Windows Defender findet Trojaner

BTB4L · 25.01.2013, 21:45

Mein Windowsdefender hat folgende Trojaner gefunden: Trojan.Downloader.Gen, Spyware.Zeus, Bublik.B und Matsnu!

Ich habe wie gewünscht die folgenden drei Logs erstellt und Malwareantibytes gescannt. Es wäre super, wenn sich jemand von euch meinem ärgerlichen Problem annehmen könnte! Bin doch etwas verunsichert, ob mein PC noch "vertrauenswürdig" ist...

Bin über jede Hilfe dankbar!

OTL-LOG:

Zitat:

OTL logfile created on: 25.01.2013 20:34:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,95 Gb Total Physical Memory | 4,91 Gb Available Physical Memory | 82,48% Memory free
6,89 Gb Paging File | 5,77 Gb Available in Paging File | 83,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 662,54 Gb Total Space | 612,98 Gb Free Space | 92,52% Space Free | Partition Type: NTFS

Computer Name: VAIO | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.25 20:07:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Downloads\OTL.exe
PRC - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.18 05:36:14 | 000,188,072 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2012.08.18 05:36:14 | 000,068,776 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2012.08.18 00:04:28 | 000,068,776 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2012.08.13 16:27:08 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.08.06 13:30:40 | 000,642,216 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.06.25 14:47:22 | 000,152,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
PRC - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2011.08.22 15:04:26 | 000,628,056 | ---- | M] (Avaya) -- C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.25 14:47:26 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
MOD - [2012.06.25 14:47:25 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
MOD - [2012.06.25 14:47:23 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
MOD - [2012.06.25 14:47:23 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
MOD - [2012.06.25 14:47:23 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
MOD - [2012.06.25 14:47:20 | 000,891,392 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll
MOD - [2012.06.25 14:47:20 | 000,339,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll
MOD - [2012.06.25 14:47:20 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll
MOD - [2012.06.25 14:47:20 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
MOD - [2012.06.25 14:47:20 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
MOD - [2012.06.25 14:47:19 | 002,281,984 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll
MOD - [2012.06.25 14:47:17 | 000,443,904 | ---- | M] () -- C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe /McCoreSvc -- (McOobeSv2)
SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.08.20 09:29:58 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.08.06 10:28:56 | 000,156,672 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.01.19 11:40:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 21:25:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.08.18 05:36:14 | 000,623,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe -- (NetworkSupport)
SRV - [2012.08.18 05:36:14 | 000,068,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2012.08.13 17:24:56 | 000,211,584 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012.08.13 16:27:08 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012.08.08 20:48:20 | 000,056,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2012.08.08 10:56:22 | 000,972,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2012.08.08 10:56:18 | 000,460,512 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2012.08.08 10:23:30 | 000,123,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2012.08.08 10:23:30 | 000,078,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2012.08.07 06:46:30 | 002,445,968 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.07.24 22:39:24 | 001,266,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.07.19 18:55:44 | 000,476,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2012.07.17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.07.17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.06.27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.06.25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.12.01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.08.22 15:04:26 | 000,628,056 | ---- | M] (Avaya) [Auto | Running] -- C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2003.04.18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.11.27 08:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012.08.23 10:12:08 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.21 11:18:16 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.08.21 11:17:35 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012.08.20 09:35:35 | 003,618,304 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012.08.20 09:30:56 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.20 09:30:02 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.08.20 09:30:02 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.08.13 17:05:06 | 000,567,808 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.08.13 17:05:04 | 000,427,416 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_vdp.sys -- (BTATH_VDP)
DRV:64bit: - [2012.08.13 17:05:04 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.08.13 17:05:02 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.08.13 17:05:00 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.08.13 17:05:00 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.08.13 17:05:00 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.08.13 17:05:00 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.08.13 17:04:58 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.08.07 06:46:36 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012.08.03 20:38:55 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.08.03 20:38:05 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.07.30 10:48:45 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.11 13:33:28 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2012.07.02 15:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.11 03:43:12 | 000,024,280 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\sows.sys -- (SOWS)
DRV:64bit: - [2012.06.02 15:31:39 | 000,283,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2011.08.22 13:08:34 | 000,080,448 | ---- | M] (Avaya) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\nvcwfpco.sys -- (nvcwfpco)
DRV:64bit: - [2011.08.22 13:08:26 | 000,044,096 | ---- | M] (Avaya) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ntnvca.sys -- (NT_NvcA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {4335BCCD-307B-410A-BFDE-7CE8FF0BC59E}
IE - HKCU\..\SearchScopes\{4335BCCD-307B-410A-BFDE-7CE8FF0BC59E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
IE - HKCU\..\SearchScopes\{99F594D8-CBFE-4CA0-ADFD-0328FDA0E8F1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q312&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:40:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.11.22 20:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AppData\Roaming\mozilla\Extensions
[2013.01.19 11:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.19 11:40:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NVC] C:\Program Files (x86)\Avaya\Avaya VPN Client\Nvc.exe (Avaya)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://ciscovpn.rrze.uni-erlangen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20BF2B22-360B-4893-88A1-821F7A6F32B4}: NameServer = 141.67.44.21,141.67.44.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882680D9-9FDC-4255-A2FE-3C923896138E}: DhcpNameServer = 83.169.184.225 83.169.184.161
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c16f796-3358-11e2-be73-083e8ed83924}\Shell - "" = AutoRun
O33 - MountPoints2\{8c16f796-3358-11e2-be73-083e8ed83924}\Shell\AutoRun\command - "" = "E:\LaunchU3.exe" -a
O33 - MountPoints2\{ac19dfe5-3564-11e2-be78-083e8ed83924}\Shell - "" = AutoRun
O33 - MountPoints2\{ac19dfe5-3564-11e2-be78-083e8ed83924}\Shell\AutoRun\command - "" = "E:\Setup.exe"
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\Setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.24 01:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.01.24 01:14:32 | 000,000,000 | ---D | C] -- C:\Users\AppData\Roaming\Canneverbe Limited
[2013.01.24 01:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2013.01.24 01:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013.01.23 18:01:02 | 000,000,000 | ---D | C] -- C:\Users\AppData\Roaming\Malwarebytes
[2013.01.23 18:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.23 18:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.23 18:00:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.23 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.23 17:59:37 | 000,000,000 | ---D | C] -- C:\Users\AppData\Local\Programs
[2013.01.23 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.23 15:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.23 15:10:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.23 09:35:31 | 000,000,000 | ---D | C] -- C:\Users\AppData\Roaming\Rnpvh
[2013.01.19 11:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.18 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.12 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\Local Settings
[2013.01.12 12:25:09 | 000,000,000 | ---D | C] -- C:\Temp
[2013.01.12 12:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avaya VPN Client
[2013.01.12 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\AppData\Local\Avaya
[2013.01.12 12:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avaya
[2013.01.12 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avaya
[2012.12.27 23:07:09 | 000,000,000 | ---D | C] -- C:\Users\AppData\Local\Cyberlink
[2012.12.27 23:07:03 | 000,000,000 | ---D | C] -- C:\Users\Documents\CyberLink

