| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computersperrung GVU Trojaner mit 100€ PaysafecardWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2013, 19:23
| #1 |
| |  Computersperrung GVU Trojaner mit 100€ Paysafecard Hallo  Vor gut einer Stunde wurde mein Laptop geblockt, und der bekannte Bildschirm der mich auffordert, 100 Euro zu überweisen damit diese Sperrung aufgehoben wird erscheint nun bei jedem hochfahren des Rechners in ungesichertem Modus. Nach kurzer Zeit des Googlens bin ich auf dieses Forum gestoßen und hoffe hier auf Hilfe Ich habe meinen Laptop nun in abgesichertem Modus gestartet und ihn auch mit dem Programm Malwarebytes nun gescannt und 2 "befallene" Programme gelöscht. Nach dem Neustart kann ich den Laptop nun wieder im normalen Modus starten. Aber ich habe gelesen, dass dieses Vorgehen nun noch nicht ausreicht. Ich hoffe ihr könnt mir relativ schnell helfen, da ich den Laptop dringend für mein Studium benötige  Allerdings muss ich auch sagen, dass ich von der Materie "Computer" eigentlich absolut keine Ahnung habe und also eher unter die Kategorie reiner Anwender falle, ich hoffe ihr seht es mir nach, sofern ich Fehler mache Nach dem Löschen der infizierten Programme durch die Malwarebytes Software erhielt ich folgenden Code PHP-Code: |
|
09.01.2013, 19:24
| #2 |
| /// Malware-holic   | Computersperrung GVU Trojaner mit 100€ Paysafecard Hi
__________________bitte aber nicht in php code posten. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
09.01.2013, 19:57
| #3 |
| | Computersperrung GVU Trojaner mit 100€ Paysafecard danke schonmal für deine Hilfe
__________________also, nachdem OTL den Scan durchgeführt hat, kam folgender Code: Code:
ATTFilter OTL logfile created on: 09.01.2013 19:30:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Justin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,27% Memory free 7,80 Gb Paging File | 5,54 Gb Available in Paging File | 70,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444,41 Gb Total Space | 326,59 Gb Free Space | 73,49% Space Free | Partition Type: NTFS Drive D: | 7,37 Gb Total Space | 7,36 Gb Free Space | 99,85% Space Free | Partition Type: FAT32 Computer Name: JUSTIN-VAIO | User Name: Justin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.09 18:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe PRC - [2012.12.11 22:54:53 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Justin\AppData\Roaming\Spotify\spotify.exe PRC - [2012.03.07 17:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe PRC - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe PRC - [2012.02.27 08:34:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.02.21 11:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.01.20 14:23:00 | 000,054,432 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2012.01.19 12:40:32 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.11.30 17:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.20 15:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ========== Modules (No Company Name) ========== MOD - [2012.12.11 22:54:53 | 020,220,376 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2012.11.16 03:35:46 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll MOD - [2012.11.16 03:35:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll MOD - [2012.11.16 03:31:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012.11.16 03:31:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.16 03:31:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.16 03:30:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.16 03:30:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012.11.16 03:30:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.16 03:30:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.16 03:30:35 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.16 03:30:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.06.10 04:01:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.05.25 16:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.05.25 15:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.05.25 15:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.11.30 17:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2013.01.09 15:25:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 20:20:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\virusscan\mcods.exe -- (McODS) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.26 08:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2012.03.21 16:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV - [2012.03.14 09:36:51 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service) SRV - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.02.09 08:43:45 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.20 14:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.01.19 12:40:32 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2012.01.19 12:22:08 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.01.10 12:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2012.01.06 15:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2012.01.06 15:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.12.29 15:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.12.21 12:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.12.21 12:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.12.01 09:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.26 17:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.04.18 21:00:50 | 000,223,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe -- (MOBK649backup) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.01.28 11:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\McAfee\MSC\McAWFwk.exe -- (McAWFwk) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.15 03:42:06 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.03.14 09:40:16 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.03.14 09:38:59 | 014,658,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 08:34:27 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 08:34:19 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 08:34:16 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012.02.21 22:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.02.09 08:43:54 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.02.09 06:34:36 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.01.19 12:31:32 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.01.19 12:31:02 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP) DRV:64bit: - [2012.01.19 12:30:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.01.19 12:30:32 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.01.19 12:30:02 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.01.19 12:29:44 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.01.19 12:29:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.01.19 12:29:14 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.01.19 12:29:02 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.01.16 10:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.04.18 21:00:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK649.sys -- (MOBK649Filter) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{FBD840EA-D3AE-4D67-A90D-9FE23B36382A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.4.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.08 11:52:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.11 12:35:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 20:20:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 20:20:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.10 17:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Extensions [2012.12.11 12:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Firefox\Profiles\5q5antka.default\extensions [2012.12.11 12:19:06 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\5q5antka.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.12.05 20:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 11:52:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2012.12.05 20:20:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 22:00:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20120810234533.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120810234533.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Spotify] C:\Users\Justin\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B316494-111A-44BC-A677-664F54BA1F9B}: DhcpNameServer = 192.54.104.29 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA1E5CEC-54D9-45B2-8502-FF6DB2076307}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{BB2326E0-1AAE-432B-89E1-7BFC8550CD09} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 19:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.01.09 19:14:52 | 000,000,000 | R--D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.01.09 18:57:18 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Malwarebytes [2013.01.09 18:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.09 18:57:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.09 18:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.09 18:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.09 18:56:36 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Programs [2013.01.09 18:30:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe [2012.12.11 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Spotify [2012.12.11 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Spotify [2012.12.11 18:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.11 18:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.11 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.11 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.11 18:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.09 19:30:58 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 19:30:58 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 19:30:58 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 19:30:58 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 19:30:58 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 19:29:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.01.09 19:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 19:21:27 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 19:21:27 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 19:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 19:13:59 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 18:57:11 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 18:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe [2013.01.09 18:21:42 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.09 18:07:05 | 000,002,915 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.25 03:17:42 | 000,303,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.11 22:54:55 | 000,001,813 | ---- | M] () -- C:\Users\Justin\Desktop\Spotify.lnk [2012.12.11 18:11:26 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.09 19:29:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.01.09 18:57:11 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 18:07:05 | 000,002,915 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 18:07:04 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.11 22:54:55 | 000,001,813 | ---- | C] () -- C:\Users\Justin\Desktop\Spotify.lnk [2012.12.11 22:54:55 | 000,001,799 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.12.11 18:11:26 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.07 14:35:54 | 000,019,106 | ---- | C] () -- C:\Windows\War3Unin.dat [2012.06.10 05:04:38 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2012.03.15 20:57:54 | 013,206,016 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.03.15 20:57:54 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.03.15 20:57:54 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.03.15 20:57:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.03.15 20:57:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.02.11 00:03:27 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.20 13:11:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DVDVideoSoft [2012.08.11 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.10 21:05:43 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\six-updater [2012.08.10 19:03:21 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\six-zsync [2012.12.11 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\SoftGrid Client [2013.01.09 19:16:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify [2012.08.17 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TP [2012.08.12 22:53:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.11 21:04:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.08.13 11:57:37 | 000,000,000 | ---D | M] -- C:\26c245a8aae495e4ff954b23b44a0d [2012.12.11 18:20:26 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.06.10 03:45:19 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.08.10 16:51:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.06.10 03:19:55 | 000,000,000 | ---D | M] -- C:\Intel [2012.08.17 15:36:38 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.11 18:10:18 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.09 18:57:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.09 18:57:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.08.10 16:51:00 | 000,000,000 | -HSD | M] -- C:\Programme [2013.01.09 19:32:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.10 03:49:28 | 000,000,000 | ---D | M] -- C:\temp [2012.08.10 16:51:09 | 000,000,000 | R--D | M] -- C:\Users [2012.06.10 04:13:52 | 000,000,000 | ---D | M] -- C:\VAIO Sample Contents [2013.01.09 18:22:25 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,013,978 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.10 03:51:02 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys [2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys [2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b6f2349de4a55e89\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.09 19:32:00 | 001,835,008 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT [2013.01.09 19:32:00 | 000,262,144 | -HS- | M] () -- C:\Users\Justin\ntuser.dat.LOG1 [2012.08.10 16:51:15 | 000,000,000 | -HS- | M] () -- C:\Users\Justin\ntuser.dat.LOG2 [2012.08.10 17:16:15 | 000,065,536 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.08.10 17:16:15 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.08.10 17:16:15 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.08.15 03:11:18 | 000,065,536 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{5c28d4ef-e536-11e1-8dd2-08edb9ba266c}.TM.blf [2012.08.15 03:11:18 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{5c28d4ef-e536-11e1-8dd2-08edb9ba266c}.TMContainer00000000000000000001.regtrans-ms [2012.08.15 03:11:18 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{5c28d4ef-e536-11e1-8dd2-08edb9ba266c}.TMContainer00000000000000000002.regtrans-ms [2012.08.19 21:47:16 | 000,065,536 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{be56d0b2-ea3b-11e1-a99f-08edb9ba266c}.TM.blf [2012.08.19 21:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{be56d0b2-ea3b-11e1-a99f-08edb9ba266c}.TMContainer00000000000000000001.regtrans-ms [2012.08.19 21:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{be56d0b2-ea3b-11e1-a99f-08edb9ba266c}.TMContainer00000000000000000002.regtrans-ms [2012.08.10 16:51:15 | 000,000,020 | -HS- | M] () -- C:\Users\Justin\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
09.01.2013, 19:59
| #4 |
| /// Malware-holic | Computersperrung GVU Trojaner mit 100€ Paysafecard hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.09 18:07:05 | 000,002,915 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 18:07:04 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 20:08
| #5 |
| | Computersperrung GVU Trojaner mit 100€ Paysafecard So, alles gemacht wie du gesagt hast Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 56468 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Justin
->Flash cache emptied: 58271 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Justin
->Temp folder emptied: 928379825 bytes
->Temporary Internet Files folder emptied: 20425374 bytes
->Java cache emptied: 205164 bytes
->FireFox cache emptied: 71539447 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530673731 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 143198 bytes
RecycleBin emptied: 17864156594 bytes
Total Files Cleaned = 18.516,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01092013_200241
Files\Folders moved on Reboot...
