Windows Firewall und Windows Update Fehlermeldung 0x80070424

Annschie · 01.06.2012, 23:56

Hey Leute!

Ich bin sehr verzweifelt und hoffe auf euere Hilfe

In der Systemsteuerung finde ich eine deaktivierte Firewall vor, wenn ich diese einschalten will, bekomme ich den Fehlercode 0x80070424, die Windows Updates funktionieren auch nicht - da steht: "Mit Windows Updates kann derzeit nicht nach Updates gesucht werden, da der Dienst nicht ausgeführt wird. Möglicherweise müssen sie den Computer neu starten." Nach unzähligen Neustart-Versuchen tritt das gleiche Problem auf.

Das habe ich bisher versucht:
Probleme erkennen und beheben - erfolglos
Vollständigen Virenscann - kein Fund
Systemwiederherstellung - schlägt fehl
MicrosoftFixit- selber Fehlercode wie bei den Windows Updates

Hier mein mbam Log:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna :: ANNA-VAIO [Administrator]

Schutz: Deaktiviert

02.06.2012 00:33:25
mbam-log-2012-06-02 (00-33-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204111
Laufzeit: 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
c:\windows\syshost.exe (Trojan.Downloader) -> Löschen bei Neustart.
c:\users\anna\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.

(Ende)

Ich bitte um Hilfe!

Keiner da, der mir helfen könnte? ;(

cosinus · 03.06.2012, 15:28

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Annschie · 03.06.2012, 19:51

Vielen Dank für die Antwort!

Hier nun mein Malwarebytes-Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna :: ANNA-VAIO [Administrator]

Schutz: Deaktiviert

03.06.2012 19:54:48
mbam-log-2012-06-03 (19-54-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333277
Laufzeit: 43 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
c:\windows\syshost.exe (Trojan.Downloader) -> Löschen bei Neustart.
c:\users\anna\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.

(Ende)

Hier der Eset Online Scanner Log:

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50138e3f6a7c564389e04fcf6f45df3d
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 06:03:04
# local_time=2012-06-03 08:03:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 1041222 90376429 0 0
# compatibility_mode=8192 67108863 100 0 216 216 0 0
# scanned=5365
# found=0
# cleaned=0
# scan_time=26
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50138e3f6a7c564389e04fcf6f45df3d
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 06:04:47
# local_time=2012-06-03 08:04:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 66 94 1041330 90376537 0 0
# compatibility_mode=8192 67108863 100 0 324 324 0 0
# scanned=7261
# found=0
# cleaned=0
# scan_time=17
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50138e3f6a7c564389e04fcf6f45df3d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 06:46:52
# local_time=2012-06-03 08:46:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 66 94 1041387 90376594 0 0
# compatibility_mode=8192 67108863 100 0 381 381 0 0
# scanned=104413
# found=4
# cleaned=0
# scan_time=2489
C:\Users\Anna\AppData\Local\{02bfc888-64ea-37ed-3762-28cbf0f1a9fc}\n	Win64/Sirefef.W trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Anna\AppData\Roaming\AusLogics\Rescue\Sony Maintenance\120601222610088.rsc	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{02bfc888-64ea-37ed-3762-28cbf0f1a9fc}\n	Win64/Sirefef.W trojan (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\{02bfc888-64ea-37ed-3762-28cbf0f1a9fc}\U\80000000.@	Win64/Sirefef.AE trojan (unable to clean)	00000000000000000000000000000000	I

Vielen Dank für die Hilfe im Voraus!

cosinus · 03.06.2012, 21:02

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Annschie · 03.06.2012, 22:18

Zitat:

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?

Der normale Modus von Windows ging vorher uneingeschränkt, so wie jetzt auch. Kann leider immer noch nicht die Windows Firewall einschalten und die Windows Updates durchführen.

Zitat:

2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Nein, alles ist soweit da, nur der "Autostart-Ordner" ist leer.

cosinus · 04.06.2012, 10:28

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Annschie · 04.06.2012, 16:26

Hier der OTL.Txt-Log:

Code:

ATTFilter

OTL logfile created on: 04.06.2012 17:10:10 - Run 1
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,96% Memory free
7,90 Gb Paging File | 6,69 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 401,58 Gb Free Space | 88,89% Space Free | Partition Type: NTFS
 
Computer Name: ANNA-VAIO | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.04 17:07:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 16:36:09 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c30b231f838269283ee449bbc98b202\IAStorUtil.ni.dll
MOD - [2012.05.12 16:36:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012.05.12 14:06:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 14:06:02 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.12 14:05:54 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.12 14:05:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 14:05:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 14:05:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 14:05:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 14:05:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.08.08 16:30:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012.05.23 09:59:57 | 000,077,784 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys -- (f03f375b4aa00e1d)
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.08 18:38:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.07 22:30:29 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.07.19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.04.29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.29 08:13:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.05.23 09:59:57 | 000,077,784 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys -- (f03f375b4aa00e1d)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.20 17:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.06.21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.04.29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.04.29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.04.29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.04.29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.04.29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.04.29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.04.29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.04.29 17:19:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011.03.29 11:00:53 | 000,317,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.03.29 10:55:05 | 012,273,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.29 08:51:30 | 000,425,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.29 08:15:05 | 000,335,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.03.29 05:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 17:27:05 | 000,437,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\..\SearchScopes\{4859911F-E81C-470A-A9F7-32E29DAD2149}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\..\SearchScopes\{58BBACF5-F773-4C1E-B1C8-4EE9A56ED1D3}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.07 22:30:29 | 000,000,000 | ---D | M]
 
[2012.01.03 00:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2012.05.12 14:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\l24z5ouk.default\extensions
[2012.05.12 14:52:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\l24z5ouk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.15 15:08:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\l24z5ouk.default\extensions\firefox@ghostery.com
[2012.01.03 00:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.07 22:30:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6500FF66-A527-483E-BAEE-E230BB665EE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEFBB5C8-6FE5-4302-8842-C771B9ABBC85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AthBtTray - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
MsConfig:64bit - StartUpReg: AtherosBtStack - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Regedit32 - hkey= - key= -  File not found
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.04 17:07:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2012.06.03 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9A22221E-468D-4A9D-A618-DD1AB47AA39A}
[2012.06.03 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{AE0C592C-97A1-4DA4-B0E9-8C7E89644EC3}
[2012.06.03 19:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.03 19:58:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
[2012.06.02 14:20:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.02 14:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.02 14:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.02 13:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.06.02 13:51:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\AVS4YOU
[2012.06.02 13:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.06.02 13:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.06.02 13:43:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Smart PC Solutions
[2012.06.02 13:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.06.02 13:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.06.02 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.06.02 02:17:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{3E04E05B-043E-4441-AAE5-344D7FB66F81}
[2012.06.02 02:17:19 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{873CA99C-E35D-4F5F-85BA-25E0D7C47FF5}
[2012.06.02 01:27:22 | 000,035,680 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.06.02 01:27:22 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.06.02 01:25:34 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.02 01:25:34 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.02 01:25:33 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.02 01:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.02 01:25:22 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\TuneUp Software
[2012.06.02 01:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.02 01:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.02 01:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.02 01:24:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.02 00:24:09 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2012.06.02 00:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.01 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012.06.01 23:15:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012.06.01 21:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.01 21:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.06.01 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012.06.01 21:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.05.31 21:36:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{807CE93D-2A48-424F-9DF6-8F554FD9397C}
[2012.05.31 21:36:08 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{5BD95D86-3D0E-4163-B1C7-C3CACB02ADF5}
[2012.05.29 23:23:31 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E8442317-00D1-4D34-A9D1-AFEAC5A12CDC}
[2012.05.29 23:23:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{D4229B59-CECA-4CC1-B2B9-0795CBC11F33}
[2012.05.29 10:43:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9AD0810B-6A45-4BE6-8591-CE0FE6320AAB}
[2012.05.29 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4E58D0F8-81FC-4403-84C9-1862C2C371C8}
[2012.05.28 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{645E7876-EE81-4B15-A109-331FB5A08D6F}
[2012.05.28 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{911E613A-97DA-429D-8C00-95E0F4ED34D1}
[2012.05.23 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Sony Corporation
[2012.05.23 09:41:11 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{20C85C4D-2D40-4992-8752-9EB2FB6F6857}
[2012.05.23 09:41:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DC398492-59A2-41B9-811E-4DF6CBC35404}
[2012.05.22 10:57:58 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{094CC0D1-805B-4575-A51C-8276CC5B0095}
[2012.05.22 10:57:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{29953339-59F6-4308-8426-07767B431FA9}
[2012.05.21 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E913854D-A092-42D9-8078-E0ACED462930}
[2012.05.21 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{09757486-B952-4A1B-AC93-D5C1F1ECD10E}
[2012.05.20 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F1A92B24-4895-4ABD-8AFA-C075078BDE20}
[2012.05.20 22:18:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{83BE3C82-83EF-4326-98EF-B47741DC27BB}
[2012.05.16 10:43:46 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{8028927F-1490-404D-99CF-EFD65D5D4699}
[2012.05.16 10:43:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C9D7A26A-0493-4D70-B4C5-C89C3E50CEF2}
[2012.05.15 17:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.15 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.15 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.14 22:06:33 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{038743A0-6D2E-4EDE-9C32-4E5BF5E802CC}
[2012.05.14 22:06:22 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9725C3A0-2553-4067-AF6F-23B99D807B94}
[2012.05.13 17:03:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E59CB28A-F625-4888-9F87-A539774B0FB1}
[2012.05.13 17:03:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F78A59A9-A05A-40D8-90BA-287A852D9095}
[2012.05.12 17:48:46 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FEA190D7-19B2-4DDB-A676-AD9A49D4353F}
[2012.05.12 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{3512DA5E-AF83-4A09-AC5A-9273D81FBAB3}
[2012.05.12 14:52:10 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.12 14:52:06 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.05.12 14:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.12 14:51:53 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.05.12 14:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.05.12 14:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.05.12 14:51:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoft
[2012.05.10 14:15:50 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EB9392E8-F445-42C0-846E-38A0BB541070}
[2012.05.10 14:15:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C3F224D4-3B8B-421A-9358-388468F48B53}
[2012.05.08 18:38:30 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{15182D3E-A864-493E-B0A9-2C84117DCFF0}
[2012.05.08 18:38:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{049E5FE0-461D-4647-9BB4-ADDEA8363F9A}
[2012.05.07 22:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.07 22:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.07 22:30:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E1D75517-40C9-46A7-BC1B-92D477E4AC50}
[2012.05.07 22:30:10 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{07C1CB56-C350-4905-BAE7-178994CD859E}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.04 17:11:20 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 17:11:20 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 17:07:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2012.06.04 17:04:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.04 17:03:48 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.03 23:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 19:59:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
[2012.06.02 14:20:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 14:18:41 | 000,443,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.02 01:25:30 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.02 01:25:30 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.02 00:03:54 | 000,690,049 | ---- | M] () -- C:\Users\Anna\AppData\Local\census.cache
[2012.06.02 00:03:45 | 000,096,627 | ---- | M] () -- C:\Users\Anna\AppData\Local\ars.cache
[2012.06.01 23:54:45 | 000,000,036 | ---- | M] () -- C:\Users\Anna\AppData\Local\housecall.guid.cache
[2012.06.01 23:15:26 | 000,037,888 | ---- | M] () -- C:\Users\Anna\bkhu79m9pe.exe
[2012.06.01 23:15:26 | 000,036,352 | ---- | M] () -- C:\Users\Anna\ewwy7owwge.exe
[2012.06.01 21:54:45 | 000,227,530 | ---- | M] () -- C:\test.xml
[2012.06.01 21:42:54 | 000,002,697 | ---- | M] () -- C:\Users\Anna\Desktop\Microsoft Office Word 2007.lnk
[2012.06.01 21:37:44 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 21:37:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 21:37:44 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 21:37:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.30 11:17:41 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.29 13:09:54 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.05.29 13:09:50 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.05.29 13:09:50 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.05.23 09:59:57 | 000,077,784 | ---- | M] () -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys
[2012.05.12 14:52:07 | 000,001,239 | ---- | M] () -- C:\Users\Anna\Desktop\DVDVideoSoft Free Studio.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.02 14:20:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.02 01:25:30 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.02 01:25:30 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.06.02 01:25:30 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.02 00:03:54 | 000,690,049 | ---- | C] () -- C:\Users\Anna\AppData\Local\census.cache
[2012.06.02 00:03:45 | 000,096,627 | ---- | C] () -- C:\Users\Anna\AppData\Local\ars.cache
[2012.06.01 23:54:45 | 000,000,036 | ---- | C] () -- C:\Users\Anna\AppData\Local\housecall.guid.cache
[2012.06.01 21:42:54 | 000,002,697 | ---- | C] () -- C:\Users\Anna\Desktop\Microsoft Office Word 2007.lnk
[2012.05.31 11:16:04 | 000,036,352 | ---- | C] () -- C:\Users\Anna\ewwy7owwge.exe
[2012.05.29 21:21:12 | 000,037,888 | ---- | C] () -- C:\Users\Anna\bkhu79m9pe.exe
[2012.05.23 09:59:57 | 000,077,784 | ---- | C] () -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys
[2012.05.12 14:52:07 | 000,001,239 | ---- | C] () -- C:\Users\Anna\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.10 12:05:48 | 005,559,664 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 12:05:47 | 003,146,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012.05.10 12:05:13 | 000,075,120 | ---- | C] () -- C:\Windows\SysNative\drivers\partmgr.sys
[2012.05.10 12:05:00 | 001,918,320 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.03.13 00:16:59 | 000,000,537 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.11 17:05:48 | 000,000,017 | ---- | C] () -- C:\Users\Anna\AppData\Local\resmon.resmoncfg
[2012.01.15 13:50:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.30 03:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 03:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 03:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 01:03:27 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.01.15 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AusLogics
[2012.05.12 18:29:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoft
[2012.05.12 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.02 13:45:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Smart PC Solutions
[2012.06.01 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SoftGrid Client
[2012.01.05 01:02:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TP
[2012.06.02 01:25:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TuneUp Software
[2012.03.29 22:08:01 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.05 00:30:12 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Adobe
[2012.01.02 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ArcSoft
[2012.01.14 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Atheros
[2012.01.15 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AusLogics
[2012.06.02 13:51:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AVS4YOU
[2012.05.12 18:29:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoft
[2012.05.12 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.02 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Identities
[2012.01.02 20:07:01 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Intel Corporation
[2011.08.08 07:07:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Macromedia
[2012.06.02 00:24:09 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2011.07.13 04:58:01 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Media Center Programs
[2012.06.01 21:43:08 | 000,000,000 | --SD | M] -- C:\Users\Anna\AppData\Roaming\Microsoft
[2012.01.03 00:16:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla
[2012.01.31 17:50:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Skype
[2012.01.15 13:49:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\skypePM
[2012.06.02 13:45:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Smart PC Solutions
[2012.06.01 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SoftGrid Client
[2012.02.03 21:16:31 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Sony Corporation
[2012.01.05 01:02:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TP
[2012.06.02 01:25:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2011.08.08 07:07:33 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
[2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_5b314ccea0aa569d\iaStor.sys
[2011.02.22 17:27:05 | 000,437,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