========== Files - Modified Within 30 Days ==========

[2013.01.25 20:35:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.25 20:33:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.01.25 20:32:59 | 814,759,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 20:09:18 | 000,000,000 | ---- | M] () -- C:\Users\defogger_reenable
[2013.01.25 19:25:43 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.24 22:03:47 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2013.01.24 21:19:50 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.24 21:19:50 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.24 21:19:50 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.24 21:19:50 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.24 21:19:50 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.24 01:14:29 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.01.23 18:00:23 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.23 15:10:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.18 23:36:02 | 000,690,529 | ---- | M] () -- C:\Users\Desktop\proof_corrected.pdf
[2013.01.18 09:43:00 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.18 00:06:33 | 000,715,251 | ---- | M] () -- C:\Users\Desktop\proof.pdf
[2013.01.13 11:55:26 | 000,420,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 12:24:10 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Avaya VPN Client.lnk
[2012.12.30 09:01:57 | 000,001,047 | ---- | M] () -- C:\Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.30 09:01:46 | 000,001,019 | ---- | M] () -- C:\Users\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2013.01.25 20:09:18 | 000,000,000 | ---- | C] () -- C:\Users\defogger_reenable
[2013.01.24 19:54:58 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2013.01.24 01:14:29 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.01.24 01:14:29 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013.01.23 18:00:23 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 10:58:42 | 000,690,529 | ---- | C] () -- C:\Users\Desktop\proof_corrected.pdf
[2013.01.18 09:43:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.18 09:43:00 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.18 00:06:33 | 000,715,251 | ---- | C] () -- C:\Users\Desktop\proof.pdf
[2013.01.13 11:55:19 | 000,420,984 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 12:24:10 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Avaya VPN Client.lnk
[2012.11.22 19:55:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.11.17 16:15:40 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.10.31 17:05:53 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.10.31 15:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.21 11:02:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.08.21 11:02:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.08.21 11:02:50 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012.12.04 21:01:11 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.24 01:14:32 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\Canneverbe Limited
[2012.11.22 20:09:18 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\DAEMON Tools Lite
[2013.01.25 20:33:55 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\Dropbox
[2012.11.24 17:34:43 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\EndNote
[2012.11.17 17:07:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\OpenOffice.org
[2013.01.25 18:41:04 | 000,000,000 | ---D | M] -- C:\Users\AppData\Roaming\Rnpvh

========== Purity Check ==========

< End of report >

Wäre über jede Hilfe sehr dankbar!
Viele Grüße!

cosinus · 26.01.2013, 22:40

Hallo und

Zitat:

Ich habe wie gewünscht die folgenden drei Logs erstellt und Malwareantibytes gescannt

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

BTB4L · 27.01.2013, 00:35

Hallo,

vielen Dank für deine Hilfe! Es tut mir leid, dass es unvollständig war, ich bin in Sachen PC nicht sehr versiert.
Die Logs, die im Anhang sind, waren leider zu groß, um sie als Code zu posten. Einen zweiten Post wollte ich nicht erstellen, da ich gelesen hatte, dass nur unbeantwortete Posts von euch bearbeitet werden.

Anbei nun der log von Malwarebytes: Dieser ist vom 23.01., einen weiteren habe ich gestern laufen lassen, ohne Funde.

Code:

ATTFilter

mbam-log-2013-01-23 (18-02-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426698
Laufzeit: 36 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\AppData\Local\Temp\dznyocmger.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\AppData\Local\Temp\jdnftdotft.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\AppData\Local\Temp\srbslbnlrl.pre (Trojan.Downloader.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\\AppData\Local\Temp\{B333-7CF730-7CFB30} (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\\Local\Temp\{CCCF-7CF730-7CFB30} (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\\Local\Temp\{D379-47F5C4-47F9C4} (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Windows Defender hat zudem gestern (vor Suchlauf von Malwarebytes) drei weitere Funde in Quarantäne gestellt:

Code:

ATTFilter

Trojan:Win32/Bublik.B
file:C:\Users\***\AppData\Local\Temp\{117BA-7CF730-7CFB30}

Trojan:Win32/Matsnu
file:C:\Users\***\AppData\Roaming\Rnpvh\pruopsunvt.exe
regkey:HKCU@S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\jvnkunvt
runkey:HKCU@S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\jvnkunvt

Trojan:Win32/Bublik.B
Von Windows Defender wurde folgender Fehler erkannt: Fehlercode: 0x80508023. Auf dem Computer wurde keine Schadsoftware oder andere potenziell unerwünschte Software gefunden.
process:pid:4732

Ich bitte um Nachsicht, falls es so immer noch nicht vollständig ist, und um kurze Mitteilung, was fehlt.

Vielen Dank!

Viele Grüße

cosinus · 27.01.2013, 00:42

Zitat:

Trojan:Win32/Matsnu
file:C:\Users\***\AppData\Roaming\Rnpvh\pruopsunvt.exe

Hm....matsnu ist ein Verschlüsselungstrojaner - hast du verschlüsselte/defekte/korrupte Dateien?

BTB4L · 27.01.2013, 11:04

hallo,

nein, bislang sind mir keine verschlüsselten dateien aufgefallen; da der laptop relativ neu ist, habe ich erst wenig dateien drauf. es funktioniert auch bislang alles ganz normal. wenn diese trojaner in quarantäne sind beim windows defender, werden sie dann an der ausführung gehindert? würde es etwas bringen, sie dort zu löschen, oder wäre das nutzlos oder kontraproduktiv?

vg

cosinus · 27.01.2013, 14:00

Zitat:

wenn diese trojaner in quarantäne sind beim windows defender, werden sie dann an der ausführung gehindert? würde es etwas bringen, sie dort zu löschen, oder wäre das nutzlos oder kontraproduktiv?