File\Folder C:\Users\Justin\AppData\Local\Temp\CVHLauncher(201301091929134D8).log not found!
C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Justin\AppData\Local\Temp\trayicon-5108-20130109-191449.log moved successfully.
File\Folder C:\Users\Justin\AppData\Local\Temp\~DF4CACCC63B6550C47.TMP not found!
File\Folder C:\Users\Justin\AppData\Local\Temp\~DF5A01C1D453995CBD.TMP not found!
File\Folder C:\Users\Justin\AppData\Local\Temp\~DFA7E303AF0BE8F2FB.TMP not found!
File\Folder C:\Users\Justin\AppData\Local\Temp\~DFEA05F8929190BE53.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.01.2013, 20:16
| #6 |
| /// Malware-holic | Computersperrung GVU Trojaner mit 100€ Paysafecard Hi, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> Computersperrung GVU Trojaner mit 100€ Paysafecard |
|
09.01.2013, 20:38
| #7 |
| | Computersperrung GVU Trojaner mit 100€ Paysafecard ich weiß grad nicht ob ich das jetzt richtig gemacht hab, aber ich hoffe es einfach mal Code:
ATTFilter 20:31:03.0603 2836 ============================================================
20:31:03.0603 2836 Scan started
20:31:03.0603 2836 Mode: Manual; SigCheck; TDLFS;
20:31:03.0603 2836 ============================================================
20:31:03.0868 2836 ================ Scan system memory ========================
20:31:03.0868 2836 System memory - ok
20:31:03.0868 2836 ================ Scan services =============================
20:31:04.0056 2836 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:31:04.0102 2836 1394ohci - ok
20:31:04.0180 2836 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:31:04.0212 2836 ACDaemon - ok
20:31:04.0227 2836 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:31:04.0258 2836 ACPI - ok
20:31:04.0258 2836 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:31:04.0274 2836 AcpiPmi - ok
20:31:04.0383 2836 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:31:04.0414 2836 AdobeFlashPlayerUpdateSvc - ok
20:31:04.0446 2836 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:31:04.0461 2836 adp94xx - ok
20:31:04.0477 2836 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:31:04.0492 2836 adpahci - ok
20:31:04.0492 2836 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:31:04.0508 2836 adpu320 - ok
20:31:04.0539 2836 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:31:04.0570 2836 AeLookupSvc - ok
20:31:04.0586 2836 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:31:04.0617 2836 AFD - ok
20:31:04.0633 2836 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:31:04.0648 2836 agp440 - ok
20:31:04.0664 2836 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:31:04.0680 2836 ALG - ok
20:31:04.0680 2836 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:31:04.0695 2836 aliide - ok
20:31:04.0695 2836 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:31:04.0711 2836 amdide - ok
20:31:04.0711 2836 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:31:04.0726 2836 AmdK8 - ok
20:31:04.0726 2836 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:31:04.0742 2836 AmdPPM - ok
20:31:04.0773 2836 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:31:04.0773 2836 amdsata - ok
20:31:04.0804 2836 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:31:04.0820 2836 amdsbs - ok
20:31:04.0820 2836 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:31:04.0836 2836 amdxata - ok
20:31:04.0836 2836 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:31:04.0867 2836 AppID - ok
20:31:04.0882 2836 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:31:04.0929 2836 AppIDSvc - ok
20:31:04.0945 2836 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:31:04.0976 2836 Appinfo - ok
20:31:05.0023 2836 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:31:05.0054 2836 Apple Mobile Device - ok
20:31:05.0070 2836 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:31:05.0085 2836 arc - ok
20:31:05.0101 2836 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:31:05.0116 2836 arcsas - ok
20:31:05.0148 2836 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:31:05.0148 2836 ArcSoftKsUFilter - ok
20:31:05.0226 2836 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:31:05.0241 2836 aspnet_state - ok
20:31:05.0257 2836 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:05.0304 2836 AsyncMac - ok
20:31:05.0319 2836 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:31:05.0319 2836 atapi - ok
20:31:05.0335 2836 [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
20:31:05.0350 2836 AthBTPort - ok
20:31:05.0397 2836 [ 86F8A0A8D59D0AE2B1096F3103F0E0AD ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:31:05.0413 2836 AtherosSvc - ok
20:31:05.0475 2836 [ 237EE0B7A65D55E08EB7530F77423480 ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:31:05.0522 2836 athr - ok
20:31:05.0553 2836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:31:05.0584 2836 AudioEndpointBuilder - ok
20:31:05.0616 2836 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:31:05.0662 2836 AudioSrv - ok
20:31:05.0678 2836 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:31:05.0694 2836 AxInstSV - ok
20:31:05.0725 2836 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:31:05.0740 2836 b06bdrv - ok
20:31:05.0772 2836 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:05.0787 2836 b57nd60a - ok
20:31:05.0818 2836 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:31:05.0834 2836 BBSvc - ok
20:31:05.0850 2836 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:31:05.0865 2836 BDESVC - ok
20:31:05.0881 2836 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:31:05.0928 2836 Beep - ok
20:31:05.0943 2836 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:31:05.0974 2836 BFE - ok
20:31:06.0021 2836 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:31:06.0052 2836 BITS - ok
20:31:06.0068 2836 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:06.0084 2836 blbdrive - ok
20:31:06.0130 2836 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:31:06.0146 2836 Bonjour Service - ok
20:31:06.0162 2836 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:31:06.0177 2836 bowser - ok
20:31:06.0193 2836 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:31:06.0208 2836 BrFiltLo - ok
20:31:06.0224 2836 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:31:06.0240 2836 BrFiltUp - ok
20:31:06.0286 2836 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:31:06.0302 2836 Browser - ok
20:31:06.0318 2836 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:31:06.0333 2836 Brserid - ok
20:31:06.0333 2836 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:06.0349 2836 BrSerWdm - ok
20:31:06.0349 2836 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:06.0364 2836 BrUsbMdm - ok
20:31:06.0364 2836 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:06.0380 2836 BrUsbSer - ok
20:31:06.0411 2836 [ C05ED3246C06EC56F10D85B0304CD09E ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
20:31:06.0427 2836 BTATH_A2DP - ok
20:31:06.0458 2836 [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
20:31:06.0489 2836 btath_avdt - ok
20:31:06.0520 2836 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
20:31:06.0536 2836 BTATH_BUS - ok
20:31:06.0536 2836 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:31:06.0552 2836 BTATH_HCRP - ok
20:31:06.0567 2836 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:31:06.0583 2836 BTATH_LWFLT - ok
20:31:06.0598 2836 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
20:31:06.0614 2836 BTATH_RCP - ok
20:31:06.0630 2836 [ 680BE9ED6431DAFA844F5F7B61B11F9A ] BTATH_VDP C:\Windows\system32\drivers\btath_vdp.sys
20:31:06.0645 2836 BTATH_VDP - ok
20:31:06.0676 2836 [ 4FBDD8AF372ED5CB2EA63C0890C62435 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
20:31:06.0692 2836 BtFilter - ok
20:31:06.0723 2836 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:31:06.0739 2836 BthEnum - ok
20:31:06.0754 2836 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:31:06.0770 2836 BTHMODEM - ok
20:31:06.0801 2836 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:31:06.0817 2836 BthPan - ok
20:31:06.0848 2836 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:31:06.0895 2836 BTHPORT - ok
20:31:06.0910 2836 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:31:06.0942 2836 bthserv - ok
20:31:06.0957 2836 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:31:06.0973 2836 BTHUSB - ok
20:31:06.0988 2836 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:31:07.0035 2836 cdfs - ok
20:31:07.0051 2836 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:31:07.0066 2836 cdrom - ok
20:31:07.0082 2836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:31:07.0113 2836 CertPropSvc - ok
20:31:07.0144 2836 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
20:31:07.0160 2836 cfwids - ok
20:31:07.0176 2836 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:31:07.0191 2836 circlass - ok
20:31:07.0222 2836 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:31:07.0238 2836 CLFS - ok
20:31:07.0285 2836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:07.0316 2836 clr_optimization_v2.0.50727_32 - ok
20:31:07.0363 2836 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:31:07.0378 2836 clr_optimization_v2.0.50727_64 - ok
20:31:07.0425 2836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:07.0441 2836 clr_optimization_v4.0.30319_32 - ok
20:31:07.0456 2836 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:31:07.0472 2836 clr_optimization_v4.0.30319_64 - ok
20:31:07.0488 2836 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:07.0503 2836 CmBatt - ok
20:31:07.0519 2836 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:31:07.0534 2836 cmdide - ok