Hier der Extra.Txt - Log:

Code:

ATTFilter

OTL Extras logfile created on: 04.06.2012 17:10:10 - Run 1
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,96% Memory free
7,90 Gb Paging File | 6,69 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 401,58 Gb Free Space | 88,89% Space Free | Partition Type: NTFS
 
Computer Name: ANNA-VAIO | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_USERS\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{017E65B1-7484-461A-B16F-7C931166083B}" = Die Sims - Hot Date
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" = 
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{45191C61-3D04-4D03-B78A-592DF13264CC}" = Windows Live Messenger
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur 
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.7.508
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Disc Burner_is1" = Free Disc Burner version 3.0.9.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Security Task Manager" = Security Task Manager 1.8d
"splashtop" = VAIO Quick Web Access
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VAIO Help and Support" = 
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2012 05:59:08 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 08:05:10 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 08:46:44 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.05.2012 11:03:43 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.05.2012 11:15:06 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.05.2012 12:17:21 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 13:02:23 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.05.2012 15:37:15 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 15:46:23 | Computer Name = Anna-VAIO | Source = CVHSVC | ID = 100
Description = 
 
Error - 14.05.2012 15:48:44 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 01.06.2012 17:17:04 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 01.06.2012 17:21:29 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.06.2012 17:24:01 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.06.2012 17:33:05 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 01.06.2012 17:33:05 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 01.06.2012 17:48:18 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.06.2012 18:14:35 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%-2147024891
 
Error - 01.06.2012 18:14:35 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 01.06.2012 18:24:39 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%31
 
Error - 01.06.2012 18:24:39 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig, 
der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
 
< End of report >

cosinus · 04.06.2012, 20:18

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys
C:\Users\Anna\bkhu79m9pe.exe
C:\Users\Anna\ewwy7owwge.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Annschie · 04.06.2012, 22:03

Hier das Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
File move failed. C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys scheduled to be moved on reboot.
C:\Users\Anna\bkhu79m9pe.exe moved successfully.
C:\Users\Anna\ewwy7owwge.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anna
->Temp folder emptied: 94882257 bytes
->Temporary Internet Files folder emptied: 2958751 bytes
->Java cache emptied: 26926936 bytes
->FireFox cache emptied: 49786914 bytes
->Flash cache emptied: 61941 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 886180670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64905251 bytes
RecycleBin emptied: 678410 bytes
 
Total Files Cleaned = 1.074,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Anna
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.0 log created on 06042012_225419

Files\Folders moved on Reboot...
File\Folder C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys not found!
C:\Users\Anna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLVPN0BA\aachen[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLVPN0BA\groupon-de[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFWDYCQA\xd_arbiter[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFWDYCQA\xd_arbiter[2].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFWDYCQA\xd_arbiter[3].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8KEKMTR9\payment35d21a99[1].htm not found!

Registry entries deleted on Reboot...

cosinus · 05.06.2012, 09:41

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Annschie · 05.06.2012, 17:58

Hab's hoch geladen, hoffe, dass ich alles richtig gemacht habe!

Lieben Dank nochmal für die Mühe.

cosinus · 05.06.2012, 19:45

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Annschie · 05.06.2012, 21:07

Hier der Log des TDSS-Killer:

Code:

ATTFilter

21:57:48.0062 3504	TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
21:57:48.0171 3504	============================================================
21:57:48.0171 3504	Current date / time: 2012/06/05 21:57:48.0171
21:57:48.0171 3504	SystemInfo:
21:57:48.0171 3504	
21:57:48.0171 3504	OS Version: 6.1.7601 ServicePack: 1.0
21:57:48.0171 3504	Product type: Workstation
21:57:48.0171 3504	ComputerName: ANNA-VAIO
21:57:48.0171 3504	UserName: Anna
21:57:48.0171 3504	Windows directory: C:\Windows
21:57:48.0171 3504	System windows directory: C:\Windows
21:57:48.0171 3504	Running under WOW64
21:57:48.0171 3504	Processor architecture: Intel x64
21:57:48.0171 3504	Number of processors: 4
21:57:48.0171 3504	Page size: 0x1000
21:57:48.0171 3504	Boot type: Normal boot
21:57:48.0171 3504	============================================================
21:58:00.0230 3504	!crdlk
21:58:00.0432 3504	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:58:00.0495 3504	============================================================
21:58:00.0495 3504	\Device\Harddisk0\DR0:
21:58:00.0526 3504	MBR partitions:
21:58:00.0542 3504	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1BC4000, BlocksNum 0x32000
21:58:00.0542 3504	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BF6000, BlocksNum 0x38790030
21:58:00.0542 3504	============================================================
21:58:00.0635 3504	C: <-> \Device\Harddisk0\DR0\Partition1
21:58:00.0635 3504	============================================================
21:58:00.0635 3504	Initialize success
21:58:00.0635 3504	============================================================
21:59:39.0742 0264	============================================================
21:59:39.0742 0264	Scan started
21:59:39.0742 0264	Mode: Manual; SigCheck; TDLFS; 
21:59:39.0742 0264	============================================================
21:59:40.0694 0264	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:59:40.0881 0264	1394ohci - ok
21:59:41.0037 0264	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:59:41.0084 0264	ACDaemon - ok
21:59:41.0177 0264	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:59:41.0224 0264	ACPI - ok
21:59:41.0287 0264	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:59:41.0365 0264	AcpiPmi - ok
21:59:41.0458 0264	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:59:41.0474 0264	AdobeARMservice - ok
21:59:41.0661 0264	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:59:41.0692 0264	AdobeFlashPlayerUpdateSvc - ok
21:59:41.0801 0264	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:59:41.0864 0264	adp94xx - ok
21:59:41.0942 0264	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:59:41.0989 0264	adpahci - ok
21:59:42.0067 0264	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:59:42.0113 0264	adpu320 - ok
21:59:42.0238 0264	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:59:42.0379 0264	AeLookupSvc - ok
21:59:42.0535 0264	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:59:42.0597 0264	AFD - ok
21:59:42.0691 0264	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:59:42.0706 0264	agp440 - ok
21:59:42.0800 0264	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:59:42.0847 0264	ALG - ok
21:59:42.0940 0264	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:59:42.0956 0264	aliide - ok
21:59:43.0034 0264	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:59:43.0065 0264	amdide - ok
21:59:43.0237 0264	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:59:43.0299 0264	AmdK8 - ok
21:59:43.0377 0264	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:59:43.0424 0264	AmdPPM - ok
21:59:43.0517 0264	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:59:43.0549 0264	amdsata - ok
21:59:43.0642 0264	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:59:43.0673 0264	amdsbs - ok
21:59:43.0751 0264	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:59:43.0783 0264	amdxata - ok
21:59:43.0876 0264	ApfiltrService  (12bfa9ec4b03cc16bb7d19baa308aef2) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:59:43.0923 0264	ApfiltrService - ok
21:59:44.0001 0264	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:59:44.0095 0264	AppID - ok
21:59:44.0188 0264	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:59:44.0266 0264	AppIDSvc - ok
21:59:44.0360 0264	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:59:44.0438 0264	Appinfo - ok
21:59:44.0516 0264	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:59:44.0547 0264	arc - ok
21:59:44.0641 0264	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:59:44.0672 0264	arcsas - ok
21:59:44.0765 0264	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:59:44.0781 0264	ArcSoftKsUFilter - ok
21:59:45.0046 0264	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:59:45.0062 0264	aspnet_state - ok
21:59:45.0218 0264	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:45.0311 0264	AsyncMac - ok
21:59:45.0436 0264	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:59:45.0467 0264	atapi - ok
21:59:45.0577 0264	AthBTPort       (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
21:59:45.0592 0264	AthBTPort - ok
21:59:45.0701 0264	ATHDFU          (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
21:59:45.0717 0264	ATHDFU - ok
21:59:45.0857 0264	Atheros Bt&Wlan Coex Agent (650f111d5cda64c10ae4b9d1ba9d4fff) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:59:45.0889 0264	Atheros Bt&Wlan Coex Agent - ok
21:59:45.0982 0264	AtherosSvc      (ebc3119394c9074a9cd87578a435050d) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:59:45.0998 0264	AtherosSvc - ok
21:59:46.0247 0264	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
21:59:46.0325 0264	athr - ok
21:59:46.0559 0264	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:59:46.0684 0264	AudioEndpointBuilder - ok
21:59:46.0840 0264	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:59:46.0918 0264	AudioSrv - ok
21:59:47.0027 0264	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:59:47.0137 0264	AxInstSV - ok
21:59:47.0308 0264	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:59:47.0371 0264	b06bdrv - ok
21:59:47.0527 0264	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:47.0589 0264	b57nd60a - ok
21:59:47.0839 0264	BBSvc           (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:59:47.0870 0264	BBSvc - ok
21:59:48.0026 0264	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:59:48.0073 0264	BDESVC - ok
21:59:48.0182 0264	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:59:48.0275 0264	Beep - ok
21:59:48.0447 0264	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:59:48.0556 0264	BFE - ok
21:59:48.0790 0264	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:59:48.0915 0264	BITS - ok
21:59:49.0055 0264	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:59:49.0102 0264	blbdrive - ok
21:59:49.0289 0264	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:59:49.0336 0264	bowser - ok
21:59:49.0430 0264	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:59:49.0477 0264	BrFiltLo - ok
21:59:49.0586 0264	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:59:49.0617 0264	BrFiltUp - ok
21:59:49.0757 0264	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:59:49.0867 0264	Browser - ok
21:59:49.0991 0264	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:59:50.0069 0264	Brserid - ok
21:59:50.0179 0264	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:50.0225 0264	BrSerWdm - ok
21:59:50.0303 0264	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:50.0335 0264	BrUsbMdm - ok
21:59:50.0428 0264	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:50.0475 0264	BrUsbSer - ok
21:59:50.0615 0264	BTATH_A2DP      (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
21:59:50.0647 0264	BTATH_A2DP - ok
21:59:50.0756 0264	btath_avdt      (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
21:59:50.0787 0264	btath_avdt - ok
21:59:50.0912 0264	BTATH_BUS       (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\drivers\btath_bus.sys
21:59:50.0927 0264	BTATH_BUS - ok
21:59:51.0068 0264	BTATH_HCRP      (a441b800e04cf8443faf519207563abb) C:\Windows\system32\drivers\btath_hcrp.sys
21:59:51.0083 0264	BTATH_HCRP - ok
21:59:51.0286 0264	BTATH_LWFLT     (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:59:51.0302 0264	BTATH_LWFLT - ok
21:59:51.0473 0264	BTATH_RCP       (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\drivers\btath_rcp.sys
21:59:51.0520 0264	BTATH_RCP - ok
21:59:51.0770 0264	BtFilter        (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys
21:59:51.0785 0264	BtFilter - ok
21:59:51.0926 0264	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:59:52.0004 0264	BthEnum - ok
21:59:52.0144 0264	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:59:52.0191 0264	BTHMODEM - ok
21:59:52.0331 0264	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:59:52.0378 0264	BthPan - ok
21:59:52.0534 0264	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:59:52.0581 0264	BTHPORT - ok
21:59:52.0768 0264	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:59:52.0862 0264	bthserv - ok
21:59:52.0987 0264	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:59:53.0018 0264	BTHUSB - ok
21:59:53.0158 0264	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:59:53.0236 0264	cdfs - ok
21:59:53.0377 0264	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:59:53.0408 0264	cdrom - ok
21:59:53.0579 0264	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:59:53.0673 0264	CertPropSvc - ok
21:59:53.0813 0264	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:59:53.0860 0264	circlass - ok
21:59:54.0032 0264	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:59:54.0079 0264	CLFS - ok
21:59:54.0297 0264	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:54.0313 0264	clr_optimization_v2.0.50727_32 - ok
21:59:54.0484 0264	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:54.0515 0264	clr_optimization_v2.0.50727_64 - ok
21:59:54.0687 0264	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:54.0703 0264	clr_optimization_v4.0.30319_32 - ok
21:59:54.0905 0264	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:54.0921 0264	clr_optimization_v4.0.30319_64 - ok
21:59:55.0061 0264	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:59:55.0093 0264	CmBatt - ok
21:59:55.0249 0264	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:59:55.0295 0264	cmdide - ok
21:59:55.0436 0264	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:59:55.0483 0264	CNG - ok
21:59:55.0701 0264	CnxtHdAudService (1f394df3714ed4280047810790e6df69) C:\Windows\system32\drivers\CHDRT64.sys
21:59:55.0748 0264	CnxtHdAudService - ok
21:59:55.0966 0264	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:59:55.0982 0264	Compbatt - ok
21:59:56.0122 0264	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:59:56.0169 0264	CompositeBus - ok
21:59:56.0309 0264	COMSysApp - ok
21:59:56.0465 0264	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:59:56.0481 0264	crcdisk - ok
21:59:56.0777 0264	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:59:56.0887 0264	CryptSvc - ok
21:59:57.0121 0264	DCDhcpService   (75e3c4bb1ed032310edcf5691a452b4b) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
21:59:57.0136 0264	DCDhcpService - ok
21:59:57.0511 0264	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:59:57.0620 0264	DcomLaunch - ok
21:59:57.0791 0264	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:59:57.0901 0264	defragsvc - ok
21:59:58.0057 0264	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:59:58.0135 0264	DfsC - ok
21:59:58.0322 0264	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:59:58.0415 0264	Dhcp - ok
21:59:58.0571 0264	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:59:58.0649 0264	discache - ok
21:59:58.0805 0264	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:59:58.0837 0264	Disk - ok
21:59:59.0039 0264	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:59:59.0071 0264	Dnscache - ok
21:59:59.0258 0264	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:59:59.0367 0264	dot3svc - ok
21:59:59.0539 0264	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:59:59.0632 0264	DPS - ok
21:59:59.0788 0264	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:59:59.0819 0264	drmkaud - ok
22:00:00.0038 0264	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:00:00.0085 0264	DXGKrnl - ok
22:00:00.0256 0264	e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
22:00:00.0319 0264	e1yexpress - ok
22:00:00.0506 0264	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:00:00.0599 0264	EapHost - ok
22:00:00.0943 0264	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:00:01.0083 0264	ebdrv - ok
22:00:01.0364 0264	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:00:01.0411 0264	EFS - ok
22:00:01.0707 0264	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:00:01.0769 0264	ehRecvr - ok
22:00:01.0941 0264	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:00:01.0972 0264	ehSched - ok
22:00:02.0222 0264	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:00:02.0269 0264	elxstor - ok
22:00:02.0487 0264	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:00:02.0487 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34a3c54752046e79a126e15c51db409b
22:00:02.0643 0264	ErrDev ( LockedFile.Multi.Generic ) - warning
22:00:02.0643 0264	ErrDev - detected LockedFile.Multi.Generic (1)
22:00:03.0220 0264	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:00:03.0329 0264	EventSystem - ok
22:00:03.0595 0264	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:00:03.0595 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: a510c654ec00c1e9bdd91eeb3a59823b
22:00:03.0735 0264	exfat ( LockedFile.Multi.Generic ) - warning
22:00:03.0735 0264	exfat - detected LockedFile.Multi.Generic (1)
22:00:03.0860 0264	Suspicious service (NoAccess): f03f375b4aa00e1d
22:00:03.0907 0264	f03f375b4aa00e1d (751c8fd5645972d95c43b9c01e52ec0b) C:\Windows\System32\Drivers\f03f375b4aa00e1d.sys
22:00:03.0907 0264	Suspicious file (NoAccess): C:\Windows\System32\Drivers\f03f375b4aa00e1d.sys. md5: 751c8fd5645972d95c43b9c01e52ec0b
22:00:04.0047 0264	f03f375b4aa00e1d ( LockedService.Multi.Generic ) - warning
22:00:04.0047 0264	f03f375b4aa00e1d - detected LockedService.Multi.Generic (1)
22:00:04.0234 0264	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:00:04.0250 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0adc83218b66a6db380c330836f3e36d
22:00:04.0375 0264	fastfat ( LockedFile.Multi.Generic ) - warning
22:00:04.0375 0264	fastfat - detected LockedFile.Multi.Generic (1)
22:00:04.0609 0264	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:00:04.0671 0264	Fax - ok
22:00:04.0858 0264	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:00:04.0858 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\fdc.sys. md5: d765d19cd8ef61f650c384f62fac00ab
22:00:05.0030 0264	fdc ( LockedFile.Multi.Generic ) - warning
22:00:05.0030 0264	fdc - detected LockedFile.Multi.Generic (1)
22:00:05.0233 0264	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:00:05.0295 0264	fdPHost - ok
22:00:05.0482 0264	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:00:05.0545 0264	FDResPub - ok
22:00:05.0747 0264	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:00:05.0747 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661be46b5f5f3fd454e2c3095b930
22:00:05.0888 0264	FileInfo ( LockedFile.Multi.Generic ) - warning
22:00:05.0888 0264	FileInfo - detected LockedFile.Multi.Generic (1)
22:00:06.0075 0264	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:00:06.0075 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5f671ab5bc87eea04ec38a6cd5962a47
22:00:06.0215 0264	Filetrace ( LockedFile.Multi.Generic ) - warning
22:00:06.0215 0264	Filetrace - detected LockedFile.Multi.Generic (1)
22:00:06.0403 0264	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:00:06.0403 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\flpydisk.sys. md5: c172a0f53008eaeb8ea33fe10e177af5
22:00:06.0543 0264	flpydisk ( LockedFile.Multi.Generic ) - warning
22:00:06.0543 0264	flpydisk - detected LockedFile.Multi.Generic (1)
22:00:06.0746 0264	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:00:06.0746 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: da6b67270fd9db3697b20fce94950741
22:00:06.0886 0264	FltMgr ( LockedFile.Multi.Generic ) - warning
22:00:06.0886 0264	FltMgr - detected LockedFile.Multi.Generic (1)
22:00:07.0151 0264	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:00:07.0229 0264	FontCache - ok
22:00:07.0463 0264	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:07.0479 0264	FontCache3.0.0.0 - ok
22:00:07.0775 0264	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:00:07.0775 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: d43703496149971890703b4b1b723eac
22:00:07.0947 0264	FsDepends ( LockedFile.Multi.Generic ) - warning
22:00:07.0947 0264	FsDepends - detected LockedFile.Multi.Generic (1)
22:00:08.0150 0264	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:00:08.0150 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6bd9295cc032dd3077c671fccf579a7b
22:00:08.0306 0264	Fs_Rec ( LockedFile.Multi.Generic ) - warning
22:00:08.0306 0264	Fs_Rec - detected LockedFile.Multi.Generic (1)