Was habt ihr alle immer nur mit der Quarantäne?

Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

BTB4L · 27.01.2013, 15:53

Vielen Dank für deine schnelle Hilfe! Anbei die Logs:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-27 15:28:22
-----------------------------
15:28:22.937    OS Version: Windows x64 6.2.9200 
15:28:22.937    Number of processors: 4 586 0x3A09
15:28:22.937    ComputerName: VAIO  UserName: 
15:28:22.984    Initialze error 1 
15:30:45.019    AVAST engine defs: 13012700
15:31:10.083    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003e
15:31:10.083    Disk 0 Vendor: WDC_WD7500BPVT-55HXZT3 01.01A01 Size: 715404MB BusType: 11
15:31:10.130    Disk 0 MBR read successfully
15:31:10.130    Disk 0 MBR scan
15:31:10.130    Disk 0 unknown MBR code
15:31:10.130    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
15:31:10.130    Disk 0 scanning C:\Windows\system32\drivers
15:31:10.130    Service scanning
15:31:10.896    Modules scanning
15:31:10.896    Disk 0 trace - called modules:
15:31:10.912    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 
15:31:10.912    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ce0060]
15:31:10.912    3 CLASSPNP.SYS[fffff88000a0b8aa] -> nt!IofCallDriver -> \Device\0000003e[0xfffffa80064685e0]
15:31:10.927    AVAST engine scan C:\Windows
15:31:10.927    AVAST engine scan C:\Windows\system32
15:31:10.943    AVAST engine scan C:\Windows\system32\drivers
15:31:10.943    AVAST engine scan C:\Users\***
15:31:10.943    AVAST engine scan C:\ProgramData
15:31:10.960    Scan finished successfully
15:37:20.823    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
15:37:20.823    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Code:

ATTFilter

15:39:36.0104 6656  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:39:36.0104 6656  UEFI system
15:39:36.0275 6656  ============================================================
15:39:36.0275 6656  Current date / time: 2013/01/27 15:39:36.0275
15:39:36.0275 6656  SystemInfo:
15:39:36.0275 6656  
15:39:36.0275 6656  OS Version: 6.2.9200 ServicePack: 0.0
15:39:36.0275 6656  Product type: Workstation
15:39:36.0275 6656  ComputerName: VAIO
15:39:36.0275 6656  UserName: ***
15:39:36.0275 6656  Windows directory: C:\Windows
15:39:36.0275 6656  System windows directory: C:\Windows
15:39:36.0275 6656  Running under WOW64
15:39:36.0275 6656  Processor architecture: Intel x64
15:39:36.0275 6656  Number of processors: 4
15:39:36.0275 6656  Page size: 0x1000
15:39:36.0275 6656  Boot type: Normal boot
15:39:36.0275 6656  ============================================================
15:39:37.0057 6656  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:37.0057 6656  ============================================================
15:39:37.0057 6656  \Device\Harddisk0\DR0:
15:39:37.0057 6656  GPT partitions:
15:39:37.0057 6656  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {F4019732-066E-4E12-8273-346C5641494F}, UniqueGUID: {E491F4EC-33B9-4BA0-84C9-0E3C27C33BE2}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
15:39:37.0072 6656  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5B35BD6C-3D21-462C-802A-291BC0310232}, Name: Basic data partition, StartLBA 0x82800, BlocksNum 0x2E1000
15:39:37.0072 6656  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {065657F9-60EC-4A85-9496-CDAEC47C07C9}, Name: EFI system partition, StartLBA 0x363800, BlocksNum 0x82000
15:39:37.0072 6656  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {375A1C39-FF52-4BB2-ADAB-6578FB086516}, Name: Microsoft reserved partition, StartLBA 0x3E5800, BlocksNum 0x40000
15:39:37.0072 6656  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {2B17BF27-6015-42E9-9020-885B8E6F61FB}, Name: Basic data partition, StartLBA 0x425800, BlocksNum 0x52D12800
15:39:37.0072 6656  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E7178EEB-D69F-4EC0-B251-3A41A8048091}, Name: Basic data partition, StartLBA 0x53138000, BlocksNum 0x440E000
15:39:37.0072 6656  MBR partitions:
15:39:37.0072 6656  ============================================================
15:39:37.0088 6656  C: <-> \Device\Harddisk0\DR0\Partition5
15:39:37.0088 6656  ============================================================
15:39:37.0088 6656  Initialize success
15:39:37.0088 6656  ============================================================
15:40:34.0824 5472  ============================================================
15:40:34.0824 5472  Scan started
15:40:34.0824 5472  Mode: Manual; SigCheck; TDLFS; 
15:40:34.0824 5472  ============================================================
15:40:35.0684 5472  ================ Scan system memory ========================
15:40:35.0684 5472  System memory - ok
15:40:35.0684 5472  ================ Scan services =============================
15:40:35.0934 5472  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
15:40:36.0012 5472  1394ohci - ok
15:40:36.0027 5472  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
15:40:36.0027 5472  3ware - ok
15:40:36.0059 5472  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:40:36.0074 5472  ACPI - ok
15:40:36.0090 5472  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
15:40:36.0106 5472  acpiex - ok
15:40:36.0106 5472  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
15:40:36.0121 5472  acpipagr - ok
15:40:36.0137 5472  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
15:40:36.0152 5472  AcpiPmi - ok
15:40:36.0152 5472  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
15:40:36.0168 5472  acpitime - ok
15:40:36.0206 5472  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
15:40:36.0221 5472  acsock - ok
15:40:36.0287 5472  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:40:36.0302 5472  AdobeARMservice - ok
15:40:36.0396 5472  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:40:36.0427 5472  AdobeFlashPlayerUpdateSvc - ok
15:40:36.0443 5472  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:40:36.0474 5472  adp94xx - ok
15:40:36.0490 5472  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:40:36.0506 5472  adpahci - ok
15:40:36.0521 5472  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:40:36.0537 5472  adpu320 - ok
15:40:36.0552 5472  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:40:36.0568 5472  AeLookupSvc - ok
15:40:36.0599 5472  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
15:40:36.0631 5472  AFD - ok
15:40:36.0631 5472  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:40:36.0631 5472  agp440 - ok
15:40:36.0662 5472  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
15:40:36.0693 5472  ALG - ok
15:40:36.0724 5472  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
15:40:36.0756 5472  AllUserInstallAgent - ok
15:40:36.0792 5472  [ 1F500945F87AA517BD2F049256B304DD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:40:36.0819 5472  AMD External Events Utility - ok
15:40:36.0850 5472  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
15:40:36.0882 5472  AmdK8 - ok
15:40:37.0069 5472  [ 2A831A7F9031B5BBA6EF189381D65228 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:37.0335 5472  amdkmdag - ok
15:40:37.0350 5472  [ B9ACB2AA40709E060CDC34F13F1C9C8F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:40:37.0382 5472  amdkmdap - ok
15:40:37.0397 5472  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
15:40:37.0413 5472  AmdPPM - ok
15:40:37.0444 5472  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:40:37.0444 5472  amdsata - ok
15:40:37.0460 5472  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:40:37.0475 5472  amdsbs - ok
15:40:37.0475 5472  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:40:37.0475 5472  amdxata - ok
15:40:37.0475 5472  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
15:40:37.0507 5472  AppID - ok
15:40:37.0538 5472  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:40:37.0538 5472  AppIDSvc - ok
15:40:37.0554 5472  [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo         C:\Windows\System32\appinfo.dll
15:40:37.0569 5472  Appinfo - ok
15:40:37.0569 5472  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
15:40:37.0585 5472  arc - ok
15:40:37.0585 5472  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:40:37.0600 5472  arcsas - ok
15:40:37.0616 5472  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:37.0632 5472  AsyncMac - ok
15:40:37.0632 5472  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:40:37.0647 5472  atapi - ok
15:40:37.0663 5472  [ 4885C14A6AB6969B5773A42DA0BA3DA4 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
15:40:37.0679 5472  AthBTPort - ok
15:40:37.0726 5472  [ 8F60017273DCD46CDCC9A0AD881F7B32 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:40:37.0726 5472  AtherosSvc - ok
15:40:37.0789 5472  [ F17ABC4AA1FE4989E812858261414FE5 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
15:40:37.0898 5472  athr - ok
15:40:37.0930 5472  [ 506907D2E7F3A5B67DBD39C00A788B7C ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
15:40:37.0945 5472  AtiHDAudioService - ok
15:40:37.0961 5472  [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
15:40:37.0992 5472  AudioEndpointBuilder - ok
15:40:38.0039 5472  [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:40:38.0086 5472  Audiosrv - ok
15:40:38.0117 5472  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:40:38.0133 5472  AxInstSV - ok
15:40:38.0180 5472  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:40:38.0211 5472  b06bdrv - ok
15:40:38.0242 5472  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
15:40:38.0273 5472  BasicDisplay - ok
15:40:38.0273 5472  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
15:40:38.0289 5472  BasicRender - ok
15:40:38.0321 5472  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:40:38.0336 5472  BDESVC - ok
15:40:38.0368 5472  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:40:38.0399 5472  Beep - ok
15:40:38.0446 5472  [ 9E6A544F465C582AB42444A217CF04DC ] BFE             C:\Windows\System32\bfe.dll
15:40:38.0493 5472  BFE - ok