20:31:07.0566 2836 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:31:07.0597 2836 CNG - ok
20:31:07.0612 2836 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:31:07.0612 2836 Compbatt - ok
20:31:07.0628 2836 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:31:07.0644 2836 CompositeBus - ok
20:31:07.0644 2836 COMSysApp - ok
20:31:07.0706 2836 [ B045E4A252442D6223994AA5765438B8 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:31:07.0737 2836 cphs - ok
20:31:07.0753 2836 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:31:07.0768 2836 crcdisk - ok
20:31:07.0800 2836 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:31:07.0831 2836 CryptSvc - ok
20:31:07.0924 2836 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:31:07.0940 2836 cvhsvc - ok
20:31:08.0018 2836 [ 461A0688205D088D2A2EBEEDEE81622E ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
20:31:08.0034 2836 DCDhcpService - ok
20:31:08.0080 2836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:31:08.0127 2836 DcomLaunch - ok
20:31:08.0158 2836 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:31:08.0190 2836 defragsvc - ok
20:31:08.0221 2836 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:31:08.0252 2836 DfsC - ok
20:31:08.0283 2836 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
20:31:08.0299 2836 dg_ssudbus - ok
20:31:08.0314 2836 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:31:08.0330 2836 Dhcp - ok
20:31:08.0346 2836 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:31:08.0377 2836 discache - ok
20:31:08.0408 2836 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:31:08.0408 2836 Disk - ok
20:31:08.0439 2836 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:31:08.0486 2836 Dnscache - ok
20:31:08.0486 2836 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:31:08.0533 2836 dot3svc - ok
20:31:08.0548 2836 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:31:08.0580 2836 DPS - ok
20:31:08.0595 2836 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:31:08.0611 2836 drmkaud - ok
20:31:08.0642 2836 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:31:08.0673 2836 DXGKrnl - ok
20:31:08.0689 2836 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
20:31:08.0704 2836 e1yexpress - ok
20:31:08.0736 2836 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:31:08.0767 2836 EapHost - ok
20:31:08.0845 2836 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:31:08.0907 2836 ebdrv - ok
20:31:08.0923 2836 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:31:08.0938 2836 EFS - ok
20:31:09.0016 2836 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:31:09.0048 2836 ehRecvr - ok
20:31:09.0063 2836 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:31:09.0079 2836 ehSched - ok
20:31:09.0110 2836 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:31:09.0141 2836 elxstor - ok
20:31:09.0157 2836 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:31:09.0172 2836 ErrDev - ok
20:31:09.0204 2836 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:31:09.0235 2836 EventSystem - ok
20:31:09.0282 2836 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:31:09.0313 2836 exfat - ok
20:31:09.0313 2836 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:31:09.0344 2836 fastfat - ok
20:31:09.0375 2836 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:31:09.0391 2836 Fax - ok
20:31:09.0391 2836 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:31:09.0406 2836 fdc - ok
20:31:09.0422 2836 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:31:09.0453 2836 fdPHost - ok
20:31:09.0469 2836 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:31:09.0500 2836 FDResPub - ok
20:31:09.0516 2836 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:31:09.0516 2836 FileInfo - ok
20:31:09.0547 2836 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:31:09.0578 2836 Filetrace - ok
20:31:09.0594 2836 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:31:09.0609 2836 flpydisk - ok
20:31:09.0625 2836 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:31:09.0640 2836 FltMgr - ok
20:31:09.0672 2836 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:31:09.0703 2836 FontCache - ok
20:31:09.0750 2836 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:09.0781 2836 FontCache3.0.0.0 - ok
20:31:09.0812 2836 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:31:09.0828 2836 FsDepends - ok
20:31:09.0859 2836 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:31:09.0890 2836 Fs_Rec - ok
20:31:09.0906 2836 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:31:09.0921 2836 fvevol - ok
20:31:09.0937 2836 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:31:09.0952 2836 gagp30kx - ok
20:31:09.0984 2836 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:31:09.0999 2836 GamesAppService - ok
20:31:10.0030 2836 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:10.0062 2836 GEARAspiWDM - ok
20:31:10.0093 2836 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:31:10.0140 2836 gpsvc - ok
20:31:10.0171 2836 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:31:10.0171 2836 hcw85cir - ok
20:31:10.0202 2836 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:10.0218 2836 HdAudAddService - ok
20:31:10.0233 2836 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:10.0249 2836 HDAudBus - ok
20:31:10.0249 2836 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:31:10.0264 2836 HidBatt - ok
20:31:10.0264 2836 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:31:10.0280 2836 HidBth - ok
20:31:10.0280 2836 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:31:10.0296 2836 HidIr - ok
20:31:10.0311 2836 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:31:10.0342 2836 hidserv - ok
20:31:10.0342 2836 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:31:10.0358 2836 HidUsb - ok
20:31:10.0405 2836 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:31:10.0467 2836 hkmsvc - ok
20:31:10.0483 2836 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:31:10.0498 2836 HomeGroupListener - ok
20:31:10.0530 2836 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:31:10.0545 2836 HomeGroupProvider - ok
20:31:10.0576 2836 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:31:10.0576 2836 HpSAMD - ok
20:31:10.0608 2836 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:31:10.0639 2836 HTTP - ok
20:31:10.0654 2836 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:31:10.0670 2836 hwpolicy - ok
20:31:10.0670 2836 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:10.0686 2836 i8042prt - ok
20:31:10.0732 2836 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
20:31:10.0779 2836 iaStor - ok
20:31:10.0826 2836 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:31:10.0857 2836 IAStorDataMgrSvc - ok
20:31:10.0888 2836 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:31:10.0904 2836 iaStorV - ok
20:31:11.0013 2836 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
20:31:11.0060 2836 IconMan_R - ok
20:31:11.0091 2836 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:11.0122 2836 idsvc - ok
20:31:11.0372 2836 [ 11BA677667432A99CA261A472A2C29B8 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:11.0528 2836 igfx - ok
20:31:11.0559 2836 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:31:11.0575 2836 iirsp - ok
20:31:11.0606 2836 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:31:11.0653 2836 IKEEXT - ok
20:31:11.0762 2836 [ E83BB47C3446F0497019DE7FD6C6A86F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:31:11.0840 2836 IntcAzAudAddService - ok
20:31:11.0887 2836 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:31:11.0887 2836 IntcDAud - ok
20:31:11.0934 2836 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:31:11.0980 2836 Intel(R) Capability Licensing Service Interface - ok
20:31:12.0012 2836 [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
20:31:12.0012 2836 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - warning
20:31:12.0012 2836 Intel(R) ME Service - detected UnsignedFile.Multi.Generic (1)
20:31:12.0027 2836 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:31:12.0043 2836 intelide - ok
20:31:12.0074 2836 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:31:12.0090 2836 intelppm - ok
20:31:12.0105 2836 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:31:12.0152 2836 IPBusEnum - ok
20:31:12.0152 2836 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:12.0183 2836 IpFilterDriver - ok
20:31:12.0230 2836 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:31:12.0277 2836 iphlpsvc - ok
20:31:12.0277 2836 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:31:12.0292 2836 IPMIDRV - ok
20:31:12.0308 2836 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:31:12.0339 2836 IPNAT - ok
20:31:12.0386 2836 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:31:12.0417 2836 iPod Service - ok
20:31:12.0433 2836 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:31:12.0448 2836 IRENUM - ok
20:31:12.0464 2836 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:31:12.0464 2836 isapnp - ok
20:31:12.0495 2836 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:31:12.0495 2836 iScsiPrt - ok
20:31:12.0526 2836 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:31:12.0542 2836 iusb3hcs - ok
20:31:12.0558 2836 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
20:31:12.0573 2836 iusb3hub - ok
20:31:12.0604 2836 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:31:12.0620 2836 iusb3xhc - ok
20:31:12.0651 2836 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:31:12.0667 2836 jhi_service - ok
20:31:12.0682 2836 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:12.0698 2836 kbdclass - ok
20:31:12.0698 2836 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:31:12.0714 2836 kbdhid - ok