22:00:08.0509 0264	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:00:08.0509 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1f7b25b858fa27015169fe95e54108ed
22:00:08.0665 0264	fvevol ( LockedFile.Multi.Generic ) - warning
22:00:08.0665 0264	fvevol - detected LockedFile.Multi.Generic (1)
22:00:08.0836 0264	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:00:08.0836 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\gagp30kx.sys. md5: 8c778d335c9d272cfd3298ab02abe3b6
22:00:08.0977 0264	gagp30kx ( LockedFile.Multi.Generic ) - warning
22:00:08.0977 0264	gagp30kx - detected LockedFile.Multi.Generic (1)
22:00:09.0226 0264	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:00:09.0335 0264	gpsvc - ok
22:00:09.0523 0264	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:00:09.0523 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: f2523ef6460fc42405b12248338ab2f0
22:00:09.0679 0264	hcw85cir ( LockedFile.Multi.Generic ) - warning
22:00:09.0679 0264	hcw85cir - detected LockedFile.Multi.Generic (1)
22:00:09.0881 0264	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:00:09.0881 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761c778e33cd22498059b91e7373a
22:00:10.0037 0264	HdAudAddService ( LockedFile.Multi.Generic ) - warning
22:00:10.0037 0264	HdAudAddService - detected LockedFile.Multi.Generic (1)
22:00:10.0225 0264	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:00:10.0225 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97bfed39b6b79eb12cddbfeed51f56bb
22:00:10.0365 0264	HDAudBus ( LockedFile.Multi.Generic ) - warning
22:00:10.0381 0264	HDAudBus - detected LockedFile.Multi.Generic (1)
22:00:10.0552 0264	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:00:10.0552 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\HidBatt.sys. md5: 78e86380454a7b10a5eb255dc44a355f
22:00:10.0708 0264	HidBatt ( LockedFile.Multi.Generic ) - warning
22:00:10.0708 0264	HidBatt - detected LockedFile.Multi.Generic (1)
22:00:10.0895 0264	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:00:10.0895 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\hidbth.sys. md5: 7fd2a313f7afe5c4dab14798c48dd104
22:00:11.0067 0264	HidBth ( LockedFile.Multi.Generic ) - warning
22:00:11.0067 0264	HidBth - detected LockedFile.Multi.Generic (1)
22:00:11.0254 0264	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:00:11.0254 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\hidir.sys. md5: 0a77d29f311b88cfae3b13f9c1a73825
22:00:11.0410 0264	HidIr ( LockedFile.Multi.Generic ) - warning
22:00:11.0410 0264	HidIr - detected LockedFile.Multi.Generic (1)
22:00:11.0629 0264	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:00:11.0707 0264	hidserv - ok
22:00:11.0925 0264	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:00:11.0925 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090a7e2b61cd582b612b6df70536
22:00:12.0065 0264	HidUsb ( LockedFile.Multi.Generic ) - warning
22:00:12.0065 0264	HidUsb - detected LockedFile.Multi.Generic (1)
22:00:12.0253 0264	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:00:12.0331 0264	hkmsvc - ok
22:00:12.0565 0264	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:00:12.0611 0264	HomeGroupListener - ok
22:00:12.0845 0264	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:00:12.0908 0264	HomeGroupProvider - ok
22:00:13.0111 0264	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:00:13.0111 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39d2abcd392f3d8a6dce7b60ae7b8efc
22:00:13.0298 0264	HpSAMD ( LockedFile.Multi.Generic ) - warning
22:00:13.0298 0264	HpSAMD - detected LockedFile.Multi.Generic (1)
22:00:13.0563 0264	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:00:13.0563 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0ea7de1acb728dd5a369fd742d6eee28
22:00:13.0735 0264	HTTP ( LockedFile.Multi.Generic ) - warning
22:00:13.0735 0264	HTTP - detected LockedFile.Multi.Generic (1)
22:00:13.0922 0264	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:00:13.0922 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: a5462bd6884960c9dc85ed49d34ff392
22:00:14.0093 0264	hwpolicy ( LockedFile.Multi.Generic ) - warning
22:00:14.0093 0264	hwpolicy - detected LockedFile.Multi.Generic (1)
22:00:14.0281 0264	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:00:14.0281 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: fa55c73d4affa7ee23ac4be53b4592d3
22:00:14.0437 0264	i8042prt ( LockedFile.Multi.Generic ) - warning
22:00:14.0437 0264	i8042prt - detected LockedFile.Multi.Generic (1)
22:00:14.0858 0264	iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
22:00:14.0858 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStor.sys. md5: f7ce9be72edac499b713eca6dae5d26f
22:00:15.0029 0264	iaStor ( LockedFile.Multi.Generic ) - warning
22:00:15.0029 0264	iaStor - detected LockedFile.Multi.Generic (1)
22:00:15.0326 0264	IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:00:15.0341 0264	IAStorDataMgrSvc - ok
22:00:15.0653 0264	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:00:15.0653 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: aaaf44db3bd0b9d1fb6969b23ecc8366
22:00:15.0856 0264	iaStorV ( LockedFile.Multi.Generic ) - warning
22:00:15.0856 0264	iaStorV - detected LockedFile.Multi.Generic (1)
22:00:16.0215 0264	IconMan_R       (6f3909a3d40cc9f4b28e03b027f918d8) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
22:00:16.0309 0264	IconMan_R ( UnsignedFile.Multi.Generic ) - warning
22:00:16.0309 0264	IconMan_R - detected UnsignedFile.Multi.Generic (1)
22:00:16.0636 0264	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:16.0683 0264	idsvc - ok
22:00:17.0572 0264	igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:00:17.0572 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: efe5a0af39a8e179624117c521f1e012
22:00:17.0884 0264	igfx ( LockedFile.Multi.Generic ) - warning
22:00:17.0884 0264	igfx - detected LockedFile.Multi.Generic (1)
22:00:18.0227 0264	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:00:18.0227 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\iirsp.sys. md5: 5c18831c61933628f5bb0ea2675b9d21
22:00:18.0524 0264	iirsp ( LockedFile.Multi.Generic ) - warning
22:00:18.0524 0264	iirsp - detected LockedFile.Multi.Generic (1)
22:00:18.0836 0264	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:00:18.0961 0264	IKEEXT - ok
22:00:19.0398 0264	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:00:19.0398 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\IntcDAud.sys. md5: fc727061c0f47c8059e88e05d5c8e381
22:00:19.0600 0264	IntcDAud ( LockedFile.Multi.Generic ) - warning
22:00:19.0600 0264	IntcDAud - detected LockedFile.Multi.Generic (1)
22:00:19.0834 0264	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:00:19.0834 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: f00f20e70c6ec3aa366910083a0518aa
22:00:20.0006 0264	intelide ( LockedFile.Multi.Generic ) - warning
22:00:20.0006 0264	intelide - detected LockedFile.Multi.Generic (1)
22:00:20.0256 0264	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
22:00:20.0256 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\intelppm.sys. md5: ada036632c664caa754079041cf1f8c1
22:00:20.0396 0264	intelppm ( LockedFile.Multi.Generic ) - warning
22:00:20.0396 0264	intelppm - detected LockedFile.Multi.Generic (1)
22:00:20.0583 0264	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:00:20.0661 0264	IPBusEnum - ok
22:00:20.0864 0264	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:20.0880 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: c9f0e1bd74365a8771590e9008d22ab6
22:00:21.0082 0264	IpFilterDriver ( LockedFile.Multi.Generic ) - warning
22:00:21.0082 0264	IpFilterDriver - detected LockedFile.Multi.Generic (1)
22:00:21.0301 0264	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:00:21.0301 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0fc1aea580957aa8817b8f305d18ca3a
22:00:21.0472 0264	IPMIDRV ( LockedFile.Multi.Generic ) - warning
22:00:21.0472 0264	IPMIDRV - detected LockedFile.Multi.Generic (1)
22:00:21.0706 0264	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:00:21.0706 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: af9b39a7e7b6caa203b3862582e9f2d0
22:00:21.0862 0264	IPNAT ( LockedFile.Multi.Generic ) - warning
22:00:21.0862 0264	IPNAT - detected LockedFile.Multi.Generic (1)
22:00:22.0050 0264	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:00:22.0050 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3abf5e7213eb28966d55d58b515d5ce9
22:00:22.0221 0264	IRENUM ( LockedFile.Multi.Generic ) - warning
22:00:22.0221 0264	IRENUM - detected LockedFile.Multi.Generic (1)
22:00:22.0440 0264	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:00:22.0440 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2f7b28dc3e1183e5eb418df55c204f38
22:00:22.0611 0264	isapnp ( LockedFile.Multi.Generic ) - warning
22:00:22.0611 0264	isapnp - detected LockedFile.Multi.Generic (1)
22:00:22.0861 0264	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:00:22.0861 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: d931d7309deb2317035b07c9f9e6b0bd
22:00:23.0064 0264	iScsiPrt ( LockedFile.Multi.Generic ) - warning
22:00:23.0064 0264	iScsiPrt - detected LockedFile.Multi.Generic (1)
22:00:23.0298 0264	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:00:23.0298 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: bc02336f1cba7dcc7d1213bb588a68a5
22:00:23.0485 0264	kbdclass ( LockedFile.Multi.Generic ) - warning
22:00:23.0485 0264	kbdclass - detected LockedFile.Multi.Generic (1)
22:00:23.0703 0264	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:00:23.0703 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705eff5b42a9db58548eec3b26bb484
22:00:23.0890 0264	kbdhid ( LockedFile.Multi.Generic ) - warning
22:00:23.0890 0264	kbdhid - detected LockedFile.Multi.Generic (1)
22:00:24.0140 0264	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:24.0171 0264	KeyIso - ok
22:00:24.0421 0264	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:00:24.0421 0264	Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: da1e991a61cfdd755a589e206b97644b
22:00:24.0608 0264	KSecDD ( LockedFile.Multi.Generic ) - warning
22:00:24.0608 0264	KSecDD - detected LockedFile.Multi.Generic (1)
22:00:24.0811 0264	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:00:24.0811 0264	Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 7e33198d956943a4f11a5474c1e9106f
22:00:24.0982 0264	KSecPkg ( LockedFile.Multi.Generic ) - warning
22:00:24.0982 0264	KSecPkg - detected LockedFile.Multi.Generic (1)
22:00:25.0232 0264	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:00:25.0232 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281e78cb31a43e969f06b57347c4
22:00:25.0435 0264	ksthunk ( LockedFile.Multi.Generic ) - warning
22:00:25.0435 0264	ksthunk - detected LockedFile.Multi.Generic (1)
22:00:25.0700 0264	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:00:25.0794 0264	KtmRm - ok
22:00:26.0090 0264	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:00:26.0184 0264	LanmanServer - ok
22:00:26.0449 0264	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:00:26.0527 0264	LanmanWorkstation - ok
22:00:26.0995 0264	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:00:26.0995 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831cf8ad2979a04c423779465827
22:00:27.0229 0264	lltdio ( LockedFile.Multi.Generic ) - warning
22:00:27.0229 0264	lltdio - detected LockedFile.Multi.Generic (1)
22:00:27.0556 0264	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:00:27.0681 0264	lltdsvc - ok
22:00:28.0009 0264	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:00:28.0102 0264	lmhosts - ok
22:00:28.0399 0264	LMS             (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:00:28.0430 0264	LMS - ok
22:00:29.0023 0264	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:00:29.0023 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_fc.sys. md5: 1a93e54eb0ece102495a51266dcdb6a6
22:00:29.0288 0264	LSI_FC ( LockedFile.Multi.Generic ) - warning
22:00:29.0288 0264	LSI_FC - detected LockedFile.Multi.Generic (1)
22:00:29.0553 0264	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:00:29.0553 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas.sys. md5: 1047184a9fdc8bdbff857175875ee810
22:00:29.0990 0264	LSI_SAS ( LockedFile.Multi.Generic ) - warning
22:00:29.0990 0264	LSI_SAS - detected LockedFile.Multi.Generic (1)
22:00:30.0411 0264	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:00:30.0411 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas2.sys. md5: 30f5c0de1ee8b5bc9306c1f0e4a75f93
22:00:30.0630 0264	LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
22:00:30.0630 0264	LSI_SAS2 - detected LockedFile.Multi.Generic (1)
22:00:30.0895 0264	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:00:30.0895 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_scsi.sys. md5: 0504eacaff0d3c8aed161c4b0d369d4a
22:00:31.0098 0264	LSI_SCSI ( LockedFile.Multi.Generic ) - warning
22:00:31.0098 0264	LSI_SCSI - detected LockedFile.Multi.Generic (1)
22:00:31.0347 0264	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:00:31.0347 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43d0f98e1d56ccddb0d5254cff7b356e
22:00:31.0581 0264	luafv ( LockedFile.Multi.Generic ) - warning
22:00:31.0581 0264	luafv - detected LockedFile.Multi.Generic (1)
22:00:31.0846 0264	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:00:31.0878 0264	MBAMProtector - ok
22:00:32.0236 0264	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:00:32.0299 0264	MBAMService - ok
22:00:32.0580 0264	McMPFSvc - ok
22:00:32.0860 0264	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:00:32.0907 0264	Mcx2Svc - ok
22:00:33.0235 0264	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:00:33.0235 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\megasas.sys. md5: a55805f747c6edb6a9080d7c633bd0f4
22:00:33.0484 0264	megasas ( LockedFile.Multi.Generic ) - warning
22:00:33.0484 0264	megasas - detected LockedFile.Multi.Generic (1)
22:00:33.0765 0264	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:00:33.0765 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\MegaSR.sys. md5: baf74ce0072480c3b6b7c13b2a94d6b3
22:00:33.0999 0264	MegaSR ( LockedFile.Multi.Generic ) - warning
22:00:33.0999 0264	MegaSR - detected LockedFile.Multi.Generic (1)
22:00:34.0249 0264	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
22:00:34.0249 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\HECIx64.sys. md5: a6518dcc42f7a6e999bb3bea8fd87567
22:00:34.0467 0264	MEIx64 ( LockedFile.Multi.Generic ) - warning
22:00:34.0467 0264	MEIx64 - detected LockedFile.Multi.Generic (1)
22:00:34.0810 0264	Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:00:34.0842 0264	Microsoft Office Groove Audit Service - ok
22:00:35.0169 0264	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:00:35.0263 0264	MMCSS - ok
22:00:35.0544 0264	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:00:35.0544 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800ba92f7010378b09f9ed9270f07137
22:00:35.0778 0264	Modem ( LockedFile.Multi.Generic ) - warning
22:00:35.0778 0264	Modem - detected LockedFile.Multi.Generic (1)
22:00:36.0043 0264	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:00:36.0043 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: b03d591dc7da45ece20b3b467e6aadaa
22:00:36.0261 0264	monitor ( LockedFile.Multi.Generic ) - warning
22:00:36.0261 0264	monitor - detected LockedFile.Multi.Generic (1)
22:00:36.0511 0264	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:00:36.0511 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7d27ea49f3c1f687d357e77a470aea99
22:00:36.0729 0264	mouclass ( LockedFile.Multi.Generic ) - warning
22:00:36.0729 0264	mouclass - detected LockedFile.Multi.Generic (1)
22:00:37.0026 0264	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:00:37.0026 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: d3bf052c40b0c4166d9fd86a4288c1e6
22:00:37.0291 0264	mouhid ( LockedFile.Multi.Generic ) - warning
22:00:37.0291 0264	mouhid - detected LockedFile.Multi.Generic (1)
22:00:37.0556 0264	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:00:37.0556 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32e7a3d591d671a6df2db515a5cbe0fa
22:00:37.0790 0264	mountmgr ( LockedFile.Multi.Generic ) - warning
22:00:37.0790 0264	mountmgr - detected LockedFile.Multi.Generic (1)
22:00:38.0071 0264	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:00:38.0102 0264	MozillaMaintenance - ok
22:00:38.0383 0264	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:00:38.0383 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: a44b420d30bd56e145d6a2bc8768ec58
22:00:38.0617 0264	mpio ( LockedFile.Multi.Generic ) - warning
22:00:38.0617 0264	mpio - detected LockedFile.Multi.Generic (1)
22:00:38.0866 0264	mpotpyrk - ok
22:00:39.0241 0264	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:00:39.0241 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6c38c9e45ae0ea2fa5e551f2ed5e978f
22:00:39.0506 0264	mpsdrv ( LockedFile.Multi.Generic ) - warning
22:00:39.0506 0264	mpsdrv - detected LockedFile.Multi.Generic (1)
22:00:39.0771 0264	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:00:39.0771 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: dc722758b8261e1abafd31a3c0a66380