15:40:38.0524 5472  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
15:40:38.0558 5472  BITS - ok
15:40:38.0590 5472  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:40:38.0622 5472  bowser - ok
15:40:38.0637 5472  [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
15:40:38.0668 5472  BrokerInfrastructure - ok
15:40:38.0684 5472  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
15:40:38.0700 5472  Browser - ok
15:40:38.0731 5472  [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
15:40:38.0747 5472  BTATH_A2DP - ok
15:40:38.0762 5472  [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
15:40:38.0762 5472  btath_avdt - ok
15:40:38.0793 5472  [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
15:40:38.0809 5472  BTATH_BUS - ok
15:40:38.0809 5472  [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
15:40:38.0825 5472  BTATH_HCRP - ok
15:40:38.0825 5472  [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:40:38.0825 5472  BTATH_LWFLT - ok
15:40:38.0856 5472  [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
15:40:38.0856 5472  BTATH_RCP - ok
15:40:38.0872 5472  [ AABB87C9AE0537A6DCDAC8AE11CC1F5A ] BTATH_VDP       C:\Windows\system32\drivers\btath_vdp.sys
15:40:38.0887 5472  BTATH_VDP - ok
15:40:38.0903 5472  [ CBF4EF7E9FE86CE0CAB0A6472DE34A1C ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
15:40:38.0934 5472  BtFilter - ok
15:40:38.0965 5472  [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
15:40:38.0997 5472  BthAvrcpTg - ok
15:40:39.0012 5472  [ 6AB44FF15F12E2CADABA3B8E9B2FBEB8 ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
15:40:39.0043 5472  BthEnum - ok
15:40:39.0075 5472  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
15:40:39.0106 5472  BthHFEnum - ok
15:40:39.0122 5472  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
15:40:39.0153 5472  bthhfhid - ok
15:40:39.0184 5472  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
15:40:39.0215 5472  BthLEEnum - ok
15:40:39.0215 5472  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
15:40:39.0247 5472  BTHMODEM - ok
15:40:39.0278 5472  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:40:39.0325 5472  BthPan - ok
15:40:39.0372 5472  [ CFD630EA8B3F593FFA0030FD53BA7908 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:40:39.0418 5472  BTHPORT - ok
15:40:39.0452 5472  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
15:40:39.0460 5472  bthserv - ok
15:40:39.0476 5472  [ 69C903C026CB675E234F4A7C951FD722 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:40:39.0507 5472  BTHUSB - ok
15:40:39.0538 5472  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:40:39.0585 5472  cdfs - ok
15:40:39.0585 5472  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
15:40:39.0632 5472  cdrom - ok
15:40:39.0648 5472  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:40:39.0695 5472  CertPropSvc - ok
15:40:39.0726 5472  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
15:40:39.0757 5472  circlass - ok
15:40:39.0773 5472  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
15:40:39.0788 5472  CLFS - ok
15:40:39.0820 5472  [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
15:40:39.0835 5472  CLVirtualDrive - ok
15:40:39.0835 5472  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
15:40:39.0866 5472  CmBatt - ok
15:40:39.0898 5472  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:40:39.0929 5472  CNG - ok
15:40:39.0945 5472  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
15:40:39.0976 5472  CompositeBus - ok
15:40:39.0976 5472  COMSysApp - ok
15:40:39.0991 5472  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
15:40:40.0007 5472  condrv - ok
15:40:40.0038 5472  [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:40:40.0038 5472  CryptSvc - ok
15:40:40.0054 5472  [ C4D01BD86D6B207275FC143EEA951D75 ] dam             C:\Windows\system32\drivers\dam.sys
15:40:40.0070 5472  dam - ok
15:40:40.0101 5472  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:40:40.0132 5472  DcomLaunch - ok
15:40:40.0163 5472  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:40:40.0195 5472  defragsvc - ok
15:40:40.0210 5472  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
15:40:40.0241 5472  DeviceAssociationService - ok
15:40:40.0273 5472  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
15:40:40.0273 5472  DeviceInstall - ok
15:40:40.0304 5472  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
15:40:40.0335 5472  Dfsc - ok
15:40:40.0366 5472  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:40:40.0398 5472  Dhcp - ok
15:40:40.0398 5472  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
15:40:40.0413 5472  discache - ok
15:40:40.0429 5472  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
15:40:40.0429 5472  disk - ok
15:40:40.0445 5472  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
15:40:40.0445 5472  dmvsc - ok
15:40:40.0476 5472  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:40:40.0507 5472  Dnscache - ok
15:40:40.0539 5472  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
15:40:40.0570 5472  dot3svc - ok
15:40:40.0617 5472  [ 27069CFFF29B7F04F4B1BB10154BE52B ] dot4            C:\Windows\system32\DRIVERS\Dot4.sys
15:40:40.0632 5472  dot4 - ok
15:40:40.0664 5472  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D ] Dot4Print       C:\Windows\System32\drivers\Dot4Prt.sys
15:40:40.0664 5472  Dot4Print - ok
15:40:40.0695 5472  [ B7D595F2F464F7B628AD53F06547792C ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
15:40:40.0695 5472  dot4usb - ok
15:40:40.0726 5472  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
15:40:40.0757 5472  DPS - ok
15:40:40.0789 5472  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:40:40.0804 5472  drmkaud - ok
15:40:40.0851 5472  [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
15:40:40.0898 5472  DsmSvc - ok
15:40:40.0960 5472  [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:40:41.0023 5472  DXGKrnl - ok
15:40:41.0054 5472  [ CFE0E3D5EFBF0649E5900CBFCC2B95F7 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
15:40:41.0085 5472  e1yexpress - ok
15:40:41.0117 5472  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
15:40:41.0148 5472  Eaphost - ok
15:40:41.0226 5472  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:40:41.0351 5472  ebdrv - ok
15:40:41.0367 5472  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
15:40:41.0382 5472  EFS - ok
15:40:41.0414 5472  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
15:40:41.0429 5472  EhStorClass - ok
15:40:41.0445 5472  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
15:40:41.0460 5472  EhStorTcgDrv - ok
15:40:41.0476 5472  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
15:40:41.0476 5472  ErrDev - ok
15:40:41.0510 5472  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
15:40:41.0541 5472  EventSystem - ok
15:40:41.0556 5472  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:40:41.0588 5472  exfat - ok
15:40:41.0603 5472  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:40:41.0619 5472  fastfat - ok
15:40:41.0666 5472  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
15:40:41.0681 5472  Fax - ok
15:40:41.0681 5472  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
15:40:41.0713 5472  fdc - ok
15:40:41.0728 5472  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:40:41.0760 5472  fdPHost - ok
15:40:41.0760 5472  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
15:40:41.0775 5472  FDResPub - ok
15:40:41.0822 5472  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
15:40:41.0838 5472  fhsvc - ok
15:40:41.0869 5472  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:40:41.0885 5472  FileInfo - ok
15:40:41.0900 5472  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:40:41.0931 5472  Filetrace - ok
15:40:41.0931 5472  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
15:40:41.0947 5472  flpydisk - ok
15:40:41.0963 5472  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:40:41.0978 5472  FltMgr - ok
15:40:42.0025 5472  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
15:40:42.0088 5472  FontCache - ok
15:40:42.0166 5472  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:42.0181 5472  FontCache3.0.0.0 - ok