20:31:12.0729 2836 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:31:12.0745 2836 KeyIso - ok
20:31:12.0792 2836 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:31:12.0792 2836 KSecDD - ok
20:31:12.0807 2836 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:31:12.0823 2836 KSecPkg - ok
20:31:12.0854 2836 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:31:12.0885 2836 ksthunk - ok
20:31:12.0916 2836 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:31:12.0948 2836 KtmRm - ok
20:31:12.0979 2836 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:31:13.0026 2836 LanmanServer - ok
20:31:13.0026 2836 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:13.0072 2836 LanmanWorkstation - ok
20:31:13.0072 2836 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:31:13.0104 2836 lltdio - ok
20:31:13.0135 2836 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:31:13.0166 2836 lltdsvc - ok
20:31:13.0166 2836 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:31:13.0213 2836 lmhosts - ok
20:31:13.0228 2836 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:31:13.0228 2836 LMS - ok
20:31:13.0260 2836 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:31:13.0275 2836 LSI_FC - ok
20:31:13.0275 2836 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:31:13.0291 2836 LSI_SAS - ok
20:31:13.0291 2836 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:31:13.0306 2836 LSI_SAS2 - ok
20:31:13.0306 2836 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:31:13.0322 2836 LSI_SCSI - ok
20:31:13.0338 2836 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:31:13.0369 2836 luafv - ok
20:31:13.0431 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0462 2836 McAfee SiteAdvisor Service - ok
20:31:13.0509 2836 [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
20:31:13.0540 2836 McAWFwk - ok
20:31:13.0556 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0572 2836 McMPFSvc - ok
20:31:13.0572 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0587 2836 mcmscsvc - ok
20:31:13.0587 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0603 2836 McNaiAnn - ok
20:31:13.0618 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0618 2836 McNASvc - ok
20:31:13.0665 2836 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
20:31:13.0681 2836 McODS - ok
20:31:13.0696 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0712 2836 McOobeSv - ok
20:31:13.0712 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0728 2836 McProxy - ok
20:31:13.0759 2836 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:31:13.0790 2836 McShield - ok
20:31:13.0806 2836 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:31:13.0821 2836 Mcx2Svc - ok
20:31:13.0852 2836 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:31:13.0852 2836 megasas - ok
20:31:13.0884 2836 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:31:13.0899 2836 MegaSR - ok
20:31:13.0930 2836 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:31:13.0930 2836 MEIx64 - ok
20:31:13.0962 2836 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
20:31:13.0977 2836 mfeapfk - ok
20:31:13.0993 2836 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
20:31:14.0008 2836 mfeavfk - ok
20:31:14.0008 2836 mfeavfk01 - ok
20:31:14.0040 2836 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:31:14.0055 2836 mfefire - ok
20:31:14.0071 2836 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
20:31:14.0086 2836 mfefirek - ok
20:31:14.0102 2836 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
20:31:14.0118 2836 mfehidk - ok
20:31:14.0133 2836 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
20:31:14.0149 2836 mfenlfk - ok
20:31:14.0164 2836 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
20:31:14.0164 2836 mferkdet - ok
20:31:14.0180 2836 [ 4D0ECD05ABB518EA323F651F4AB8458F ] mfevtp C:\Windows\system32\mfevtps.exe
20:31:14.0196 2836 mfevtp - ok
20:31:14.0211 2836 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
20:31:14.0227 2836 mfewfpk - ok
20:31:14.0242 2836 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:31:14.0274 2836 MMCSS - ok
20:31:14.0336 2836 [ DB033326180514B9A45612CE14324F5C ] MOBK649backup C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe
20:31:14.0367 2836 MOBK649backup - ok
20:31:14.0398 2836 [ 3C69AA906EE867ADE4437ACD8460B43D ] MOBK649Filter C:\Windows\system32\DRIVERS\MOBK649.sys
20:31:14.0398 2836 MOBK649Filter - ok
20:31:14.0414 2836 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:31:14.0461 2836 Modem - ok
20:31:14.0476 2836 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:31:14.0492 2836 monitor - ok
20:31:14.0508 2836 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:31:14.0523 2836 mouclass - ok
20:31:14.0523 2836 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:31:14.0539 2836 mouhid - ok
20:31:14.0554 2836 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:31:14.0570 2836 mountmgr - ok
20:31:14.0617 2836 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:31:14.0632 2836 MozillaMaintenance - ok
20:31:14.0648 2836 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:31:14.0664 2836 mpio - ok
20:31:14.0679 2836 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:31:14.0710 2836 mpsdrv - ok
20:31:14.0742 2836 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:31:14.0788 2836 MpsSvc - ok
20:31:14.0788 2836 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:31:14.0804 2836 MRxDAV - ok
20:31:14.0820 2836 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:14.0835 2836 mrxsmb - ok
20:31:14.0851 2836 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:14.0866 2836 mrxsmb10 - ok
20:31:14.0882 2836 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:14.0898 2836 mrxsmb20 - ok
20:31:14.0913 2836 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:31:14.0929 2836 msahci - ok
20:31:14.0929 2836 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:31:14.0944 2836 msdsm - ok
20:31:14.0960 2836 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:31:14.0976 2836 MSDTC - ok
20:31:14.0991 2836 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:31:15.0022 2836 Msfs - ok
20:31:15.0022 2836 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:31:15.0069 2836 mshidkmdf - ok
20:31:15.0085 2836 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:31:15.0085 2836 msisadrv - ok
20:31:15.0116 2836 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:31:15.0147 2836 MSiSCSI - ok
20:31:15.0147 2836 msiserver - ok
20:31:15.0163 2836 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:15.0178 2836 MSK80Service - ok
20:31:15.0194 2836 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:31:15.0225 2836 MSKSSRV - ok
20:31:15.0241 2836 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:15.0272 2836 MSPCLOCK - ok
20:31:15.0272 2836 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:31:15.0303 2836 MSPQM - ok
20:31:15.0334 2836 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:31:15.0350 2836 MsRPC - ok
20:31:15.0350 2836 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:15.0366 2836 mssmbios - ok
20:31:15.0381 2836 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:31:15.0412 2836 MSTEE - ok
20:31:15.0412 2836 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:31:15.0428 2836 MTConfig - ok
20:31:15.0444 2836 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:31:15.0459 2836 Mup - ok
20:31:15.0490 2836 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:31:15.0522 2836 napagent - ok
20:31:15.0537 2836 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:31:15.0568 2836 NativeWifiP - ok
20:31:15.0600 2836 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:31:15.0631 2836 NDIS - ok
20:31:15.0646 2836 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:15.0678 2836 NdisCap - ok
20:31:15.0709 2836 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:15.0740 2836 NdisTapi - ok
20:31:15.0756 2836 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:15.0787 2836 Ndisuio - ok
20:31:15.0802 2836 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:15.0834 2836 NdisWan - ok
20:31:15.0849 2836 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:31:15.0880 2836 NDProxy - ok
20:31:15.0896 2836 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:31:15.0927 2836 NetBIOS - ok
20:31:15.0943 2836 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:31:15.0974 2836 NetBT - ok
20:31:15.0974 2836 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:31:15.0990 2836 Netlogon - ok
20:31:16.0021 2836 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:31:16.0052 2836 Netman - ok
20:31:16.0099 2836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0130 2836 NetMsmqActivator - ok
20:31:16.0130 2836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0146 2836 NetPipeActivator - ok
20:31:16.0161 2836 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:31:16.0192 2836 netprofm - ok
20:31:16.0192 2836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0208 2836 NetTcpActivator - ok
20:31:16.0208 2836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0224 2836 NetTcpPortSharing - ok
20:31:16.0255 2836 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:31:16.0270 2836 nfrd960 - ok
20:31:16.0302 2836 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:31:16.0317 2836 NlaSvc - ok
20:31:16.0333 2836 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:31:16.0364 2836 Npfs - ok
20:31:16.0380 2836 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:31:16.0411 2836 nsi - ok
20:31:16.0426 2836 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:31:16.0458 2836 nsiproxy - ok
20:31:16.0536 2836 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:31:16.0582 2836 Ntfs - ok
