EAX Unified) (Version: - ) Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.1.09180 - Sony Corporation) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - ) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) InterActual Player (HKLM-x32\...\InterActual Player) (Version: - ) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 16 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.) Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden LEGO® Harry Potter™: Die Jahre 1-4 (HKLM-x32\...\{C5A8DF48-580B-44D3-B2B2-E965A9368F28}) (Version: 1.0.0.0 - WB Games) LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics) LG MC USB U330 driver (HKLM-x32\...\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}) (Version: 1.0.0.0000 - LG Electronics) LG USB Modem Drivers (HKLM-x32\...\{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}) (Version: 4.9.4 - LG Electronics) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation) Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks) Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.) PDF24 Creator 5.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) phase-6 2.1.2.1b (HKLM-x32\...\phase-6) (Version: 2.1.2.1b - phase-6) Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation) PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.0.00.09250 - Sony Corporation) PMB VAIO Edition Guide (x32 Version: 1.0.00.09250 - Sony Corporation) Hidden PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.0.01.11230 - Sony Corporation) PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.0.01.11230 - Sony Corporation) Hidden PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.0.00.10150 - Sony Corporation) PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.0.00.10150 - Sony Corporation) Hidden PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.0.01.12010 - Sony Corporation) PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.0.01.12010 - Sony Corporation) Hidden Prince of Persia The Sands of Time (HKLM-x32\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - ) QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.) Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.10 - Samsung Electronics Co., Ltd.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Hidden Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.04.45.00 - Samsung Electronics Co., Ltd.) Samsung SCX-3400 Series (HKLM-x32\...\Samsung SCX-3400 Series) (Version: 1.08 (07.05.2012) - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.) Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.1.10160 - Sony Corporation) Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Star Wars Knights of the Old Republic (HKLM-x32\...\Star Wars Knights of the Old Republic) (Version: 1.3.0.0 - LucasArts) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.3.0 - Synaptics Incorporated) The Sims 2: Ultimate Collection (HKLM-x32\...\{04450C18-F039-4B81-A621-70C3B0F523D5}) (Version: 1.0.0.0 - Electronic Arts) Tomb Raider: Anniversary 1.0 (HKLM-x32\...\Tomb Raider: Anniversary) (Version: - ) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 5.0.3.11130 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}) (Version: 3.6.0.09250 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{4427F384-B5BE-4769-B7D0-C784FC321EB1}) (Version: 3.6.0.09080 - Sony Corporation) VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.6.0.09080 - Sony Corporation) Hidden VAIO Content Metadata Manager Settings (HKLM-x32\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation) VAIO Content Metadata Manager Settings (x32 Version: 3.6.0.09240 - Sony Corporation) Hidden VAIO Content Metadata XML Interface Library (HKLM-x32\...\{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}) (Version: 3.6.0.09080 - Sony Corporation) VAIO Content Metadata XML Interface Library (x32 Version: 3.6.0.09080 - Sony Corporation) Hidden VAIO Content Monitoring Settings (x32 Version: 2.4.1.09180 - Sony Corporation) Hidden VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.0.10160 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation) VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.0.00.10130 - Sony Corporation) VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation) VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.6.0.09150 - Sony Corporation) VAIO Entertainment Platform (x32 Version: 3.6.0.09150 - Sony Corporation) Hidden VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation) VAIO Gate (HKLM-x32\...\{A7C30414-2382-4086-B0D6-01A88ABA21C3}) (Version: 1.2.0.09240 - Sony Corporation) VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation) VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden VAIO Marketing Tools (HKLM-x32\...\MarketingTools) (Version: - Sony Corporation) VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation) VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.0.00.09240 - Sony Corporation) VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden VAIO Original Funktion Einstellungen (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation) VAIO Personalization Manager (HKLM-x32\...\{A95187EF-BCF4-4468-B501-C0BAB976ADD1}) (Version: 2.0.0.06220 - Sony Corporation) VAIO Personalization Manager (x32 Version: 2.0.0.06220 - Sony Corporation) Hidden VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe) VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.2.2.3 - Sony Corporation) VAIO Quick Web Access (x32 Version: 1.2.2.3 - Sony Corporation) Hidden VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe) VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.1.0.11250 - Sony Corporation) VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.0.10200 - Sony Corporation) VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.601 - Nullsoft, Inc) Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Family Safety (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden WinRAR 5.10 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Wise Registry Cleaner 8.23 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.23 - WiseCleaner.com, Inc.) YTD Video Downloader 4.2.