15:40:42.0213 5472  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:40:42.0228 5472  FsDepends - ok
15:40:42.0244 5472  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:40:42.0260 5472  Fs_Rec - ok
15:40:42.0291 5472  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:40:42.0322 5472  fvevol - ok
15:40:42.0338 5472  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
15:40:42.0353 5472  FxPPM - ok
15:40:42.0369 5472  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:40:42.0385 5472  gagp30kx - ok
15:40:42.0385 5472  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
15:40:42.0416 5472  gencounter - ok
15:40:42.0431 5472  [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
15:40:42.0447 5472  GPIOClx0101 - ok
15:40:42.0510 5472  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:40:42.0572 5472  gpsvc - ok
15:40:42.0588 5472  [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:40:42.0697 5472  HdAudAddService - ok
15:40:42.0728 5472  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
15:40:42.0760 5472  HDAudBus - ok
15:40:42.0775 5472  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
15:40:42.0791 5472  HidBatt - ok
15:40:42.0791 5472  [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth          C:\Windows\System32\drivers\hidbth.sys
15:40:42.0822 5472  HidBth - ok
15:40:42.0869 5472  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
15:40:42.0885 5472  hidi2c - ok
15:40:42.0900 5472  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
15:40:42.0947 5472  HidIr - ok
15:40:42.0978 5472  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
15:40:42.0994 5472  hidserv - ok
15:40:42.0994 5472  [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
15:40:43.0025 5472  HidUsb - ok
15:40:43.0041 5472  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:40:43.0057 5472  hkmsvc - ok
15:40:43.0103 5472  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:40:43.0119 5472  HomeGroupListener - ok
15:40:43.0150 5472  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:40:43.0182 5472  HomeGroupProvider - ok
15:40:43.0197 5472  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:40:43.0197 5472  HpSAMD - ok
15:40:43.0244 5472  [ 29CB98187BB5711F7759540976D295FC ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:40:43.0306 5472  HTTP - ok
15:40:43.0322 5472  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:40:43.0338 5472  hwpolicy - ok
15:40:43.0353 5472  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
15:40:43.0353 5472  hyperkbd - ok
15:40:43.0369 5472  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
15:40:43.0385 5472  HyperVideo - ok
15:40:43.0385 5472  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
15:40:43.0416 5472  i8042prt - ok
15:40:43.0447 5472  [ F5A9FBAE160BD1837C2F1B85324A6762 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
15:40:43.0478 5472  iaStorA - ok
15:40:43.0478 5472  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:40:43.0510 5472  iaStorV - ok
15:40:43.0635 5472  [ 15C9BF6968A0990D8F4161A6ABEB7229 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:40:43.0713 5472  IconMan_R - ok
15:40:43.0713 5472  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:40:43.0713 5472  iirsp - ok
15:40:43.0775 5472  [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:40:43.0838 5472  IKEEXT - ok
15:40:43.0947 5472  [ DDC860724AEF8F8E42AC61E6585769C6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:40:44.0072 5472  IntcAzAudAddService - ok
15:40:44.0135 5472  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
15:40:44.0166 5472  Intel(R) Capability Licensing Service Interface - ok
15:40:44.0197 5472  [ 9656F8E29F6C3161A3E99BCD3A472FF9 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
15:40:44.0213 5472  Intel(R) ME Service - ok
15:40:44.0229 5472  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:40:44.0244 5472  intelide - ok
15:40:44.0275 5472  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
15:40:44.0291 5472  intelppm - ok
15:40:44.0307 5472  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:44.0338 5472  IpFilterDriver - ok
15:40:44.0369 5472  [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:40:44.0416 5472  iphlpsvc - ok
15:40:44.0432 5472  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
15:40:44.0447 5472  IPMIDRV - ok
15:40:44.0447 5472  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:40:44.0479 5472  IPNAT - ok
15:40:44.0494 5472  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:40:44.0494 5472  IRENUM - ok
15:40:44.0494 5472  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:40:44.0510 5472  isapnp - ok
15:40:44.0541 5472  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
15:40:44.0541 5472  iScsiPrt - ok
15:40:44.0588 5472  [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
15:40:44.0604 5472  jhi_service - ok
15:40:44.0619 5472  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
15:40:44.0635 5472  kbdclass - ok
15:40:44.0635 5472  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
15:40:44.0666 5472  kbdhid - ok
15:40:44.0666 5472  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
15:40:44.0697 5472  kdnic - ok
15:40:44.0713 5472  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
15:40:44.0729 5472  KeyIso - ok
15:40:44.0729 5472  KMService - ok
15:40:44.0760 5472  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:40:44.0775 5472  KSecDD - ok
15:40:44.0791 5472  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:40:44.0807 5472  KSecPkg - ok
15:40:44.0822 5472  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:40:44.0838 5472  ksthunk - ok
15:40:44.0869 5472  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:40:44.0885 5472  KtmRm - ok
15:40:44.0932 5472  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:40:44.0963 5472  LanmanServer - ok
15:40:44.0994 5472  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:40:45.0010 5472  LanmanWorkstation - ok
15:40:45.0025 5472  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:40:45.0025 5472  lltdio - ok
15:40:45.0057 5472  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:40:45.0088 5472  lltdsvc - ok
15:40:45.0104 5472  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:40:45.0135 5472  lmhosts - ok
15:40:45.0166 5472  [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:40:45.0182 5472  LMS - ok
15:40:45.0213 5472  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:40:45.0213 5472  LSI_SAS - ok
15:40:45.0229 5472  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:40:45.0229 5472  LSI_SAS2 - ok
15:40:45.0244 5472  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:40:45.0244 5472  LSI_SCSI - ok
15:40:45.0244 5472  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
15:40:45.0260 5472  LSI_SSS - ok
15:40:45.0291 5472  [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM             C:\Windows\System32\lsm.dll
15:40:45.0291 5472  LSM - ok
15:40:45.0307 5472  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:40:45.0338 5472  luafv - ok
15:40:45.0369 5472  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:40:45.0385 5472  MBAMProtector - ok
15:40:45.0416 5472  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:40:45.0432 5472  MBAMScheduler - ok
15:40:45.0463 5472  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:45.0479 5472  MBAMService - ok
15:40:45.0494 5472  McOobeSv2 - ok
15:40:45.0494 5472  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
15:40:45.0494 5472  megasas - ok
15:40:45.0510 5472  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:40:45.0526 5472  MegaSR - ok
15:40:45.0557 5472  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
15:40:45.0557 5472  MEIx64 - ok
15:40:45.0572 5472  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
15:40:45.0604 5472  MMCSS - ok
15:40:45.0604 5472  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
15:40:45.0619 5472  Modem - ok
15:40:45.0651 5472  [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:40:45.0682 5472  monitor - ok
15:40:45.0697 5472  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
15:40:45.0697 5472  mouclass - ok
15:40:45.0713 5472  [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid          C:\Windows\System32\drivers\mouhid.sys
15:40:45.0744 5472  mouhid - ok