22:00:40.0005 0264	MRxDAV ( LockedFile.Multi.Generic ) - warning
22:00:40.0005 0264	MRxDAV - detected LockedFile.Multi.Generic (1)
22:00:40.0286 0264	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:40.0286 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: a5d9106a73dc88564c825d317cac68ac
22:00:40.0520 0264	mrxsmb ( LockedFile.Multi.Generic ) - warning
22:00:40.0520 0264	mrxsmb - detected LockedFile.Multi.Generic (1)
22:00:40.0801 0264	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:40.0816 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: d711b3c1d5f42c0c2415687be09fc163
22:00:41.0066 0264	mrxsmb10 ( LockedFile.Multi.Generic ) - warning
22:00:41.0066 0264	mrxsmb10 - detected LockedFile.Multi.Generic (1)
22:00:41.0362 0264	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:41.0362 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423e9d355c8d303e76b8cfbd8a5c30c
22:00:41.0581 0264	mrxsmb20 ( LockedFile.Multi.Generic ) - warning
22:00:41.0581 0264	mrxsmb20 - detected LockedFile.Multi.Generic (1)
22:00:41.0846 0264	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:00:41.0846 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: c25f0bafa182cbca2dd3c851c2e75796
22:00:42.0080 0264	msahci ( LockedFile.Multi.Generic ) - warning
22:00:42.0080 0264	msahci - detected LockedFile.Multi.Generic (1)
22:00:42.0345 0264	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:00:42.0345 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: db801a638d011b9633829eb6f663c900
22:00:42.0579 0264	msdsm ( LockedFile.Multi.Generic ) - warning
22:00:42.0579 0264	msdsm - detected LockedFile.Multi.Generic (1)
22:00:42.0860 0264	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:00:42.0922 0264	MSDTC - ok
22:00:43.0796 0264	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:00:43.0796 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: aa3fb40e17ce1388fa1bedab50ea8f96
22:00:44.0046 0264	Msfs ( LockedFile.Multi.Generic ) - warning
22:00:44.0046 0264	Msfs - detected LockedFile.Multi.Generic (1)
22:00:44.0326 0264	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:00:44.0326 0264	Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: f9d215a46a8b9753f61767fa72a20326
22:00:44.0560 0264	mshidkmdf ( LockedFile.Multi.Generic ) - warning
22:00:44.0560 0264	mshidkmdf - detected LockedFile.Multi.Generic (1)
22:00:44.0826 0264	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:00:44.0826 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: d916874bbd4f8b07bfb7fa9b3ccae29d
22:00:45.0122 0264	msisadrv ( LockedFile.Multi.Generic ) - warning
22:00:45.0122 0264	msisadrv - detected LockedFile.Multi.Generic (1)
22:00:45.0450 0264	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:00:45.0559 0264	MSiSCSI - ok
22:00:45.0808 0264	msiserver - ok
22:00:46.0105 0264	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:00:46.0105 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49ccf2c4fea34ffad8b1b59d49439366
22:00:46.0386 0264	MSKSSRV ( LockedFile.Multi.Generic ) - warning
22:00:46.0386 0264	MSKSSRV - detected LockedFile.Multi.Generic (1)
22:00:46.0651 0264	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:46.0651 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: bdd71ace35a232104ddd349ee70e1ab3
22:00:46.0885 0264	MSPCLOCK ( LockedFile.Multi.Generic ) - warning
22:00:46.0885 0264	MSPCLOCK - detected LockedFile.Multi.Generic (1)
22:00:47.0197 0264	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:00:47.0197 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ed981241db27c3383d72092b618a1d0
22:00:47.0431 0264	MSPQM ( LockedFile.Multi.Generic ) - warning
22:00:47.0431 0264	MSPQM - detected LockedFile.Multi.Generic (1)
22:00:47.0758 0264	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:00:47.0758 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759a9eeb0fa9ed79da1fb7d4ef78866d
22:00:47.0992 0264	MsRPC ( LockedFile.Multi.Generic ) - warning
22:00:47.0992 0264	MsRPC - detected LockedFile.Multi.Generic (1)
22:00:48.0538 0264	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:00:48.0538 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0eed230e37515a0eaee3c2e1bc97b288
22:00:48.0772 0264	mssmbios ( LockedFile.Multi.Generic ) - warning
22:00:48.0772 0264	mssmbios - detected LockedFile.Multi.Generic (1)
22:00:49.0162 0264	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:00:49.0162 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2e66f9ecb30b4221a318c92ac2250779
22:00:49.0662 0264	MSTEE ( LockedFile.Multi.Generic ) - warning
22:00:49.0662 0264	MSTEE - detected LockedFile.Multi.Generic (1)
22:00:50.0005 0264	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:00:50.0005 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\MTConfig.sys. md5: 7ea404308934e675bffde8edf0757bcd
22:00:50.0239 0264	MTConfig ( LockedFile.Multi.Generic ) - warning
22:00:50.0239 0264	MTConfig - detected LockedFile.Multi.Generic (1)
22:00:50.0535 0264	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:00:50.0535 0264	Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: f9a18612fd3526fe473c1bda678d61c8
22:00:50.0785 0264	Mup ( LockedFile.Multi.Generic ) - warning
22:00:50.0785 0264	Mup - detected LockedFile.Multi.Generic (1)
22:00:51.0159 0264	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:00:51.0268 0264	napagent - ok
22:00:51.0612 0264	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:00:51.0612 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1ea3749c4114db3e3161156ffffa6b33
22:00:51.0892 0264	NativeWifiP ( LockedFile.Multi.Generic ) - warning
22:00:51.0892 0264	NativeWifiP - detected LockedFile.Multi.Generic (1)
22:00:52.0251 0264	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:00:52.0251 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79b47fd40d9a817e932f9d26fac0a81c
22:00:52.0516 0264	NDIS ( LockedFile.Multi.Generic ) - warning
22:00:52.0516 0264	NDIS - detected LockedFile.Multi.Generic (1)
22:00:52.0797 0264	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:52.0797 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9f9a1f53aad7da4d6fef5bb73ab811ac
22:00:53.0094 0264	NdisCap ( LockedFile.Multi.Generic ) - warning
22:00:53.0094 0264	NdisCap - detected LockedFile.Multi.Generic (1)
22:00:53.0374 0264	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:53.0374 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639c932d9fef22b31268fe25a1b6e5
22:00:53.0608 0264	NdisTapi ( LockedFile.Multi.Generic ) - warning
22:00:53.0608 0264	NdisTapi - detected LockedFile.Multi.Generic (1)
22:00:53.0889 0264	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:53.0889 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185f9fb2cc61e573e676aa5402356
22:00:54.0139 0264	Ndisuio ( LockedFile.Multi.Generic ) - warning
22:00:54.0139 0264	Ndisuio - detected LockedFile.Multi.Generic (1)
22:00:54.0451 0264	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:54.0451 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53f7305169863f0a2bddc49e116c2e11
22:00:54.0716 0264	NdisWan ( LockedFile.Multi.Generic ) - warning
22:00:54.0716 0264	NdisWan - detected LockedFile.Multi.Generic (1)
22:00:55.0012 0264	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:00:55.0012 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015c0d8e0e0421b4cfd48cffe2825879
22:00:55.0262 0264	NDProxy ( LockedFile.Multi.Generic ) - warning
22:00:55.0262 0264	NDProxy - detected LockedFile.Multi.Generic (1)
22:00:55.0558 0264	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:00:55.0558 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743d9f5d2b1048062b14b1d84501c4
22:00:55.0824 0264	NetBIOS ( LockedFile.Multi.Generic ) - warning
22:00:55.0824 0264	NetBIOS - detected LockedFile.Multi.Generic (1)
22:00:56.0151 0264	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:00:56.0151 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594d1089c523423b32a4229263f068
22:00:56.0416 0264	NetBT ( LockedFile.Multi.Generic ) - warning
22:00:56.0416 0264	NetBT - detected LockedFile.Multi.Generic (1)
22:00:56.0744 0264	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:56.0775 0264	Netlogon - ok
22:00:57.0134 0264	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:00:57.0228 0264	Netman - ok
22:00:57.0586 0264	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:57.0618 0264	NetMsmqActivator - ok
22:00:58.0054 0264	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:58.0070 0264	NetPipeActivator - ok
22:00:58.0522 0264	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:00:58.0616 0264	netprofm - ok
22:00:58.0912 0264	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:58.0928 0264	NetTcpActivator - ok
22:00:59.0224 0264	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:59.0256 0264	NetTcpPortSharing - ok
22:00:59.0630 0264	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:00:59.0630 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\nfrd960.sys. md5: 77889813be4d166cdab78ddba990da92
22:01:00.0082 0264	nfrd960 ( LockedFile.Multi.Generic ) - warning
22:01:00.0082 0264	nfrd960 - detected LockedFile.Multi.Generic (1)
22:01:00.0472 0264	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:01:00.0550 0264	NlaSvc - ok
22:01:00.0894 0264	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:01:00.0894 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1e4c4ab5c9b8dd13179bbdc75a2a01f7
22:01:01.0237 0264	Npfs ( LockedFile.Multi.Generic ) - warning
22:01:01.0237 0264	Npfs - detected LockedFile.Multi.Generic (1)
22:01:01.0674 0264	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:01:01.0752 0264	nsi - ok
22:01:02.0110 0264	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:01:02.0110 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: e7f5ae18af4168178a642a9247c63001
22:01:02.0391 0264	nsiproxy ( LockedFile.Multi.Generic ) - warning
22:01:02.0391 0264	nsiproxy - detected LockedFile.Multi.Generic (1)
22:01:03.0109 0264	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:01:03.0109 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: a2f74975097f52a00745f9637451fdd8
22:01:03.0405 0264	Ntfs ( LockedFile.Multi.Generic ) - warning
22:01:03.0405 0264	Ntfs - detected LockedFile.Multi.Generic (1)
22:01:03.0811 0264	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:01:03.0811 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589f75fa8724ff3d16aed75c1
22:01:04.0341 0264	Null ( LockedFile.Multi.Generic ) - warning
22:01:04.0341 0264	Null - detected LockedFile.Multi.Generic (1)
22:01:05.0511 0264	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:01:05.0511 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: dd81fbc57ab9134cddc5ce90880bfd80
22:01:05.0886 0264	nvlddmkm ( LockedFile.Multi.Generic ) - warning
22:01:05.0886 0264	nvlddmkm - detected LockedFile.Multi.Generic (1)
22:01:06.0369 0264	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:01:06.0369 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0a92cb65770442ed0dc44834632f66ad
22:01:06.0837 0264	nvraid ( LockedFile.Multi.Generic ) - warning
22:01:06.0837 0264	nvraid - detected LockedFile.Multi.Generic (1)
22:01:07.0243 0264	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:01:07.0243 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: dab0e87525c10052bf65f06152f37e4a
22:01:07.0524 0264	nvstor ( LockedFile.Multi.Generic ) - warning
22:01:07.0524 0264	nvstor - detected LockedFile.Multi.Generic (1)
22:01:07.0867 0264	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:01:07.0867 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270d7cd42d6e3979f6dd0146650f0e05
22:01:08.0148 0264	nv_agp ( LockedFile.Multi.Generic ) - warning
22:01:08.0148 0264	nv_agp - detected LockedFile.Multi.Generic (1)
22:01:08.0569 0264	odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:01:08.0600 0264	odserv - ok
22:01:09.0146 0264	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:01:09.0146 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478e4b22ce21b41fa1bfc0b8b8a0
22:01:09.0676 0264	ohci1394 ( LockedFile.Multi.Generic ) - warning
22:01:09.0676 0264	ohci1394 - detected LockedFile.Multi.Generic (1)
22:01:10.0113 0264	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:01:10.0144 0264	ose - ok
22:01:10.0940 0264	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:01:10.0987 0264	p2pimsvc - ok
22:01:11.0361 0264	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:01:11.0408 0264	p2psvc - ok
22:01:11.0736 0264	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:01:11.0736 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\parport.sys. md5: 0086431c29c35be1dbc43f52cc273887
22:01:12.0282 0264	Parport ( LockedFile.Multi.Generic ) - warning
22:01:12.0282 0264	Parport - detected LockedFile.Multi.Generic (1)
22:01:12.0750 0264	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:01:12.0750 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: e9766131eeade40a27dc27d2d68fba9c
22:01:13.0093 0264	partmgr ( LockedFile.Multi.Generic ) - warning
22:01:13.0093 0264	partmgr - detected LockedFile.Multi.Generic (1)
22:01:13.0483 0264	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:01:13.0561 0264	PcaSvc - ok
22:01:13.0904 0264	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:01:13.0904 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575c0571d1462a0f70bde6bd6ee6b3
22:01:14.0278 0264	pci ( LockedFile.Multi.Generic ) - warning
22:01:14.0278 0264	pci - detected LockedFile.Multi.Generic (1)
22:01:14.0622 0264	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:01:14.0622 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: b5b8b5ef2e5cb34df8dcf8831e3534fa
22:01:14.0902 0264	pciide ( LockedFile.Multi.Generic ) - warning
22:01:14.0902 0264	pciide - detected LockedFile.Multi.Generic (1)
22:01:15.0261 0264	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:01:15.0261 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\pcmcia.sys. md5: b2e81d4e87ce48589f98cb8c05b01f2f
22:01:15.0558 0264	pcmcia ( LockedFile.Multi.Generic ) - warning
22:01:15.0558 0264	pcmcia - detected LockedFile.Multi.Generic (1)
22:01:15.0901 0264	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:01:15.0901 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: d6b9c2e1a11a3a4b26a182ffef18f603
22:01:16.0182 0264	pcw ( LockedFile.Multi.Generic ) - warning
22:01:16.0182 0264	pcw - detected LockedFile.Multi.Generic (1)
22:01:16.0540 0264	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:01:16.0540 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769c3356b3be5d1c732c97b9a80d6e
22:01:16.0837 0264	PEAUTH ( LockedFile.Multi.Generic ) - warning
22:01:16.0837 0264	PEAUTH - detected LockedFile.Multi.Generic (1)
22:01:17.0523 0264	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:01:17.0570 0264	PerfHost - ok
22:01:19.0161 0264	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:01:19.0302 0264	pla - ok
22:01:19.0676 0264	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:01:19.0754 0264	PlugPlay - ok
22:01:20.0160 0264	PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
22:01:20.0191 0264	PMBDeviceInfoProvider - ok
22:01:20.0768 0264	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:01:20.0799 0264	PNRPAutoReg - ok
22:01:21.0314 0264	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:01:21.0345 0264	PNRPsvc - ok
22:01:21.0798 0264	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:01:21.0891 0264	PolicyAgent - ok
22:01:22.0734 0264	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:01:22.0827 0264	Power - ok
22:01:23.0342 0264	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:01:23.0342 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: f92a2c41117a11a00be01ca01a7fcde9
22:01:23.0841 0264	PptpMiniport ( LockedFile.Multi.Generic ) - warning
22:01:23.0841 0264	PptpMiniport - detected LockedFile.Multi.Generic (1)
22:01:24.0403 0264	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:01:24.0403 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\processr.sys. md5: 0d922e23c041efb1c3fac2a6f943c9bf
22:01:24.0855 0264	Processor ( LockedFile.Multi.Generic ) - warning
22:01:24.0855 0264	Processor - detected LockedFile.Multi.Generic (1)
22:01:25.0370 0264	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:01:25.0464 0264	ProfSvc - ok
22:01:25.0869 0264	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:25.0900 0264	ProtectedStorage - ok
22:01:26.0306 0264	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:01:26.0306 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557cf5a2556bd58e26384169d72438d
22:01:26.0649 0264	Psched ( LockedFile.Multi.Generic ) - warning
22:01:26.0649 0264	Psched - detected LockedFile.Multi.Generic (1)
22:01:27.0086 0264	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:01:27.0086 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\ql2300.sys. md5: a53a15a11ebfd21077463ee2c7afeef0
22:01:27.0398 0264	ql2300 ( LockedFile.Multi.Generic ) - warning
22:01:27.0398 0264	ql2300 - detected LockedFile.Multi.Generic (1)
22:01:27.0850 0264	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:01:27.0850 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\ql40xx.sys. md5: 4f6d12b51de1aaeff7dc58c4d75423c8
22:01:28.0365 0264	ql40xx ( LockedFile.Multi.Generic ) - warning