20:31:16.0614 2836 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:31:16.0645 2836 Null - ok
20:31:16.0848 2836 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:31:17.0004 2836 nvlddmkm - ok
20:31:17.0082 2836 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:31:17.0113 2836 nvraid - ok
20:31:17.0129 2836 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:31:17.0144 2836 nvstor - ok
20:31:17.0160 2836 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:31:17.0175 2836 nv_agp - ok
20:31:17.0191 2836 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:31:17.0191 2836 ohci1394 - ok
20:31:17.0238 2836 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:17.0253 2836 ose - ok
20:31:17.0394 2836 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:31:17.0472 2836 osppsvc - ok
20:31:17.0503 2836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:31:17.0519 2836 p2pimsvc - ok
20:31:17.0519 2836 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:31:17.0534 2836 p2psvc - ok
20:31:17.0565 2836 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:31:17.0581 2836 Parport - ok
20:31:17.0597 2836 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:31:17.0612 2836 partmgr - ok
20:31:17.0628 2836 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:31:17.0659 2836 PcaSvc - ok
20:31:17.0675 2836 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:31:17.0690 2836 pci - ok
20:31:17.0690 2836 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:31:17.0706 2836 pciide - ok
20:31:17.0721 2836 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:31:17.0737 2836 pcmcia - ok
20:31:17.0753 2836 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:31:17.0753 2836 pcw - ok
20:31:17.0784 2836 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:31:17.0815 2836 PEAUTH - ok
20:31:17.0893 2836 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:31:17.0924 2836 PerfHost - ok
20:31:17.0987 2836 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:31:18.0033 2836 pla - ok
20:31:18.0065 2836 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:31:18.0080 2836 PlugPlay - ok
20:31:18.0143 2836 [ 9C4D0DE187CBC24F658C52EFC93B1C73 ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
20:31:18.0174 2836 PMBDeviceInfoProvider - ok
20:31:18.0205 2836 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:31:18.0205 2836 PNRPAutoReg - ok
20:31:18.0236 2836 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:31:18.0252 2836 PNRPsvc - ok
20:31:18.0267 2836 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:31:18.0314 2836 PolicyAgent - ok
20:31:18.0330 2836 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:31:18.0361 2836 Power - ok
20:31:18.0377 2836 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:31:18.0423 2836 PptpMiniport - ok
20:31:18.0439 2836 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:31:18.0455 2836 Processor - ok
20:31:18.0470 2836 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:31:18.0486 2836 ProfSvc - ok
20:31:18.0486 2836 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:18.0501 2836 ProtectedStorage - ok
20:31:18.0517 2836 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:31:18.0548 2836 Psched - ok
20:31:18.0611 2836 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:31:18.0673 2836 ql2300 - ok
20:31:18.0673 2836 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:31:18.0689 2836 ql40xx - ok
20:31:18.0704 2836 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:31:18.0735 2836 QWAVE - ok
20:31:18.0751 2836 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:31:18.0782 2836 QWAVEdrv - ok
20:31:18.0782 2836 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:31:18.0813 2836 RasAcd - ok
20:31:18.0829 2836 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:18.0860 2836 RasAgileVpn - ok
20:31:18.0891 2836 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:31:18.0923 2836 RasAuto - ok
20:31:18.0938 2836 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:18.0969 2836 Rasl2tp - ok
20:31:19.0001 2836 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:31:19.0032 2836 RasMan - ok
20:31:19.0047 2836 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:19.0079 2836 RasPppoe - ok
20:31:19.0110 2836 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:31:19.0141 2836 RasSstp - ok
20:31:19.0157 2836 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:31:19.0188 2836 rdbss - ok
20:31:19.0203 2836 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
20:31:19.0219 2836 rdpbus - ok
20:31:19.0235 2836 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:19.0266 2836 RDPCDD - ok
20:31:19.0281 2836 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:31:19.0313 2836 RDPENCDD - ok
20:31:19.0328 2836 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:31:19.0359 2836 RDPREFMP - ok
20:31:19.0375 2836 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:31:19.0391 2836 RDPWD - ok
20:31:19.0422 2836 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:31:19.0437 2836 rdyboost - ok
20:31:19.0453 2836 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:31:19.0500 2836 RemoteAccess - ok
20:31:19.0531 2836 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:31:19.0562 2836 RemoteRegistry - ok
20:31:19.0593 2836 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:31:19.0609 2836 RFCOMM - ok
20:31:19.0609 2836 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:31:19.0656 2836 RpcEptMapper - ok
20:31:19.0671 2836 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:31:19.0687 2836 RpcLocator - ok
20:31:19.0718 2836 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:31:19.0749 2836 RpcSs - ok
20:31:19.0765 2836 [ EBBFA2B4E317AF86E93FEC4C04D7A9B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
20:31:19.0781 2836 RSPCIESTOR - ok
20:31:19.0812 2836 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:31:19.0843 2836 rspndr - ok
20:31:19.0874 2836 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:31:19.0890 2836 RTL8167 - ok
20:31:19.0905 2836 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:31:19.0921 2836 SamSs - ok
20:31:19.0937 2836 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:31:19.0952 2836 sbp2port - ok
20:31:19.0968 2836 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:31:19.0999 2836 SCardSvr - ok
20:31:20.0015 2836 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:31:20.0046 2836 scfilter - ok
20:31:20.0077 2836 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:31:20.0124 2836 Schedule - ok
20:31:20.0139 2836 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:31:20.0171 2836 SCPolicySvc - ok
20:31:20.0186 2836 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:31:20.0217 2836 sdbus - ok
20:31:20.0233 2836 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:31:20.0249 2836 SDRSVC - ok
20:31:20.0295 2836 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:31:20.0311 2836 SeaPort - ok
20:31:20.0327 2836 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:31:20.0358 2836 secdrv - ok
20:31:20.0389 2836 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:31:20.0420 2836 seclogon - ok
20:31:20.0436 2836 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:31:20.0467 2836 SENS - ok
20:31:20.0483 2836 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:31:20.0483 2836 SensrSvc - ok
20:31:20.0498 2836 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:31:20.0514 2836 Serenum - ok
20:31:20.0529 2836 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:31:20.0529 2836 Serial - ok
20:31:20.0545 2836 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:31:20.0561 2836 sermouse - ok
20:31:20.0576 2836 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:31:20.0607 2836 SessionEnv - ok
20:31:20.0639 2836 [ 85D0F874734C105D02280B39BF0AD23F ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
20:31:20.0639 2836 SFEP - ok
20:31:20.0639 2836 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:31:20.0654 2836 sffdisk - ok
20:31:20.0670 2836 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:31:20.0685 2836 sffp_mmc - ok
20:31:20.0685 2836 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:31:20.0701 2836 sffp_sd - ok
20:31:20.0701 2836 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:31:20.0717 2836 sfloppy - ok
20:31:20.0748 2836 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
20:31:20.0779 2836 Sftfs - ok
20:31:20.0857 2836 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:31:20.0873 2836 sftlist - ok
20:31:20.0888 2836 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:31:20.0904 2836 Sftplay - ok
20:31:20.0919 2836 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:31:20.0919 2836 Sftredir - ok
20:31:20.0951 2836 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
20:31:20.0982 2836 Sftvol - ok
20:31:21.0029 2836 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:31:21.0060 2836 sftvsa - ok
20:31:21.0107 2836 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:31:21.0153 2836 SharedAccess - ok
20:31:21.0185 2836 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:21.0216 2836 ShellHWDetection - ok
20:31:21.0247 2836 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:31:21.0247 2836 SiSRaid2 - ok
20:31:21.0263 2836 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:31:21.0278 2836 SiSRaid4 - ok
20:31:21.0294 2836 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:31:21.0294 2836 SkypeUpdate - ok
20:31:21.0309 2836 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:31:21.0341 2836 Smb - ok
20:31:21.0372 2836 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:31:21.0387 2836 SNMPTRAP - ok
20:31:21.0450 2836 [ 4AEA7A1C3CA06D95D6966C34D13C0D8B ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