15:40:45.0744 5472  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:40:45.0760 5472  mountmgr - ok
15:40:45.0776 5472  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:40:45.0791 5472  MozillaMaintenance - ok
15:40:45.0822 5472  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:40:45.0838 5472  mpsdrv - ok
15:40:45.0869 5472  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:40:45.0932 5472  MpsSvc - ok
15:40:45.0947 5472  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:40:45.0963 5472  MRxDAV - ok
15:40:45.0994 5472  [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:46.0026 5472  mrxsmb - ok
15:40:46.0041 5472  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:46.0057 5472  mrxsmb10 - ok
15:40:46.0088 5472  [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:46.0104 5472  mrxsmb20 - ok
15:40:46.0135 5472  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
15:40:46.0166 5472  MsBridge - ok
15:40:46.0182 5472  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
15:40:46.0229 5472  MSDTC - ok
15:40:46.0244 5472  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:40:46.0276 5472  Msfs - ok
15:40:46.0291 5472  [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
15:40:46.0307 5472  msgpiowin32 - ok
15:40:46.0338 5472  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:40:46.0369 5472  mshidkmdf - ok
15:40:46.0385 5472  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
15:40:46.0385 5472  mshidumdf - ok
15:40:46.0385 5472  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:40:46.0401 5472  msisadrv - ok
15:40:46.0432 5472  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:40:46.0463 5472  MSiSCSI - ok
15:40:46.0479 5472  msiserver - ok
15:40:46.0494 5472  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:40:46.0526 5472  MSKSSRV - ok
15:40:46.0557 5472  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
15:40:46.0572 5472  MsLldp - ok
15:40:46.0572 5472  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:46.0604 5472  MSPCLOCK - ok
15:40:46.0619 5472  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:40:46.0635 5472  MSPQM - ok
15:40:46.0666 5472  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:40:46.0682 5472  MsRPC - ok
15:40:46.0713 5472  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
15:40:46.0713 5472  mssmbios - ok
15:40:46.0729 5472  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:40:46.0760 5472  MSTEE - ok
15:40:46.0776 5472  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
15:40:46.0791 5472  MTConfig - ok
15:40:46.0791 5472  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:40:46.0807 5472  Mup - ok
15:40:46.0823 5472  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
15:40:46.0838 5472  mvumis - ok
15:40:46.0948 5472  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
15:40:46.0994 5472  napagent - ok
15:40:47.0026 5472  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:40:47.0057 5472  NativeWifiP - ok
15:40:47.0088 5472  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
15:40:47.0119 5472  NcaSvc - ok
15:40:47.0119 5472  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
15:40:47.0135 5472  NcdAutoSetup - ok
15:40:47.0182 5472  [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:40:47.0198 5472  NDIS - ok
15:40:47.0213 5472  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:47.0229 5472  NdisCap - ok
15:40:47.0244 5472  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
15:40:47.0276 5472  NdisImPlatform - ok
15:40:47.0291 5472  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:47.0338 5472  NdisTapi - ok
15:40:47.0369 5472  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:47.0401 5472  Ndisuio - ok
15:40:47.0416 5472  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:47.0448 5472  NdisWan - ok
15:40:47.0448 5472  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:47.0479 5472  NDISWANLEGACY - ok
15:40:47.0494 5472  [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:40:47.0510 5472  NDProxy - ok
15:40:47.0510 5472  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
15:40:47.0541 5472  Ndu - ok
15:40:47.0541 5472  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:40:47.0557 5472  NetBIOS - ok
15:40:47.0557 5472  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:40:47.0588 5472  NetBT - ok
15:40:47.0604 5472  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
15:40:47.0604 5472  Netlogon - ok
15:40:47.0635 5472  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
15:40:47.0666 5472  Netman - ok
15:40:47.0698 5472  [ 20F6FD63E6D456114BC8056D62792786 ] netprofm        C:\Windows\System32\netprofmsvc.dll
15:40:47.0730 5472  netprofm - ok
15:40:47.0793 5472  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:47.0824 5472  NetTcpPortSharing - ok
15:40:47.0919 5472  [ 3E867077C0CF367FF8FCAEC64947393E ] NetworkSupport  C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
15:40:47.0950 5472  NetworkSupport - ok
15:40:47.0966 5472  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:40:47.0966 5472  nfrd960 - ok
15:40:47.0997 5472  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:40:48.0013 5472  NlaSvc - ok
15:40:48.0028 5472  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:40:48.0044 5472  Npfs - ok
15:40:48.0044 5472  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
15:40:48.0075 5472  npsvctrig - ok
15:40:48.0091 5472  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
15:40:48.0122 5472  nsi - ok
15:40:48.0122 5472  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:40:48.0153 5472  nsiproxy - ok
15:40:48.0200 5472  [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:40:48.0278 5472  Ntfs - ok
15:40:48.0309 5472  [ 4175CF2691BAA33B45A53E46739BCB39 ] NT_NvcA         C:\Windows\system32\DRIVERS\ntnvca.sys
15:40:48.0309 5472  NT_NvcA - ok
15:40:48.0325 5472  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
15:40:48.0341 5472  Null - ok
15:40:48.0388 5472  [ EA3EC5B792C791DB5379B385B23D4477 ] NvcSvcMgr       C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe
15:40:48.0419 5472  NvcSvcMgr - ok
15:40:48.0434 5472  [ F29A8060A671CCFAFBC5B6793FFD71D5 ] nvcwfpco        C:\Windows\system32\DRIVERS\nvcwfpco.sys
15:40:48.0450 5472  nvcwfpco - ok
15:40:48.0669 5472  [ F648FE6BCE0AAD9E5EA63C8BE9AD90E3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:40:48.0981 5472  nvlddmkm - ok
15:40:49.0013 5472  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:40:49.0013 5472  nvraid - ok
15:40:49.0028 5472  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:40:49.0028 5472  nvstor - ok
15:40:49.0044 5472  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:40:49.0044 5472  nv_agp - ok
15:40:49.0075 5472  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:40:49.0091 5472  ose - ok
15:40:49.0216 5472  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:40:49.0356 5472  osppsvc - ok
15:40:49.0372 5472  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:40:49.0388 5472  p2pimsvc - ok
15:40:49.0403 5472  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:40:49.0419 5472  p2psvc - ok
15:40:49.0450 5472  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
15:40:49.0466 5472  Parport - ok
15:40:49.0497 5472  [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:40:49.0497 5472  partmgr - ok
15:40:49.0528 5472  [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:40:49.0544 5472  PcaSvc - ok
15:40:49.0544 5472  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
15:40:49.0559 5472  pci - ok
15:40:49.0559 5472  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:40:49.0575 5472  pciide - ok
15:40:49.0575 5472  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:40:49.0591 5472  pcmcia - ok
15:40:49.0606 5472  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:40:49.0606 5472  pcw - ok
15:40:49.0638 5472  [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc             C:\Windows\system32\drivers\pdc.sys
15:40:49.0653 5472  pdc - ok
15:40:49.0653 5472  [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:40:49.0684 5472  PEAUTH - ok
15:40:49.0763 5472  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:40:49.0778 5472  PerfHost - ok
15:40:49.0856 5472  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
15:40:49.0919 5472  pla - ok