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.2.2 - GreenTree Applications SRL) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-932800437-1018891856-1275781363-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ==================== Restore Points ========================= 08-09-2014 07:39:21 avast! antivirus system restore point 08-09-2014 08:58:41 Windows-Sicherung 09-09-2014 08:51:20 Windows Update 10-09-2014 06:38:10 Windows Update 10-09-2014 06:59:08 Windows Update 11-09-2014 08:01:45 Entfernt VAIO Update 5 11-09-2014 08:03:34 Installiert VAIO Update 12-09-2014 05:40:17 Windows Update 14-09-2014 10:44:21 ComboFix created restore point 15-09-2014 08:24:28 Windows-Sicherung 17-09-2014 17:49:38 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-09-14 12:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {011C4551-7826-4424-82F9-DD15D29E9DE7} - System32\Tasks\Driver Booster SkipUAC (Sandra) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {0D7925BA-3493-4E13-8DBB-C5ACD0601A0A} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {14A41AB3-F4BC-40FE-86C9-2BA9F45276BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe Task: {1BC3C336-8B3C-462D-BA32-9EE66D410AF3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {245367CB-A966-448D-AF6F-45AF6B8DA8DF} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {25DC5754-AA9A-4F7C-8118-0EB2B06BEE06} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation) Task: {28CD8D46-DC49-4EF9-AD02-66D7112989FD} - System32\Tasks\{D473E0E1-1B41-471A-8A03-BC4CCB962C2C} => G:\Gothic3\gothic3.exe Task: {2A969244-89F4-42A8-82B9-25AB45423508} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10] (Google Inc.) Task: {2BBFDF87-452C-4349-A3B4-7E0ABCD2833A} - System32\Tasks\{3E9A453F-19F9-450E-8908-11F4E90AE992} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.) Task: {2EC3A27D-12FE-41D0-AB6E-529C61DFBB1C} - System32\Tasks\{3306B155-49B3-46F7-B566-D194D451941B} => Z:\setup.exe Task: {2FBECC3C-69E9-4963-9ECE-DD0C8210DD4E} - System32\Tasks\{354FB7E9-6BBC-43B1-A11C-41AA253DA3FE} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.) Task: {3B54A0C4-3995-41E4-BEAE-78B084CA00F7} - System32\Tasks\{74C71BEE-6702-43A1-A928-B2A8A6991CC0} => C:\Program Files (x86)\UBISOFT\Prince of Persia The Sands of Time\PrinceOfPersia.exe [2004-05-19] (UBISOFT) Task: {4735FF79-7A38-465E-A9BC-6CC9CC964362} - System32\Tasks\{505DA512-BC75-4CE2-8235-0C2ED06BDFE9} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.) Task: {53036282-5C1F-4E1B-868F-87882A33CB11} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-08] (AVAST Software) Task: {5927225C-54F7-4AE4-B6EC-09F94433FF28} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe Task: {59FD20D4-7A58-426E-84F4-B71695B7BA7B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd) Task: {5B049175-62E9-42F1-B02C-9BA5DF9E9B9A} - System32\Tasks\SONY\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2009-09-24] (Sony Corporation) Task: {6CBB887E-5533-4254-9D85-7D7727900B5A} - System32\Tasks\{CD230A95-E815-4D69-A42F-040A2CBFFEE1} => G:\Gothic3\gothic3.exe Task: {77DB4B6B-ED61-493B-B395-8DDA51CA84B6} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation) Task: {7F71C938-09EA-403B-A2EC-36DF2AAF1048} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-10-19] (Sony Corporation) Task: {817CDE71-8889-4F3C-8EE5-8047232D64D8} - System32\Tasks\{BCB50A56-86DD-4211-96B7-197CC48B12C6} => C:\Program Files (x86)\UBISOFT\Prince of Persia The Sands of Time\PrinceOfPersia.exe [2004-05-19] (UBISOFT) Task: {88919CFE-400F-4D96-B859-D2311BA0FC99} - System32\Tasks\{858B6A46-0A20-4F38-A4AD-F0F273009EE9} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation) Task: {91C7D7C8-260B-447F-A9B6-7921BB60CE6B} - System32\Tasks\{41940133-C5CF-4543-BE0B-8AD29713A9A4} => Firefox.exe Task: {9412F9AD-AA44-489F-B3D4-489A79D5D90C} - System32\Tasks\{AF9614AC-037A-4920-85A0-38EDBD699C87} => Firefox.exe hxxp://ui.skype.com/ui/0/5.6.0.110/de/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled Task: {95752B59-34FD-43AA-9D26-05A821155AEE} - System32\Tasks\{0756066C-A65B-4ADF-956B-9D98A2A0493F} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.) Task: {9AFEC5C2-B56F-4049-9C78-2724092E7464} - System32\Tasks\{9B4AF4F2-25D2-4A06-9312-20BC0065B89F} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation) Task: {A5BB8341-F22C-4776-91B9-B11F10AFB9A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe Task: {A7FED3C2-4C44-4D00-827F-2C40B7561EEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-06-10] (Google Inc.) Task: {AC28F0E8-624C-4190-9F2A-4A035297BE7B} - System32\Tasks\{D5CB83F3-B6D8-42CA-992B-7DADF2C28A0F} => C:\Program Files (x86)\UBISOFT\Prince of Persia The Sands of Time\PrinceOfPersia.exe [2004-05-19] (UBISOFT) Task: {B142F9E3-4060-4508-8C37-F2AC29BC1AAC} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-10-21] (Sony Corporation) Task: {B7E71A6C-9D2A-4950-9837-0F12ABEC3EFF} - System32\Tasks\{247EEB1C-A377-492C-8081-94916061B52F} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.) Task: {B945FB3C-90D3-467B-B2A6-3C3F34FBEF30} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe Task: {CB2FF582-0B25-4E81-82C0-BDCD28701B25} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {CF055B68-02AD-4BFA-8ABE-7AF36ABFCBA2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe Task: {DF7DC4E9-5585-4F82-A505-8FA96005BFDB} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {E97DCE77-199E-41C4-AFAF-54B0E6A723D5} - System32\Tasks\{7DB9E92E-57D4-4CCD-A134-47B80690F348} => C:\Program Files (x86)\LucasArts\Star Wars Knights of the Old Republic\swkotor.exe [2012-07-05] (BioWare Corp.) Task: {F623D033-0E57-4762-B5B1-56A4755D9A53} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {FD900387-E5EB-4DC1-9D4B-0708AA8DAC9A} - System32\Tasks\{745FD3A5-4E2A-4717-8D8B-7F7020085917} => C:\Windows\system32\msiexec.exe [2010-11-20] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-09 19:27 - 2011-05-02 06:40 - 00034304 _____ () C:\Windows\System32\ssm1mlm.dll 2010-12-17 18:13 - 2010-12-17 18:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2010-12-17 18:13 - 2010-12-17 18:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll 2008-08-26 11:41 - 2008-08-26 11:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-06-10 15:42 - 2010-06-10 15:42 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-09-08 09:40 - 2014-09-08 09:40 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-17 19:46 - 2014-09-17 19:46 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14091701\algo.dll 2014-08-29 20:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-08-29 20:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-08-29 20:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2010-06-10 16:03 - 2009-12-01 22:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll 2010-06-10 16:03 - 2009-12-01 22:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll 2010-05-19 23:42 - 2009-11-21 00:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2014-09-08 08:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-09-08 08:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-09-08 09:40 - 2014-09-08 09:40 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Browser Defender Update Service => 2 MSCONFIG\Services: bthserv => 3 MSCONFIG\Services: btwdins => 2 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: FontCache => 3 MSCONFIG\Services: FontCache3.0.0.0 => 3 MSCONFIG\Services: fsssvc => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: ICQ Service => 2 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: uCamMonitor => 2 MSCONFIG\Services: WMPNetworkSvc => 3 MSCONFIG\Services: WPCSvc => 3 MSCONFIG\Services: WSearch => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Sandra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe MSCONFIG\startupreg: PDFPrint => c:\program files (x86)\pdf24\pdf24.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: SunJavaUpdateSched => c:\program files (x86)\common files\java\java update\jusched.exe MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/18/2014 06:47:10 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (09/18/2014 06:47:10 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA}) (Fehlercode = 0x80042000) Error: (09/17/2014 10:53:26 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/17/2014 10:25:43 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/17/2014 07:49:06 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/17/2014 07:48:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/17/2014 07:44:28 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (09/17/2014 07:44:27 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA}) (Fehlercode = 0x80042000) Error: (09/15/2014 11:07:22 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5}) (Fehlercode = 0x80042019) Error: (09/15/2014 11:07:21 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Das Plug-In-Modul konnte nicht geladen werden. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA}) (Fehlercode = 0x80042000) System errors: ============= Error: (09/18/2014 06:47:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (09/18/2014 06:47:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/18/2014 06:47:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/18/2014 06:47:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/18/2014 06:47:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (09/18/2014 06:46:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "LiveUpdate" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (09/17/2014 07:45:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (09/17/2014 07:45:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Planer" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/17/2014 07:45:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (09/17/2014 07:45:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-09-14 12:54:46.290 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-09-14 12:54:45.947 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-24 13:11:44.354 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-24 13:11:44.154 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-24 13:11:43.944 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-24 13:11:43.724 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-12 12:10:06.811 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-12 12:10:06.631 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\cryptnet.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-12 12:10:06.441 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-12 12:10:06.251 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\gpapi.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Ansonsten zeigt der Rechner keinerlei Auffälligkeiten:=)
Danke für die Geduld und die Mühen.
Bis denne Gael