20:31:21.0481 2836 SOHCImp - ok
20:31:21.0481 2836 [ 16FD95781117E13107D477AE36219E6F ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
20:31:21.0497 2836 SOHDs - ok
20:31:21.0528 2836 [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
20:31:21.0575 2836 SpfService - ok
20:31:21.0590 2836 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:31:21.0606 2836 spldr - ok
20:31:21.0668 2836 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:31:21.0715 2836 Spooler - ok
20:31:21.0809 2836 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:31:21.0871 2836 sppsvc - ok
20:31:21.0887 2836 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:31:21.0918 2836 sppuinotify - ok
20:31:21.0949 2836 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:31:21.0965 2836 srv - ok
20:31:21.0996 2836 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:31:22.0011 2836 srv2 - ok
20:31:22.0027 2836 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:31:22.0043 2836 srvnet - ok
20:31:22.0058 2836 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:31:22.0105 2836 SSDPSRV - ok
20:31:22.0121 2836 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:31:22.0152 2836 SstpSvc - ok
20:31:22.0183 2836 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
20:31:22.0214 2836 ssudmdm - ok
20:31:22.0230 2836 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:31:22.0245 2836 stexstor - ok
20:31:22.0277 2836 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:31:22.0308 2836 stisvc - ok
20:31:22.0323 2836 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:31:22.0339 2836 swenum - ok
20:31:22.0355 2836 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:31:22.0401 2836 swprv - ok
20:31:22.0433 2836 [ BD4F51AEF67AB7D57698BC4AAD983D1F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:31:22.0448 2836 SynTP - ok
20:31:22.0479 2836 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:31:22.0511 2836 SysMain - ok
20:31:22.0526 2836 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:22.0542 2836 TabletInputService - ok
20:31:22.0557 2836 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:31:22.0589 2836 TapiSrv - ok
20:31:22.0604 2836 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:31:22.0635 2836 TBS - ok
20:31:22.0713 2836 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:31:22.0760 2836 Tcpip - ok
20:31:22.0791 2836 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:31:22.0838 2836 TCPIP6 - ok
20:31:22.0838 2836 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:31:22.0854 2836 tcpipreg - ok
20:31:22.0885 2836 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:31:22.0901 2836 TDPIPE - ok
20:31:22.0916 2836 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:31:22.0932 2836 TDTCP - ok
20:31:22.0947 2836 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:31:22.0979 2836 tdx - ok
20:31:22.0994 2836 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:31:23.0010 2836 TermDD - ok
20:31:23.0041 2836 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:31:23.0072 2836 TermService - ok
20:31:23.0088 2836 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:31:23.0119 2836 Themes - ok
20:31:23.0135 2836 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:31:23.0166 2836 THREADORDER - ok
20:31:23.0181 2836 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:31:23.0228 2836 TrkWks - ok
20:31:23.0259 2836 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:23.0291 2836 TrustedInstaller - ok
20:31:23.0306 2836 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:23.0337 2836 tssecsrv - ok
20:31:23.0353 2836 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:31:23.0369 2836 TsUsbFlt - ok
20:31:23.0384 2836 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:31:23.0400 2836 TsUsbGD - ok
20:31:23.0415 2836 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:31:23.0447 2836 tunnel - ok
20:31:23.0447 2836 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:31:23.0462 2836 uagp35 - ok
20:31:23.0509 2836 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
20:31:23.0525 2836 uCamMonitor - ok
20:31:23.0540 2836 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:31:23.0571 2836 udfs - ok
20:31:23.0587 2836 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:31:23.0603 2836 UI0Detect - ok
20:31:23.0634 2836 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:31:23.0649 2836 uliagpkx - ok
20:31:23.0649 2836 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:31:23.0665 2836 umbus - ok
20:31:23.0681 2836 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:31:23.0681 2836 UmPass - ok
20:31:23.0759 2836 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:31:23.0805 2836 UNS - ok
20:31:23.0821 2836 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:31:23.0868 2836 upnphost - ok
20:31:23.0915 2836 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:31:23.0915 2836 USBAAPL64 - ok
20:31:23.0946 2836 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:23.0961 2836 usbccgp - ok
20:31:23.0977 2836 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:31:23.0993 2836 usbcir - ok
20:31:24.0008 2836 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:31:24.0008 2836 usbehci - ok
20:31:24.0039 2836 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:31:24.0055 2836 usbhub - ok
20:31:24.0071 2836 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:31:24.0086 2836 usbohci - ok
20:31:24.0102 2836 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:31:24.0117 2836 usbprint - ok
20:31:24.0133 2836 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:24.0149 2836 USBSTOR - ok
20:31:24.0149 2836 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:31:24.0164 2836 usbuhci - ok
20:31:24.0180 2836 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:31:24.0195 2836 usbvideo - ok
20:31:24.0227 2836 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:31:24.0258 2836 UxSms - ok
20:31:24.0289 2836 [ 203FD19D70549A2939E1AE3A36608151 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
20:31:24.0320 2836 VAIO Event Service - ok
20:31:24.0367 2836 [ 59308CD511A5F3EE33595FFD46F76B31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
20:31:24.0414 2836 VAIO Power Management - ok
20:31:24.0429 2836 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:31:24.0445 2836 VaultSvc - ok
20:31:24.0507 2836 [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
20:31:24.0554 2836 VCFw - ok
20:31:24.0585 2836 [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
20:31:24.0601 2836 VcmIAlzMgr - ok
20:31:24.0632 2836 [ FD5BD55C1854208BC9C51DBCFC3C1941 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
20:31:24.0648 2836 VcmINSMgr - ok
20:31:24.0679 2836 [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
20:31:24.0710 2836 VcmXmlIfHelper - ok
20:31:24.0741 2836 [ D076011ECD0D1310E879F32EBF3B4886 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
20:31:24.0757 2836 VCService - ok
20:31:24.0788 2836 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:31:24.0804 2836 vdrvroot - ok
20:31:24.0835 2836 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:31:24.0882 2836 vds - ok
20:31:24.0882 2836 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:24.0897 2836 vga - ok
20:31:24.0929 2836 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:31:24.0960 2836 VgaSave - ok
20:31:24.0960 2836 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:31:24.0975 2836 vhdmp - ok
20:31:24.0991 2836 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:31:24.0991 2836 viaide - ok
20:31:25.0007 2836 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:31:25.0022 2836 volmgr - ok
20:31:25.0038 2836 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:31:25.0053 2836 volmgrx - ok
20:31:25.0069 2836 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:31:25.0085 2836 volsnap - ok
20:31:25.0100 2836 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:31:25.0116 2836 vsmraid - ok
20:31:25.0178 2836 [ 596E65BDEE804CC6658A39756CC61849 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
20:31:25.0225 2836 VSNService - ok
20:31:25.0272 2836 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:31:25.0319 2836 VSS - ok
20:31:25.0365 2836 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
20:31:25.0397 2836 VUAgent - ok
20:31:25.0412 2836 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:31:25.0428 2836 vwifibus - ok
20:31:25.0459 2836 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:31:25.0475 2836 vwififlt - ok
20:31:25.0490 2836 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:31:25.0506 2836 vwifimp - ok
20:31:25.0553 2836 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:31:25.0615 2836 W32Time - ok
20:31:25.0631 2836 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:31:25.0646 2836 WacomPen - ok
20:31:25.0677 2836 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:31:25.0709 2836 WANARP - ok
20:31:25.0709 2836 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:31:25.0755 2836 Wanarpv6 - ok
20:31:25.0787 2836 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:31:25.0818 2836 wbengine - ok
20:31:25.0833 2836 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:31:25.0865 2836 WbioSrvc - ok
20:31:25.0896 2836 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:31:25.0911 2836 wcncsvc - ok
20:31:25.0927 2836 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:25.0927 2836 WcsPlugInService - ok
20:31:25.0943 2836 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:31:25.0958 2836 Wd - ok
20:31:26.0021 2836 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:31:26.0052 2836 Wdf01000 - ok
20:31:26.0067 2836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:31:26.0083 2836 WdiServiceHost - ok