22:01:28.0365 0264	ql40xx - detected LockedFile.Multi.Generic (1)
22:01:28.0833 0264	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:01:28.0880 0264	QWAVE - ok
22:01:29.0348 0264	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:01:29.0348 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707bb36430888d9ce9d705398adb6c
22:01:29.0832 0264	QWAVEdrv ( LockedFile.Multi.Generic ) - warning
22:01:29.0832 0264	QWAVEdrv - detected LockedFile.Multi.Generic (1)
22:01:30.0190 0264	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:01:30.0190 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5a0da8ad5762fa2d91678a8a01311704
22:01:30.0518 0264	RasAcd ( LockedFile.Multi.Generic ) - warning
22:01:30.0518 0264	RasAcd - detected LockedFile.Multi.Generic (1)
22:01:30.0877 0264	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:01:30.0877 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ecff9b22276b73f43a99a15a6094e90
22:01:31.0329 0264	RasAgileVpn ( LockedFile.Multi.Generic ) - warning
22:01:31.0329 0264	RasAgileVpn - detected LockedFile.Multi.Generic (1)
22:01:31.0766 0264	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:01:31.0860 0264	RasAuto - ok
22:01:32.0203 0264	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:01:32.0203 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800ae33e6f1c32fb1b97c490ca
22:01:32.0562 0264	Rasl2tp ( LockedFile.Multi.Generic ) - warning
22:01:32.0562 0264	Rasl2tp - detected LockedFile.Multi.Generic (1)
22:01:32.0952 0264	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:01:33.0045 0264	RasMan - ok
22:01:33.0404 0264	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:01:33.0404 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855c9b1cd4756c5e9a2aa58a15f58c25
22:01:33.0794 0264	RasPppoe ( LockedFile.Multi.Generic ) - warning
22:01:33.0794 0264	RasPppoe - detected LockedFile.Multi.Generic (1)
22:01:34.0137 0264	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:01:34.0153 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: e8b1e447b008d07ff47d016c2b0eeecb
22:01:34.0543 0264	RasSstp ( LockedFile.Multi.Generic ) - warning
22:01:34.0543 0264	RasSstp - detected LockedFile.Multi.Generic (1)
22:01:34.0933 0264	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:01:34.0933 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77f665941019a1594d887a74f301fa2f
22:01:35.0276 0264	rdbss ( LockedFile.Multi.Generic ) - warning
22:01:35.0276 0264	rdbss - detected LockedFile.Multi.Generic (1)
22:01:35.0650 0264	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:01:35.0650 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpbus.sys. md5: 302da2a0539f2cf54d7c6cc30c1f2d8d
22:01:35.0978 0264	rdpbus ( LockedFile.Multi.Generic ) - warning
22:01:35.0978 0264	rdpbus - detected LockedFile.Multi.Generic (1)
22:01:36.0337 0264	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:01:36.0337 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: cea6cc257fc9b7715f1c2b4849286d24
22:01:36.0696 0264	RDPCDD ( LockedFile.Multi.Generic ) - warning
22:01:36.0696 0264	RDPCDD - detected LockedFile.Multi.Generic (1)
22:01:37.0585 0264	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:01:37.0585 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: bb5971a4f00659529a5c44831af22365
22:01:37.0912 0264	RDPENCDD ( LockedFile.Multi.Generic ) - warning
22:01:37.0912 0264	RDPENCDD - detected LockedFile.Multi.Generic (1)
22:01:38.0599 0264	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:01:38.0599 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216f3fa57533d98e1f74ded70113177a
22:01:38.0942 0264	RDPREFMP ( LockedFile.Multi.Generic ) - warning
22:01:38.0942 0264	RDPREFMP - detected LockedFile.Multi.Generic (1)
22:01:39.0316 0264	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:01:39.0316 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: 6d76e6433574b058adcb0c50df834492
22:01:39.0675 0264	RDPWD ( LockedFile.Multi.Generic ) - warning
22:01:39.0675 0264	RDPWD - detected LockedFile.Multi.Generic (1)
22:01:40.0081 0264	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:01:40.0081 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ed295fa0121c241bfef24764fc4520
22:01:40.0440 0264	rdyboost ( LockedFile.Multi.Generic ) - warning
22:01:40.0440 0264	rdyboost - detected LockedFile.Multi.Generic (1)
22:01:40.0861 0264	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:01:40.0939 0264	RemoteAccess - ok
22:01:41.0454 0264	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:01:41.0547 0264	RemoteRegistry - ok
22:01:41.0984 0264	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:01:41.0984 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3dd798846e2c28102b922c56e71b7932
22:01:42.0343 0264	RFCOMM ( LockedFile.Multi.Generic ) - warning
22:01:42.0343 0264	RFCOMM - detected LockedFile.Multi.Generic (1)
22:01:42.0764 0264	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:01:42.0842 0264	RpcEptMapper - ok
22:01:43.0404 0264	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:01:43.0482 0264	RpcLocator - ok
22:01:43.0950 0264	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:01:43.0981 0264	RpcSs - ok
22:01:44.0480 0264	RSPCIESTOR      (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
22:01:44.0480 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RtsPStor.sys. md5: 546d7f426776090b90ef5f195b6ae662
22:01:45.0010 0264	RSPCIESTOR ( LockedFile.Multi.Generic ) - warning
22:01:45.0010 0264	RSPCIESTOR - detected LockedFile.Multi.Generic (1)
22:01:45.0837 0264	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:01:45.0837 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: ddc86e4f8e7456261e637e3552e804ff
22:01:46.0430 0264	rspndr ( LockedFile.Multi.Generic ) - warning
22:01:46.0430 0264	rspndr - detected LockedFile.Multi.Generic (1)
22:01:46.0992 0264	RTL8167         (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:01:46.0992 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: ea5532868ba76923d75bcb2a1448d810
22:01:47.0522 0264	RTL8167 ( LockedFile.Multi.Generic ) - warning
22:01:47.0522 0264	RTL8167 - detected LockedFile.Multi.Generic (1)
22:01:48.0318 0264	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:48.0349 0264	SamSs - ok
22:01:48.0739 0264	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:01:48.0739 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: ac03af3329579fffb455aa2daabbe22b
22:01:49.0254 0264	sbp2port ( LockedFile.Multi.Generic ) - warning
22:01:49.0254 0264	sbp2port - detected LockedFile.Multi.Generic (1)
22:01:49.0753 0264	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:01:49.0831 0264	SCardSvr - ok
22:01:50.0283 0264	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:01:50.0283 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253f38d0d7074c02ff8deb9836c97d2b
22:01:50.0658 0264	scfilter ( LockedFile.Multi.Generic ) - warning
22:01:50.0658 0264	scfilter - detected LockedFile.Multi.Generic (1)
22:01:51.0172 0264	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:01:51.0297 0264	Schedule - ok
22:01:52.0062 0264	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:01:52.0140 0264	SCPolicySvc - ok
22:01:52.0623 0264	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
22:01:52.0623 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sdbus.sys. md5: 111e0ebc0ad79cb0fa014b907b231cf0
22:01:53.0154 0264	sdbus ( LockedFile.Multi.Generic ) - warning
22:01:53.0154 0264	sdbus - detected LockedFile.Multi.Generic (1)
22:01:53.0653 0264	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:01:53.0700 0264	SDRSVC - ok
22:01:54.0152 0264	SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:01:54.0183 0264	SeaPort - ok
22:01:54.0807 0264	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:01:54.0807 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3ea8a16169c26afbeb544e0e48421186
22:01:55.0275 0264	secdrv ( LockedFile.Multi.Generic ) - warning
22:01:55.0275 0264	secdrv - detected LockedFile.Multi.Generic (1)
22:01:55.0696 0264	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:01:55.0759 0264	seclogon - ok
22:01:56.0133 0264	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:01:56.0211 0264	SENS - ok
22:01:56.0492 0264	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:01:56.0523 0264	SensrSvc - ok
22:01:56.0866 0264	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:01:56.0866 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\serenum.sys. md5: cb624c0035412af0debec78c41f5ca1b
22:01:57.0350 0264	Serenum ( LockedFile.Multi.Generic ) - warning
22:01:57.0350 0264	Serenum - detected LockedFile.Multi.Generic (1)
22:01:57.0818 0264	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:01:57.0818 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\serial.sys. md5: c1d8e28b2c2adfaec4ba89e9fda69bd6
22:01:58.0161 0264	Serial ( LockedFile.Multi.Generic ) - warning
22:01:58.0161 0264	Serial - detected LockedFile.Multi.Generic (1)
22:01:58.0536 0264	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:01:58.0536 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\sermouse.sys. md5: 1c545a7d0691cc4a027396535691c3e3
22:01:58.0894 0264	sermouse ( LockedFile.Multi.Generic ) - warning
22:01:58.0894 0264	sermouse - detected LockedFile.Multi.Generic (1)
22:02:00.0361 0264	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:02:00.0470 0264	SessionEnv - ok
22:02:01.0047 0264	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
22:02:01.0047 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\SFEP.sys. md5: 286d3889e6ab5589646ff8a63cb928ae
22:02:01.0484 0264	SFEP ( LockedFile.Multi.Generic ) - warning
22:02:01.0484 0264	SFEP - detected LockedFile.Multi.Generic (1)
22:02:01.0936 0264	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:02:01.0936 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: a554811bcd09279536440c964ae35bbf
22:02:02.0280 0264	sffdisk ( LockedFile.Multi.Generic ) - warning
22:02:02.0280 0264	sffdisk - detected LockedFile.Multi.Generic (1)
22:02:02.0670 0264	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:02:02.0685 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: ff414f0baefeba59bc6c04b3db0b87bf
22:02:03.0153 0264	sffp_mmc ( LockedFile.Multi.Generic ) - warning
22:02:03.0153 0264	sffp_mmc - detected LockedFile.Multi.Generic (1)
22:02:03.0621 0264	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:02:03.0621 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: dd85b78243a19b59f0637dcf284da63c
22:02:04.0042 0264	sffp_sd ( LockedFile.Multi.Generic ) - warning
22:02:04.0042 0264	sffp_sd - detected LockedFile.Multi.Generic (1)
22:02:04.0448 0264	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:02:04.0448 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\sfloppy.sys. md5: a9d601643a1647211a1ee2ec4e433ff4
22:02:04.0807 0264	sfloppy ( LockedFile.Multi.Generic ) - warning
22:02:04.0807 0264	sfloppy - detected LockedFile.Multi.Generic (1)
22:02:05.0634 0264	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:02:05.0743 0264	ShellHWDetection - ok
22:02:06.0133 0264	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:02:06.0133 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\SiSRaid2.sys. md5: 843caf1e5fde1ffd5ff768f23a51e2e1
22:02:06.0538 0264	SiSRaid2 ( LockedFile.Multi.Generic ) - warning
22:02:06.0538 0264	SiSRaid2 - detected LockedFile.Multi.Generic (1)
22:02:06.0975 0264	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:02:06.0975 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\sisraid4.sys. md5: 6a6c106d42e9ffff8b9fcb4f754f6da4
22:02:07.0334 0264	SiSRaid4 ( LockedFile.Multi.Generic ) - warning
22:02:07.0334 0264	SiSRaid4 - detected LockedFile.Multi.Generic (1)
22:02:07.0771 0264	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:02:07.0771 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260a7b8654e024dc30bf8a7c5baa4
22:02:08.0161 0264	Smb ( LockedFile.Multi.Generic ) - warning
22:02:08.0161 0264	Smb - detected LockedFile.Multi.Generic (1)
22:02:09.0300 0264	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:02:09.0331 0264	SNMPTRAP - ok
22:02:09.0830 0264	SOHCImp         (ddf2ec98af6fc70608a4f9ce4db52758) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
22:02:09.0846 0264	SOHCImp - ok
22:02:10.0454 0264	SOHDs           (5fa03f5ea6efef6d17b4a1a48c40a23c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
22:02:10.0470 0264	SOHDs - ok
22:02:11.0156 0264	SpfService      (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
22:02:11.0187 0264	SpfService - ok
22:02:11.0905 0264	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:02:11.0905 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: b9e31e5cacdfe584f34f730a677803f9
22:02:12.0420 0264	spldr ( LockedFile.Multi.Generic ) - warning
22:02:12.0420 0264	spldr - detected LockedFile.Multi.Generic (1)
22:02:12.0856 0264	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:02:12.0950 0264	Spooler - ok
22:02:13.0793 0264	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:02:13.0964 0264	sppsvc - ok
22:02:14.0713 0264	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:02:14.0791 0264	sppuinotify - ok
22:02:15.0774 0264	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:02:15.0774 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441fba48bff01fdb9d5969ebc1838f0b
22:02:16.0367 0264	srv ( LockedFile.Multi.Generic ) - warning
22:02:16.0367 0264	srv - detected LockedFile.Multi.Generic (1)
22:02:16.0913 0264	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:02:16.0913 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: b4adebbf5e3677cce9651e0f01f7cc28
22:02:17.0646 0264	srv2 ( LockedFile.Multi.Generic ) - warning
22:02:17.0646 0264	srv2 - detected LockedFile.Multi.Generic (1)
22:02:18.0317 0264	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:02:18.0332 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27e461f0be5bff5fc737328f749538c3
22:02:18.0800 0264	srvnet ( LockedFile.Multi.Generic ) - warning
22:02:18.0800 0264	srvnet - detected LockedFile.Multi.Generic (1)
22:02:19.0284 0264	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:02:19.0377 0264	SSDPSRV - ok
22:02:19.0783 0264	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:02:19.0861 0264	SstpSvc - ok
22:02:20.0251 0264	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:02:20.0251 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\stexstor.sys. md5: f3817967ed533d08327dc73bc4d5542a
22:02:20.0657 0264	stexstor ( LockedFile.Multi.Generic ) - warning
22:02:20.0657 0264	stexstor - detected LockedFile.Multi.Generic (1)
22:02:21.0125 0264	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:02:21.0218 0264	stisvc - ok
22:02:21.0639 0264	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:02:21.0639 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: d01ec09b6711a5f8e7e6564a4d0fbc90
22:02:22.0045 0264	swenum ( LockedFile.Multi.Generic ) - warning
22:02:22.0045 0264	swenum - detected LockedFile.Multi.Generic (1)
22:02:22.0513 0264	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:02:22.0622 0264	swprv - ok
22:02:22.0997 0264	Suspicious service (NoAccess): syshost32
22:02:23.0137 0264	syshost32       (be7ae78fd2aeb32f00ba13cd4f22b1d8) C:\Windows\Installer\{59C14EBC-E371-A8AB-3464-EE33142DE6C5}\syshost.exe
22:02:23.0137 0264	Suspicious file (NoAccess): C:\Windows\Installer\{59C14EBC-E371-A8AB-3464-EE33142DE6C5}\syshost.exe. md5: be7ae78fd2aeb32f00ba13cd4f22b1d8
22:02:23.0761 0264	syshost32 ( LockedService.Multi.Generic ) - warning
22:02:23.0761 0264	syshost32 - detected LockedService.Multi.Generic (1)
22:02:24.0432 0264	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:02:24.0541 0264	SysMain - ok
22:02:25.0196 0264	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:02:25.0274 0264	TabletInputService - ok
22:02:25.0976 0264	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:02:26.0070 0264	TapiSrv - ok
22:02:26.0631 0264	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:02:26.0709 0264	TBS - ok
22:02:27.0365 0264	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:02:27.0365 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: acb82bda8f46c84f465c1afa517dc4b9
22:02:27.0942 0264	Tcpip ( LockedFile.Multi.Generic ) - warning
22:02:27.0942 0264	Tcpip - detected LockedFile.Multi.Generic (1)
22:02:28.0706 0264	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:02:28.0706 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: acb82bda8f46c84f465c1afa517dc4b9
22:02:29.0330 0264	TCPIP6 ( LockedFile.Multi.Generic ) - warning
22:02:29.0330 0264	TCPIP6 - detected LockedFile.Multi.Generic (1)
22:02:30.0516 0264	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:02:30.0516 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: df687e3d8836bfb04fcc0615bf15a519
22:02:31.0304 0264	tcpipreg ( LockedFile.Multi.Generic ) - warning
22:02:31.0304 0264	tcpipreg - detected LockedFile.Multi.Generic (1)
22:02:32.0424 0264	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:02:32.0424 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371d21011695b16333a3934340c4e7c
22:02:32.0804 0264	TDPIPE ( LockedFile.Multi.Generic ) - warning
22:02:32.0804 0264	TDPIPE - detected LockedFile.Multi.Generic (1)
22:02:33.0302 0264	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:02:33.0302 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51c5eceb1cdee2468a1748be550cfbc8