Alt 18.09.2014, 16:19   #14
schrauber
/// the machine
/// TB-Ausbilder
 

TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Java, Flash und Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.09.2014, 08:15   #15
Gaelhacht
 
TROJAN DNS Reply Sinkhole - Anubis - - Standard

TROJAN DNS Reply Sinkhole - Anubis -



Moin Schrauber

Danke für die Mühe - alles läuft jetzt wie geschmiert. Tolle Erklärungen und Anweisungen:=)

Danke Gael

Antwort

Themen zu TROJAN DNS Reply Sinkhole - Anubis -
bekämpfung, dns, infos, reply, sinkhole, troja, trojan, trojaner, zusammen



Ähnliche Themen: TROJAN DNS Reply Sinkhole - Anubis -


  1. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  2. Telekom meldet: Sinkhole kontaktiert ohne weitere Details zu benennen
    Log-Analyse und Auswertung - 27.02.2015 (16)
  3. T-Online schickt Abuse-Mail (Sinkhole) ohne Informationen + ich finde nur Adware
    Plagegeister aller Art und deren Bekämpfung - 24.02.2015 (26)
  4. Windows 7 - Verdacht auf Botnet/Sinkhole Kontakt
    Log-Analyse und Auswertung - 11.01.2015 (24)
  5. TROJAN DNS Reply Sinkhole - Anubis -
    Plagegeister aller Art und deren Bekämpfung - 27.11.2014 (21)
  6. Sinkhole - Kontakt von meinem Rechner
    Log-Analyse und Auswertung - 17.10.2013 (14)
  7. Abuse von Telekom (openresolvers oder sinkhole)
    Plagegeister aller Art und deren Bekämpfung - 19.07.2013 (5)
  8. Telekom schickt abuse Brief (Sinkhole)
    Log-Analyse und Auswertung - 06.07.2013 (36)
  9. Die Telekom sagt mein System gehöre zu einem Sinkhole Netzwerk
    Log-Analyse und Auswertung - 08.07.2011 (43)
  10. Mails, Server, Adressen, Reply
    Alles rund um Windows - 03.02.2003 (0)

Zum Thema TROJAN DNS Reply Sinkhole - Anubis - - Moin zusammen, kann mir jemand bitte Infos zu diesem Trojaner und seiner Bekämpfung geben? Danke bis denne Gael - TROJAN DNS Reply Sinkhole - Anubis -...
Archiv
Du betrachtest: TROJAN DNS Reply Sinkhole - Anubis - auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.