20:31:26.0083 2836 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:31:26.0114 2836 WdiSystemHost - ok
20:31:26.0145 2836 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:31:26.0161 2836 WebClient - ok
20:31:26.0177 2836 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:31:26.0208 2836 Wecsvc - ok
20:31:26.0223 2836 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:31:26.0270 2836 wercplsupport - ok
20:31:26.0286 2836 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:31:26.0317 2836 WerSvc - ok
20:31:26.0348 2836 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:26.0379 2836 WfpLwf - ok
20:31:26.0379 2836 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:31:26.0395 2836 WIMMount - ok
20:31:26.0411 2836 WinDefend - ok
20:31:26.0426 2836 WinHttpAutoProxySvc - ok
20:31:26.0489 2836 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:31:26.0551 2836 Winmgmt - ok
20:31:26.0582 2836 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:31:26.0645 2836 WinRM - ok
20:31:26.0676 2836 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:26.0691 2836 WinUsb - ok
20:31:26.0723 2836 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:31:26.0754 2836 Wlansvc - ok
20:31:26.0785 2836 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:31:26.0801 2836 wlcrasvc - ok
20:31:26.0894 2836 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:31:26.0941 2836 wlidsvc - ok
20:31:26.0957 2836 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:31:26.0972 2836 WmiAcpi - ok
20:31:27.0003 2836 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:31:27.0019 2836 wmiApSrv - ok
20:31:27.0035 2836 WMPNetworkSvc - ok
20:31:27.0066 2836 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:31:27.0113 2836 WPCSvc - ok
20:31:27.0128 2836 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:31:27.0144 2836 WPDBusEnum - ok
20:31:27.0237 2836 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:31:27.0284 2836 ws2ifsl - ok
20:31:27.0315 2836 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:31:27.0331 2836 wscsvc - ok
20:31:27.0378 2836 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:31:27.0393 2836 WSDPrintDevice - ok
20:31:27.0393 2836 WSearch - ok
20:31:27.0487 2836 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:31:27.0534 2836 wuauserv - ok
20:31:27.0581 2836 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:31:27.0596 2836 WudfPf - ok
20:31:27.0612 2836 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:27.0612 2836 WUDFRd - ok
20:31:27.0659 2836 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:31:27.0690 2836 wudfsvc - ok
20:31:27.0705 2836 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:31:27.0737 2836 WwanSvc - ok
20:31:27.0768 2836 [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
20:31:27.0783 2836 ZAtheros Bt&Wlan Coex Agent - ok
20:31:27.0815 2836 ================ Scan global ===============================
20:31:27.0846 2836 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:31:27.0877 2836 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:31:27.0877 2836 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:31:27.0908 2836 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:31:27.0939 2836 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:31:27.0939 2836 [Global] - ok
20:31:27.0955 2836 ================ Scan MBR ==================================
20:31:27.0971 2836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:31:28.0470 2836 \Device\Harddisk0\DR0 - ok
20:31:28.0470 2836 ================ Scan VBR ==================================
20:31:28.0485 2836 [ F3F8221CA6CDA1434DED9F58073EE63C ] \Device\Harddisk0\DR0\Partition1
20:31:28.0485 2836 \Device\Harddisk0\DR0\Partition1 - ok
20:31:28.0517 2836 [ 9B90A1861802C112E2C1EDC1E6910FA2 ] \Device\Harddisk0\DR0\Partition2
20:31:28.0517 2836 \Device\Harddisk0\DR0\Partition2 - ok
20:31:28.0532 2836 ============================================================
20:31:28.0532 2836 Scan finished
20:31:28.0532 2836 ============================================================
20:31:28.0532 3792 Detected object count: 1
20:31:28.0532 3792 Actual detected object count: 1
20:31:43.0415 3792 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:43.0415 3792 Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.01.2013, 20:46
| #8 | |
| /// Malware-holic | Computersperrung GVU Trojaner mit 100€ Paysafecard Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 21:15
| #9 |
| | Computersperrung GVU Trojaner mit 100€ Paysafecard Hier jetzt der Combofix-Log Code:
ATTFilter ComboFix 13-01-08.01 - Justin 09.01.2013 21:03:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3996.2250 [GMT 1:00]
ausgeführt von:: D:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-09 bis 2013-01-09 ))))))))))))))))))))))))))))))
.
.
2013-01-09 20:09 . 2013-01-09 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-09 19:02 . 2013-01-09 19:02 -------- d-----w- C:\_OTL
2013-01-09 17:57 . 2013-01-09 17:57 -------- d-----w- c:\users\Justin\AppData\Roaming\Malwarebytes
2013-01-09 17:57 . 2013-01-09 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-09 17:57 . 2013-01-09 17:57 -------- d-----w- c:\programdata\Malwarebytes
2013-01-09 17:57 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-09 17:56 . 2013-01-09 17:56 -------- d-----w- c:\users\Justin\AppData\Local\Programs
2012-12-25 02:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-25 02:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-25 02:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-25 02:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 15:00 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 14:59 . 2012-10-04 17:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 21:54 . 2013-01-09 19:06 -------- d-----w- c:\users\Justin\AppData\Local\Spotify
2012-12-11 21:53 . 2013-01-09 19:10 -------- d-----w- c:\users\Justin\AppData\Roaming\Spotify
2012-12-11 17:10 . 2012-12-11 17:10 -------- d-----w- c:\program files\iPod
2012-12-11 17:10 . 2012-12-11 17:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-11 17:10 . 2012-12-11 17:11 -------- d-----w- c:\program files\iTunes
2012-12-11 17:10 . 2012-12-11 17:11 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 14:25 . 2012-06-10 02:51 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 14:25 . 2012-06-10 02:51 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 11:28 . 2012-11-25 11:28 40960 ----a-r- c:\users\Justin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-11-25 11:28 . 2012-11-25 11:28 40960 ----a-r- c:\users\Justin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-10-16 08:38 . 2012-11-28 12:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 12:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 12:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Justin\AppData\Roaming\Spotify\Spotify.exe" [2012-12-11 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-09 340072]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-09 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-01-19 158880]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-01-19 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-01-19 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-01-19 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-01-19 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-01-19 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-01-19 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-01-19 280992]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-01-19 421664]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-01-19 550560]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 787736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-09 565352]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 14:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-27 1158248]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://vaioportal.sony.eu/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Free YouTube to MP3 Converter - c:\users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\5q5antka.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-09 21:11:21
ComboFix-quarantined-files.txt 2013-01-09 20:11
.
Vor Suchlauf: 12 Verzeichnis(se), 369.820.553.216 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 369.300.393.984 Bytes frei
.
- - End Of File - - 3907C200EF83F8B819F8036443CF7A77
|
|
10.01.2013, 00:41
| #10 |
| /// Malware-holic | Computersperrung GVU Trojaner mit 100€ Paysafecard Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 14:12
| #11 |
| | Computersperrung GVU Trojaner mit 100€ Paysafecard so, hab ich eben mal gemacht. Ich hoffe es ist nicht falsch, wenn ich das jetzt als code poste? Code:
ATTFilter ACID Music Studio 8.0 Sony 10.06.2012 212MB 8.0.178 unbekannt ActiveX контрола на Windows Live Mesh за отдалечени връзки Microsoft Corporation 10.06.2012 5,57MB 15.4.5722.2 unbekannt ActiveX-kontroll för fjärranslutningar för Windows Live Mesh Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Adobe AIR Adobe Systems Incorporated 10.06.2012 2.7.0.19460 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 notwendig Adobe Reader X MUI Adobe Systems Incorporated 10.06.2012 470MB 10.0.0 notwendig Apple Application Support Apple Inc. 11.12.2012 65,0MB 2.3.2 notwendig Apple Mobile Device Support Apple Inc. 11.12.2012 25,1MB 6.0.1.3 notwendig Apple Software Update Apple Inc. 11.08.2012 2,38MB 2.1.3.127 notwendig ArcSoft Magic-i Visual Effects 2 ArcSoft 10.06.2012 69,5MB 2.0.1.161 notwendig ArcSoft WebCam Companion 4 ArcSoft 10.06.2012 81,3MB 4.0.21.457 notwendig Arma 2 Army of The Czech Republic (LITE) Uninstall 12.08.2012 notwendig ARMA 2 Operation Arrowhead Uninstall 11.08.2012 notwendig ArmA 2 Uninstall 11.08.2012 notwendig Atheros Bluetooth Suite (64) Atheros 10.06.2012 120MB 7.4.0.120 notwendig BattlEye for OA Uninstall 12.08.2012 notwendig BattlEye Uninstall 12.08.2012 notwendig BattlEye Uninstall 11.02.2011 notwendig Bing Bar Microsoft Corporation 10.06.2012 24,4MB 7.0.610.0 notwendig Bonjour Apple Inc. 11.08.2012 2,04MB 3.0.0.10 notwendig CCleaner Piriform 19.12.2012 3.26 notwendig Control ActiveX Windows Live Mesh pentru conexiuni la distanță Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Controlo ActiveX do Windows Live Mesh para Ligações Remotas Microsoft Corporation 10.06.2012 5,38MB 15.4.5722.2 unbekannt Contrôle ActiveX Windows Live Mesh pour connexions à distance Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt CyberLink PowerDVD CyberLink Corp. 10.06.2012 182MB 9.0.5009.52 notwendig DVD Architect Studio 5.0 Sony 10.06.2012 250MB 5.0.157 notwendig Evernote v. 4.5.2 Evernote Corp. 10.06.2012 170MB 4.5.2.5904 unbekannt Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Free YouTube to MP3 Converter version 3.11.32.918 DVDVideoSoft Ltd. 20.09.2012 60,8MB 3.11.32.918 notwendig Intel(R) Control Center Intel Corporation 10.06.2012 1.2.1.1007 notwendig Intel(R) Management Engine Components Intel Corporation 10.06.2012 8.0.2.1410 notwendig Intel(R) OpenCL CPU Runtime Intel Corporation 10.06.2012 notwendig Intel(R) Processor Graphics Intel Corporation 10.06.2012 8.15.10.2626 notwendig Intel(R) Rapid Storage Technology Intel Corporation 10.06.2012 11.0.0.1032 notwendig Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 10.06.2012 1.0.3.214 notwendig Intel® Trusted Connect Service Client Intel Corporation 10.06.2012 10,6MB 1.23.605.1 notwendig iTunes Apple Inc. 11.12.2012 190MB 11.0.0.163 notwendig Java(TM) 7 Update 1 Oracle 10.06.2012 98,9MB 7.0.10 notwendig Java(TM) 7 Update 1 (64-bit) Oracle 10.06.2012 93,3MB 7.0.10 notwendig Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 09.01.2013 18,4MB 1.70.0.1100 notwendig Media Go Sony 10.06.2012 99,3MB 2.0.317 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 10.06.2012 2,93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 10.06.2012 10,6MB 4.0.30319 notwendig Microsoft Office 2010 Microsoft Corporation 10.06.2012 6,31MB 14.0.4763.1000 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 17.08.2012 14.0.4763.1000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 17.08.2012 14.0.4763.1000 notwendig Microsoft Silverlight Microsoft Corporation 13.08.2012 40,3MB 4.1.10329.0 notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.06.2012 1,69MB 3.1.0000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 13.08.2012 290KB 8.0.61001 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.06.2012 788KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 15.08.2012 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.06.2012 596KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.06.2012 590KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.08.2012 590KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 18.08.2012 5,28MB 10.0.30319 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 18.08.2012 4,53MB 10.0.30319 notwendig Mozilla Firefox 17.0.1 (x86 de) Mozilla 07.12.2012 41,1MB 17.0.1 notwendig Mozilla Maintenance Service Mozilla 07.12.2012 329KB 17.0.1 notwendig MSXML 4.0 SP3 Parser Microsoft Corporation 10.06.2012 1,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 15.08.2012 1,53MB 4.30.2114.0 unbekannt Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt PlayMemories Home Sony Corporation 10.06.2012 6.1.01.14210 notwendig PlayStation(R)Network Downloader Sony Computer Entertainment Inc. 10.06.2012 827KB 2.07.00849 notwendig PlayStation(R)Store Sony Computer Entertainment Inc. 10.06.2012 5,54MB 4.5.15.13232 notwendig Project64 1.6 Project64 25.11.2012 3,46MB 1.6 unnötig Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 10.06.2012 3.0 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10.06.2012 6.0.1.6570 notwendig Realtek PCIE Card Reader Realtek Semiconductor Corp. 10.06.2012 6.1.7601.92 notwendig Six Updater Six Projects 10.08.2012 38,7MB 2.09.7016 notwendig Skype™ 5.10 Skype Technologies S.A. 10.08.2012 19,4MB 5.10.116 notwendig Sound Forge Audio Studio 10.0 Sony 10.06.2012 232MB 10.0.176 notwendig Spotify Spotify AB 11.12.2012 0.8.5.1333.g822e0de8 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 10.06.2012 46,4MB 15.3.45.0 unbekannt Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt VAIO - Media Gallery Sony Corporation 10.06.2012 303MB 2.1.0.13300 notwendig VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 Sony Corporation 10.06.2012 23,3MB 1.0.00.01300 notwendig VAIO - PlayMemories Home Plug-in Sony Corporation 10.06.2012 1,94GB 2.0.00.14200 notwendig VAIO - Remote Play mit PlayStation®3 Sony Corporation 10.06.2012 1.1.0.21090 notwendig VAIO - Remote-Tastatur Sony Corporation 10.06.2012 1.2.0.09270 notwendig VAIO - Remote-Tastatur mit PlayStation®3 Sony Corporation 10.06.2012 1.2.0.09210 notwendig VAIO - TrackID™ mit BRAVIA Sony Corporation 10.06.2012 1.2.0.09270 notwendig VAIO Care Sony Corporation 10.06.2012 108MB 7.3.0.14170 notwendig VAIO Control Center Sony Corporation 10.06.2012 5.2.1.15070 notwendig VAIO Data Restore Tool Sony Corporation 10.06.2012 1.9.0.13190 notwendig VAIO Easy Connect Sony Corporation 10.06.2012 14,6MB 1.1.2.01120 notwendig VAIO Gate Sony Corporation 10.06.2012 2.4.1.09230 notwendig VAIO Gate Default Sony Corporation 10.06.2012 2.5.2.02090 notwendig VAIO Gesture Control Sony Corporation 10.06.2012 1.0.0.12300 notwendig VAIO Improvement Sony Corporation 10.06.2012 1.3.0.12280 notwendig VAIO Improvement Validation Sony Corporation 10.06.2012 496KB 1.0.4.01190 notwendig VAIO Sample Contents Sony Corporation 10.06.2012 1.4.2.09010 notwendig VAIO Smart Network Sony Corporation 10.06.2012 3.11.1.15220 notwendig VAIO Update Sony Corporation 10.06.2012 5.7.0.13130 notwendig VAIO-Handbuch Sony Corporation 10.06.2012 2.3.0.12300 notwendig VAIO-Support für Übertragungen Sony Corporation 10.06.2012 1.7.0.02231 notwendig VAIOCareLearnContents 11.02.2011 notwendig VAIO*CPU-Lüfterdiagnose Sony Corporation 10.06.2012 1.1.0.09200 notwendig Vegas Movie Studio HD Platinum 11.0 Sony 10.06.2012 296MB 11.0.256 unbekannt Warcraft III 07.09.2012 notwendig WildTangent-Spiele WildTangent 10.06.2012 1.0.2.5 unbekannt Windows Live Essentials Microsoft Corporation 10.06.2012 15.4.3538.0513 unbekannt Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 10.06.2012 5,38MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX-objekt til fjernforbindelser Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz Microsoft Corporation 10.06.2012 5,38MB 15.4.5722.2 unbekannt Windows Live Meshin etäyhteyksien ActiveX-komponentti Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt WinRAR 4.20 (32-Bit) win.rar GmbH 11.08.2012 4.20.0 notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 11.08.2012 4.20.0 notwendig World of Warcraft Blizzard Entertainment 13.12.2012 5.1.0.16357 notwendig Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις Microsoft Corporation 10.06.2012 5,38MB 15.4.5722.2 unbekannt Елемент керування Windows Live Mesh ActiveX для віддалених підключень Microsoft Corporation 10.06.2012 5,38MB 15.4.5722.2 unbekannt Элемент управления Windows Live Mesh ActiveX для удаленных подключений Microsoft Corporation 10.06.2012 5,37MB 15.4.5722.2 unbekannt |
|
10.01.2013, 14:25
| #12 |
| /// Malware-holic | Computersperrung GVU Trojaner mit 100€ Paysafecard deinstaliere: ACID ActiveX : alle Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Control Controlo Contrôle Formant Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Kontrolnik Ovládací : alle Project64 Uzak Vegas WildTangent Windows Live : alle für dich unnötigen. Öffne CCleaner, analysieren, starten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 14:46
| #13 |
| | Computersperrung GVU Trojaner mit 100€ Paysafecard Ich hoffe ich hab bis hierhin alles richtig gemacht, hier der Log des Adwcleaners: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 10/01/2013 um 14:43:56 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Justin - JUSTIN-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Justin\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\5q5antka.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [836 octets] - [10/01/2013 14:43:56]
########## EOF - C:\AdwCleaner[R1].txt - [895 octets] ##########
|
|
10.01.2013, 15:07
| #14 |
| /// Malware-holic | Computersperrung GVU Trojaner mit 100€ Paysafecard Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
Neustarten bitte, Testen, wie der PC + Programme laufen, auch den Internet explorer mit testen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 15:17
| #15 |
| | Computersperrung GVU Trojaner mit 100€ PaysafecardCode:
ATTFilter # AdwCleaner v2.105 - Datei am 10/01/2013 um 15:11:24 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Justin - JUSTIN-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Justin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\5q5antka.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [963 octets] - [10/01/2013 14:43:56]
AdwCleaner[S2].txt - [895 octets] - [10/01/2013 15:11:24]
########## EOF - C:\AdwCleaner[S2].txt - [954 octets] ##########
|
|
| Themen zu Computersperrung GVU Trojaner mit 100€ Paysafecard |
| 100€ paysafecard, administrator, anti-malware, autostart, bildschirm, computer, computersperrung, dateien, dringend, euro, explorer, fehler, folge, forum, geblockt, google, gvu-trojaner, infizierte, laptop, löschen, malwarebytes, microsoft, neustart, programm, programme, software, trojaner, wgsdgsdgdsgsd.exe |
Linear-Darstellung