22:02:33.0739 0264	TDTCP ( LockedFile.Multi.Generic ) - warning
22:02:33.0739 0264	TDTCP - detected LockedFile.Multi.Generic (1)
22:02:34.0223 0264	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:02:34.0223 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: ddad5a7ab24d8b65f8d724f5c20fd806
22:02:34.0613 0264	tdx ( LockedFile.Multi.Generic ) - warning
22:02:34.0613 0264	tdx - detected LockedFile.Multi.Generic (1)
22:02:35.0096 0264	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:02:35.0096 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561e7e1f06895d78de991e01dd0fb6e5
22:02:35.0502 0264	TermDD ( LockedFile.Multi.Generic ) - warning
22:02:35.0502 0264	TermDD - detected LockedFile.Multi.Generic (1)
22:02:36.0017 0264	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:02:36.0141 0264	TermService - ok
22:02:36.0578 0264	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:02:36.0625 0264	Themes - ok
22:02:37.0389 0264	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:02:37.0467 0264	THREADORDER - ok
22:02:38.0138 0264	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:02:38.0247 0264	TrkWks - ok
22:02:38.0934 0264	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:02:39.0012 0264	TrustedInstaller - ok
22:02:40.0229 0264	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:02:40.0229 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: ce18b2cdfc837c99e5fae9ca6cba5d30
22:02:40.0747 0264	tssecsrv ( LockedFile.Multi.Generic ) - warning
22:02:40.0747 0264	tssecsrv - detected LockedFile.Multi.Generic (1)
22:02:41.0257 0264	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:02:41.0257 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: d11c783e3ef9a3c52c0ebe83cc5000e9
22:02:41.0737 0264	TsUsbFlt ( LockedFile.Multi.Generic ) - warning
22:02:41.0737 0264	TsUsbFlt - detected LockedFile.Multi.Generic (1)
22:02:42.0227 0264	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:02:42.0227 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\TsUsbGD.sys. md5: 9cc2ccae8a84820eaecb886d477cbcb8
22:02:42.0633 0264	TsUsbGD ( LockedFile.Multi.Generic ) - warning
22:02:42.0633 0264	TsUsbGD - detected LockedFile.Multi.Generic (1)
22:02:43.0371 0264	TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
22:02:43.0471 0264	TuneUp.UtilitiesSvc - ok
22:02:44.0261 0264	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
22:02:44.0281 0264	TuneUpUtilitiesDrv - ok
22:02:45.0321 0264	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:02:45.0321 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566a8daafa27af944f5d705eaa64894
22:02:46.0263 0264	tunnel ( LockedFile.Multi.Generic ) - warning
22:02:46.0263 0264	tunnel - detected LockedFile.Multi.Generic (1)
22:02:46.0871 0264	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:02:46.0871 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\uagp35.sys. md5: b4dd609bd7e282bfc683cec7eaaaad67
22:02:47.0339 0264	uagp35 ( LockedFile.Multi.Generic ) - warning
22:02:47.0339 0264	uagp35 - detected LockedFile.Multi.Generic (1)
22:02:47.0838 0264	uCamMonitor     (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
22:02:47.0854 0264	uCamMonitor - ok
22:02:48.0525 0264	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:02:48.0525 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: ff4232a1a64012baa1fd97c7b67df593
22:02:49.0126 0264	udfs ( LockedFile.Multi.Generic ) - warning
22:02:49.0126 0264	udfs - detected LockedFile.Multi.Generic (1)
22:02:50.0556 0264	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:02:50.0596 0264	UI0Detect - ok
22:02:51.0125 0264	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:02:51.0125 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4bfe1bc28391222894cbf1e7d0e42320
22:02:51.0640 0264	uliagpkx ( LockedFile.Multi.Generic ) - warning
22:02:51.0640 0264	uliagpkx - detected LockedFile.Multi.Generic (1)
22:02:52.0325 0264	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:02:52.0325 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: dc54a574663a895c8763af0fa1ff7561
22:02:53.0015 0264	umbus ( LockedFile.Multi.Generic ) - warning
22:02:53.0015 0264	umbus - detected LockedFile.Multi.Generic (1)
22:02:53.0805 0264	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:02:53.0805 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\umpass.sys. md5: b2e8e8cb557b156da5493bbddcc1474d
22:02:54.0295 0264	UmPass ( LockedFile.Multi.Generic ) - warning
22:02:54.0295 0264	UmPass - detected LockedFile.Multi.Generic (1)
22:02:54.0947 0264	UNS             (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:02:55.0056 0264	UNS - ok
22:02:55.0867 0264	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:02:55.0992 0264	upnphost - ok
22:02:56.0803 0264	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:02:56.0803 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6f1a3157a1c89435352ceb543cdb359c
22:02:57.0443 0264	usbccgp ( LockedFile.Multi.Generic ) - warning
22:02:57.0443 0264	usbccgp - detected LockedFile.Multi.Generic (1)
22:02:58.0033 0264	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:02:58.0033 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: af0892a803fdda7492f595368e3b68e7
22:02:58.0563 0264	usbcir ( LockedFile.Multi.Generic ) - warning
22:02:58.0563 0264	usbcir - detected LockedFile.Multi.Generic (1)
22:02:59.0033 0264	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:02:59.0033 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: c025055fe7b87701eb042095df1a2d7b
22:02:59.0503 0264	usbehci ( LockedFile.Multi.Generic ) - warning
22:02:59.0503 0264	usbehci - detected LockedFile.Multi.Generic (1)
22:02:59.0953 0264	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
22:02:59.0953 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbhub.sys. md5: 287c6c9410b111b68b52ca298f7b8c24
22:03:00.0480 0264	usbhub ( LockedFile.Multi.Generic ) - warning
22:03:00.0480 0264	usbhub - detected LockedFile.Multi.Generic (1)
22:03:00.0963 0264	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:03:00.0963 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840fc418b4cbd632d3d0a667a725c31
22:03:01.0338 0264	usbohci ( LockedFile.Multi.Generic ) - warning
22:03:01.0338 0264	usbohci - detected LockedFile.Multi.Generic (1)
22:03:01.0806 0264	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:03:01.0806 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188f58fb384e75c4063d29413cee3d
22:03:02.0243 0264	usbprint ( LockedFile.Multi.Generic ) - warning
22:03:02.0243 0264	usbprint - detected LockedFile.Multi.Generic (1)
22:03:02.0726 0264	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:03:02.0726 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: aaa2513c8aed8b54b189fd0c6b1634c0
22:03:03.0225 0264	usbscan ( LockedFile.Multi.Generic ) - warning
22:03:03.0225 0264	usbscan - detected LockedFile.Multi.Generic (1)
22:03:03.0709 0264	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:03.0709 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: fed648b01349a3c8395a5169db5fb7d6
22:03:04.0130 0264	USBSTOR ( LockedFile.Multi.Generic ) - warning
22:03:04.0130 0264	USBSTOR - detected LockedFile.Multi.Generic (1)
22:03:04.0614 0264	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:03:04.0614 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069a34518bcf9c1fd9e74b3f6db7cd
22:03:05.0129 0264	usbuhci ( LockedFile.Multi.Generic ) - warning
22:03:05.0129 0264	usbuhci - detected LockedFile.Multi.Generic (1)
22:03:05.0690 0264	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:03:05.0690 0264	Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvideo.sys. md5: 454800c2bc7f3927ce030141ee4f4c50
22:03:06.0174 0264	usbvideo ( LockedFile.Multi.Generic ) - warning
22:03:06.0174 0264	usbvideo - detected LockedFile.Multi.Generic (1)
22:03:06.0689 0264	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:03:06.0767 0264	UxSms - ok
22:03:07.0313 0264	UxTuneUp        (5bf180f7f7c2f68ed6d5777840270bce) C:\Windows\System32\uxtuneup.dll
22:03:07.0328 0264	UxTuneUp - ok
22:03:07.0905 0264	VAIO Event Service (dcb1f83ad167d16d263ce57c94e9eedf) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
22:03:07.0921 0264	VAIO Event Service - ok
22:03:08.0670 0264	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:03:08.0701 0264	VaultSvc - ok
22:03:09.0637 0264	VCFw            (d00058c1fff3f3de990444a5734e9639) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
22:03:09.0699 0264	VCFw - ok
22:03:10.0464 0264	VcmIAlzMgr      (f19275655b42086c884abcdae2c659ae) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
22:03:10.0511 0264	VcmIAlzMgr - ok
22:03:11.0244 0264	VcmINSMgr       (2f06d134554ba84fe253dbc481dcfe6d) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
22:03:11.0291 0264	VcmINSMgr - ok
22:03:11.0899 0264	VcmXmlIfHelper  (32a3735f6874b7783c6209ed5ca36d9d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
22:03:11.0915 0264	VcmXmlIfHelper - ok
22:03:12.0570 0264	VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
22:03:12.0585 0264	VCService - ok
22:03:13.0350 0264	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:03:13.0350 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
22:03:14.0021 0264	vdrvroot ( LockedFile.Multi.Generic ) - warning
22:03:14.0021 0264	vdrvroot - detected LockedFile.Multi.Generic (1)
22:03:14.0691 0264	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:03:14.0801 0264	vds - ok
22:03:15.0783 0264	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:15.0783 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
22:03:16.0361 0264	vga ( LockedFile.Multi.Generic ) - warning
22:03:16.0361 0264	vga - detected LockedFile.Multi.Generic (1)
22:03:17.0031 0264	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:03:17.0031 0264	Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
22:03:17.0546 0264	VgaSave ( LockedFile.Multi.Generic ) - warning
22:03:17.0546 0264	VgaSave - detected LockedFile.Multi.Generic (1)
22:03:18.0077 0264	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:03:18.0077 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2ce2df28c83aeaf30084e1b1eb253cbb
22:03:18.0545 0264	vhdmp ( LockedFile.Multi.Generic ) - warning
22:03:18.0545 0264	vhdmp - detected LockedFile.Multi.Generic (1)
22:03:19.0013 0264	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:03:19.0028 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
22:03:19.0465 0264	viaide ( LockedFile.Multi.Generic ) - warning
22:03:19.0465 0264	viaide - detected LockedFile.Multi.Generic (1)
22:03:19.0933 0264	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:03:19.0933 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: d2aafd421940f640b407aefaaebd91b0
22:03:20.0370 0264	volmgr ( LockedFile.Multi.Generic ) - warning
22:03:20.0370 0264	volmgr - detected LockedFile.Multi.Generic (1)
22:03:20.0900 0264	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:03:20.0900 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: a255814907c89be58b79ef2f189b843b
22:03:21.0665 0264	volmgrx ( LockedFile.Multi.Generic ) - warning
22:03:21.0665 0264	volmgrx - detected LockedFile.Multi.Generic (1)
22:03:22.0335 0264	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:03:22.0335 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0d08d2f3b3ff84e433346669b5e0f639
22:03:22.0866 0264	volsnap ( LockedFile.Multi.Generic ) - warning
22:03:22.0866 0264	volsnap - detected LockedFile.Multi.Generic (1)
22:03:23.0443 0264	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:03:23.0443 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
22:03:23.0895 0264	vsmraid ( LockedFile.Multi.Generic ) - warning
22:03:23.0895 0264	vsmraid - detected LockedFile.Multi.Generic (1)
22:03:24.0519 0264	VSNService      (03f6f618367cb16a2176b8db4215d1f9) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
22:03:24.0566 0264	VSNService - ok
22:03:25.0471 0264	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:03:25.0596 0264	VSS - ok
22:03:26.0469 0264	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
22:03:26.0547 0264	VUAgent - ok
22:03:27.0437 0264	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:03:27.0437 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36d4720b72b5c5d9cb2b9c29e9df67a1
22:03:28.0107 0264	vwifibus ( LockedFile.Multi.Generic ) - warning
22:03:28.0107 0264	vwifibus - detected LockedFile.Multi.Generic (1)
22:03:28.0731 0264	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:03:28.0731 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6a3d66263414ff0d6fa754c646612f3f
22:03:29.0246 0264	vwififlt ( LockedFile.Multi.Generic ) - warning
22:03:29.0246 0264	vwififlt - detected LockedFile.Multi.Generic (1)
22:03:29.0730 0264	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:03:29.0730 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6a638fc4bfddc4d9b186c28c91bd1a01
22:03:30.0182 0264	vwifimp ( LockedFile.Multi.Generic ) - warning
22:03:30.0182 0264	vwifimp - detected LockedFile.Multi.Generic (1)
22:03:30.0697 0264	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:03:30.0822 0264	W32Time - ok
22:03:32.0163 0264	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:03:32.0163 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
22:03:32.0741 0264	WacomPen ( LockedFile.Multi.Generic ) - warning
22:03:32.0741 0264	WacomPen - detected LockedFile.Multi.Generic (1)
22:03:33.0287 0264	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:33.0287 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
22:03:33.0755 0264	WANARP ( LockedFile.Multi.Generic ) - warning
22:03:33.0755 0264	WANARP - detected LockedFile.Multi.Generic (1)
22:03:34.0238 0264	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:34.0238 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
22:03:34.0691 0264	Wanarpv6 ( LockedFile.Multi.Generic ) - warning
22:03:34.0691 0264	Wanarpv6 - detected LockedFile.Multi.Generic (1)
22:03:35.0299 0264	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:03:35.0393 0264	wbengine - ok
22:03:36.0001 0264	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:03:36.0063 0264	WbioSrvc - ok
22:03:36.0843 0264	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:03:36.0921 0264	wcncsvc - ok
22:03:37.0748 0264	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:03:37.0795 0264	WcsPlugInService - ok
22:03:38.0403 0264	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:03:38.0403 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
22:03:39.0074 0264	Wd ( LockedFile.Multi.Generic ) - warning
22:03:39.0074 0264	Wd - detected LockedFile.Multi.Generic (1)
22:03:39.0807 0264	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:03:39.0807 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
22:03:40.0385 0264	Wdf01000 ( LockedFile.Multi.Generic ) - warning
22:03:40.0385 0264	Wdf01000 - detected LockedFile.Multi.Generic (1)
22:03:40.0915 0264	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:03:40.0977 0264	WdiServiceHost - ok
22:03:41.0461 0264	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:03:41.0508 0264	WdiSystemHost - ok
22:03:42.0038 0264	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:03:42.0101 0264	WebClient - ok
22:03:42.0865 0264	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:03:42.0974 0264	Wecsvc - ok
22:03:43.0817 0264	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:03:43.0895 0264	wercplsupport - ok
22:03:44.0550 0264	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:03:44.0628 0264	WerSvc - ok
22:03:45.0221 0264	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:03:45.0221 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
22:03:45.0907 0264	WfpLwf ( LockedFile.Multi.Generic ) - warning
22:03:45.0907 0264	WfpLwf - detected LockedFile.Multi.Generic (1)
22:03:46.0484 0264	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:03:46.0484 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
22:03:47.0015 0264	WIMMount ( LockedFile.Multi.Generic ) - warning
22:03:47.0015 0264	WIMMount - detected LockedFile.Multi.Generic (1)
22:03:48.0621 0264	WinHttpAutoProxySvc - ok
22:03:49.0355 0264	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:03:49.0448 0264	Winmgmt - ok
22:03:50.0306 0264	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:03:50.0447 0264	WinRM - ok
22:03:52.0272 0264	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:03:52.0272 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: fe88b288356e7b47b74b13372add906d
22:03:53.0005 0264	WinUsb ( LockedFile.Multi.Generic ) - warning
22:03:53.0005 0264	WinUsb - detected LockedFile.Multi.Generic (1)
22:03:53.0738 0264	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:03:53.0847 0264	Wlansvc - ok
22:03:54.0549 0264	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:03:54.0565 0264	wlcrasvc - ok
22:03:55.0485 0264	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:03:55.0626 0264	wlidsvc - ok
22:03:56.0421 0264	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:03:56.0421 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
22:03:57.0092 0264	WmiAcpi ( LockedFile.Multi.Generic ) - warning
22:03:57.0092 0264	WmiAcpi - detected LockedFile.Multi.Generic (1)
22:03:58.0387 0264	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:03:58.0449 0264	wmiApSrv - ok
22:03:59.0276 0264	WMPNetworkSvc - ok
22:03:59.0994 0264	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:04:00.0025 0264	WPCSvc - ok
22:04:00.0680 0264	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:04:00.0743 0264	WPDBusEnum - ok
22:04:01.0351 0264	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:01.0351 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
22:04:01.0881 0264	ws2ifsl ( LockedFile.Multi.Generic ) - warning
22:04:01.0881 0264	ws2ifsl - detected LockedFile.Multi.Generic (1)
22:04:02.0396 0264	WSearch - ok
22:04:03.0597 0264	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:04:03.0753 0264	wuauserv - ok
22:04:04.0409 0264	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:04:04.0409 0264	Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: d3381dc54c34d79b22cee0d65ba91b7c
22:04:05.0251 0264	WudfPf ( LockedFile.Multi.Generic ) - warning
22:04:05.0251 0264	WudfPf - detected LockedFile.Multi.Generic (1)
22:04:05.0875 0264	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:05.0875 0264	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: cf8d590be3373029d57af80914190682
22:04:06.0437 0264	WUDFRd ( LockedFile.Multi.Generic ) - warning
22:04:06.0437 0264	WUDFRd - detected LockedFile.Multi.Generic (1)
22:04:07.0014 0264	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:04:07.0092 0264	wudfsvc - ok
22:04:07.0685 0264	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:04:07.0763 0264	WwanSvc - ok
22:04:10.0820 0264	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:04:11.0179 0264	\Device\Harddisk0\DR0 - ok
22:04:11.0179 0264	Boot (0x1200)   (106314c430212e3dc5792c8ce69be2bd) \Device\Harddisk0\DR0\Partition0
22:04:11.0195 0264	\Device\Harddisk0\DR0\Partition0 - ok
22:04:11.0226 0264	Boot (0x1200)   (7be582398a6988b0b8922ca07b3ffa6a) \Device\Harddisk0\DR0\Partition1
22:04:11.0226 0264	\Device\Harddisk0\DR0\Partition1 - ok
22:04:11.0226 0264	============================================================
22:04:11.0226 0264	Scan finished
22:04:11.0226 0264	============================================================
22:04:11.0257 3580	Detected object count: 196
22:04:11.0257 3580	Actual detected object count: 196
22:04:36.0139 3580	ErrDev ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580	ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0139 3580	exfat ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580	exfat ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0139 3580	f03f375b4aa00e1d ( LockedService.Multi.Generic ) - skipped by user
22:04:36.0139 3580	f03f375b4aa00e1d ( LockedService.Multi.Generic ) - User select action: Skip 
22:04:36.0139 3580	fastfat ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580	fastfat ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0139 3580	fdc ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580	fdc ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0139 3580	FileInfo ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580	FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0139 3580	Filetrace ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	flpydisk ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	FltMgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	FsDepends ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	fvevol ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	fvevol ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	HidBatt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0155 3580	HidBth ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580	HidBth ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	HidIr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	HidIr ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	HidUsb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	HTTP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	HTTP ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	i8042prt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	iaStor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	iaStor ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	iaStorV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	igfx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	igfx ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0170 3580	iirsp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580	iirsp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	IntcDAud ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	IntcDAud ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	intelide ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	intelide ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	intelppm ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	intelppm ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	IPNAT ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	IRENUM ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	isapnp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	isapnp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	kbdclass ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	kbdhid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0186 3580	KSecDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580	KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	ksthunk ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	lltdio ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	lltdio ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	luafv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	luafv ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	megasas ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	megasas ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	MegaSR ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	MEIx64 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	MEIx64 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0202 3580	Modem ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580	Modem ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	monitor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	monitor ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mouclass ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mouclass ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mouhid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mouhid ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mountmgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mpio ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mpio ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0217 3580	msahci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580	msahci ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	msdsm ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	msdsm ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	Msfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	Msfs ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	msisadrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	MSPQM ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	MsRPC ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	mssmbios ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	MSTEE ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	MTConfig ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0233 3580	Mup ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580	Mup ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NDIS ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NDIS ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NdisCap ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NdisWan ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NDProxy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	NetBT ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	NetBT ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	Npfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	Npfs ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0248 3580	nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580	nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	Ntfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	Null ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	Null ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	nvlddmkm ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	nvlddmkm ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	nvraid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	nvraid ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	nvstor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	nvstor ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	nv_agp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	Parport ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	Parport ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	partmgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	partmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	pci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	pci ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0264 3580	pciide ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580	pciide ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	pcmcia ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	pcw ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	pcw ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	Processor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	Processor ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	Psched ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	Psched ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	ql2300 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	ql40xx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	RasAcd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0280 3580	Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580	Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RasSstp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	rdbss ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	rdbss ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	rdpbus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RDPWD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	rdyboost ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RFCOMM ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RFCOMM ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	RSPCIESTOR ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	RSPCIESTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0295 3580	rspndr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580	rspndr ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	sbp2port ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	scfilter ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	scfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	sdbus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	sdbus ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	secdrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	secdrv ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	Serenum ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	Serenum ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	Serial ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	Serial ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	sermouse ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	sermouse ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	SFEP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	SFEP ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	sffdisk ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0311 3580	sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580	sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	sfloppy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	Smb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	Smb ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	spldr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	spldr ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	srv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	srv ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	srv2 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	srv2 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	srvnet ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	srvnet ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	stexstor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	stexstor ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	swenum ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580	swenum ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0326 3580	syshost32 ( LockedService.Multi.Generic ) - skipped by user
22:04:36.0326 3580	syshost32 ( LockedService.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	Tcpip ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	TDTCP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	tdx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	tdx ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	TermDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	TermDD ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	TsUsbGD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	TsUsbGD ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	tunnel ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	tunnel ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0342 3580	uagp35 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580	uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	udfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	udfs ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	umbus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	umbus ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	UmPass ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	UmPass ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	usbccgp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	usbcir ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	usbehci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	usbhub ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	usbohci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	usbprint ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0358 3580	usbscan ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580	usbscan ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	usbuhci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	usbvideo ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	vga ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	vga ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	VgaSave ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	vhdmp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	viaide ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	volmgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	volmgrx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0373 3580	volsnap ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580	volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	vsmraid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	vwifibus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	vwififlt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	vwifimp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	WacomPen ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	WANARP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	Wd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	WIMMount ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0389 3580	WinUsb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580	WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0404 3580	WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580	WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0404 3580	ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580	ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0404 3580	WudfPf ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580	WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
22:04:36.0404 3580	WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580	WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus · 05.06.2012, 21:59

Hm, da wird ne Menge angezeigt, einiges davon ist auch Murks. Das will ich jetzt aber nicht händisch mit dem TDSS-Killer machen.
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Annschie · 05.06.2012, 23:13

Wenn ich das Programm öffne, erscheint anfangs keine Warnmeldung, auch keine Anfrage auf Updates oder die Installation einer Wiederherstellungskonsole, es wird sofort irgendeine Analyse (?) durchgeführt, die relativ schnell geht, dann schließt sich das Fenster & meine Taskleiste ändert auf einmal das Design & die Farbe, nach paar Minuten taucht dann das Alte wieder auf.

Am Ende kommt auch kein combofix.txt und wenn ich das auf der C-Festplatte suche, find ich auch kein Ordner mit dem Namen. Irgendwie scheint's nicht zu funktionieren ;(

03.06.2012, 21:02	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Firewall und Windows Update Fehlermeldung 0x80070424 Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Windows Firewall und Windows Update Fehlermeldung 0x80070424

Plagegeister aller Art und deren Bekämpfung: Windows Firewall und Windows Update Fehlermeldung 0x80070424