15:40:49.0950 5472  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:40:49.0981 5472  PlugPlay - ok
15:40:49.0981 5472  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:40:50.0028 5472  PNRPAutoReg - ok
15:40:50.0044 5472  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:40:50.0075 5472  PNRPsvc - ok
15:40:50.0106 5472  [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:40:50.0153 5472  PolicyAgent - ok
15:40:50.0185 5472  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
15:40:50.0200 5472  Power - ok
15:40:50.0231 5472  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:40:50.0263 5472  PptpMiniport - ok
15:40:50.0388 5472  [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
15:40:50.0419 5472  PrintNotify - ok
15:40:50.0450 5472  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
15:40:50.0466 5472  Processor - ok
15:40:50.0497 5472  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:40:50.0497 5472  ProfSvc - ok
15:40:50.0513 5472  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:40:50.0544 5472  Psched - ok
15:40:50.0560 5472  [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:40:50.0575 5472  PSI_SVC_2 - ok
15:40:50.0606 5472  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
15:40:50.0606 5472  QWAVE - ok
15:40:50.0638 5472  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:40:50.0653 5472  QWAVEdrv - ok
15:40:50.0685 5472  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:40:50.0700 5472  RasAcd - ok
15:40:50.0731 5472  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:50.0778 5472  RasAgileVpn - ok
15:40:50.0810 5472  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
15:40:50.0825 5472  RasAuto - ok
15:40:50.0872 5472  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:50.0903 5472  Rasl2tp - ok
15:40:50.0935 5472  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
15:40:50.0966 5472  RasMan - ok
15:40:50.0966 5472  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:50.0997 5472  RasPppoe - ok
15:40:50.0997 5472  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:40:51.0013 5472  RasSstp - ok
15:40:51.0044 5472  [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:40:51.0075 5472  rdbss - ok
15:40:51.0091 5472  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
15:40:51.0122 5472  rdpbus - ok
15:40:51.0138 5472  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:40:51.0153 5472  RDPDR - ok
15:40:51.0185 5472  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:40:51.0185 5472  RdpVideoMiniport - ok
15:40:51.0216 5472  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:40:51.0247 5472  RDPWD - ok
15:40:51.0263 5472  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:40:51.0278 5472  rdyboost - ok
15:40:51.0294 5472  [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:40:51.0325 5472  RemoteAccess - ok
15:40:51.0356 5472  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:40:51.0403 5472  RemoteRegistry - ok
15:40:51.0419 5472  [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:40:51.0466 5472  RFCOMM - ok
15:40:51.0481 5472  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:40:51.0497 5472  RpcEptMapper - ok
15:40:51.0528 5472  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
15:40:51.0560 5472  RpcLocator - ok
15:40:51.0591 5472  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
15:40:51.0622 5472  RpcSs - ok
15:40:51.0638 5472  [ FD2F7ABB0B3C777CDC9D342CADBF0131 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
15:40:51.0653 5472  RSPCIESTOR - ok
15:40:51.0669 5472  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:40:51.0700 5472  rspndr - ok
15:40:51.0731 5472  [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
15:40:51.0763 5472  RTL8168 - ok
15:40:51.0778 5472  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
15:40:51.0810 5472  s3cap - ok
15:40:51.0825 5472  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
15:40:51.0856 5472  SamSs - ok
15:40:51.0856 5472  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:40:51.0872 5472  sbp2port - ok
15:40:51.0903 5472  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:40:51.0935 5472  SCardSvr - ok
15:40:51.0950 5472  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:40:51.0981 5472  scfilter - ok
15:40:52.0013 5472  [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule        C:\Windows\system32\schedsvc.dll
15:40:52.0075 5472  Schedule - ok
15:40:52.0122 5472  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:40:52.0138 5472  SCPolicySvc - ok
15:40:52.0185 5472  [ 66E29CADF9FF6C8325C356BDD617F7EA ] sdbus           C:\Windows\System32\drivers\sdbus.sys
15:40:52.0200 5472  sdbus - ok
15:40:52.0216 5472  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:40:52.0232 5472  SDRSVC - ok
15:40:52.0278 5472  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
15:40:52.0294 5472  sdstor - ok
15:40:52.0310 5472  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:40:52.0325 5472  secdrv - ok
15:40:52.0341 5472  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
15:40:52.0357 5472  seclogon - ok
15:40:52.0372 5472  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
15:40:52.0388 5472  SENS - ok
15:40:52.0403 5472  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:40:52.0419 5472  SensrSvc - ok
15:40:52.0435 5472  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
15:40:52.0450 5472  SerCx - ok
15:40:52.0466 5472  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
15:40:52.0482 5472  Serenum - ok
15:40:52.0482 5472  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
15:40:52.0513 5472  Serial - ok
15:40:52.0513 5472  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
15:40:52.0544 5472  sermouse - ok
15:40:52.0575 5472  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
15:40:52.0591 5472  SessionEnv - ok
15:40:52.0638 5472  [ 415B1326C40A2E1F251A3845B9C7DF31 ] SFEP            C:\Windows\System32\drivers\SFEP.sys
15:40:52.0669 5472  SFEP - ok
15:40:52.0685 5472  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
15:40:52.0700 5472  sfloppy - ok
15:40:52.0747 5472  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:40:52.0794 5472  SharedAccess - ok
15:40:52.0872 5472  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:40:52.0919 5472  ShellHWDetection - ok
15:40:52.0935 5472  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:40:52.0950 5472  SiSRaid2 - ok
15:40:52.0966 5472  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:40:52.0982 5472  SiSRaid4 - ok
15:40:53.0013 5472  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:40:53.0028 5472  SkypeUpdate - ok
15:40:53.0044 5472  [ 4A2972573225A2DE4DEC0AD68529DF0F ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
15:40:53.0060 5472  SmbDrvI - ok
15:40:53.0091 5472  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:40:53.0107 5472  SNMPTRAP - ok
15:40:53.0169 5472  [ CC7041283CE3AEC7912636F0918B5A37 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
15:40:53.0185 5472  SOHCImp - ok
15:40:53.0216 5472  [ F318A96C1B42215F8A03D4325AB977AD ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
15:40:53.0232 5472  SOHDms - ok
15:40:53.0247 5472  [ 91B5B1FEC3F396A99C2AC3C37ACF84D0 ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
15:40:53.0247 5472  SOHDs - ok
15:40:53.0263 5472  [ AA0F913B69BCEC9655ECAAA2312B29D9 ] SOWS            C:\Windows\System32\drivers\sows.sys
15:40:53.0310 5472  SOWS - ok
15:40:53.0341 5472  [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
15:40:53.0357 5472  spaceport - ok
15:40:53.0388 5472  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
15:40:53.0403 5472  SpbCx - ok
15:40:53.0466 5472  [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
15:40:53.0482 5472  SpfService - ok
15:40:53.0560 5472  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
15:40:53.0591 5472  Spooler - ok
15:40:53.0700 5472  [ EC84D961501054F87A6878EC5D53388F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:40:53.0872 5472  sppsvc - ok
15:40:53.0903 5472  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:40:53.0981 5472  srv - ok
15:40:54.0012 5472  [ C2106BB710AA34A046126AED7BCA6964 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:40:54.0059 5472  srv2 - ok
15:40:54.0059 5472  [ 9400C71F5A1A380B494B6922F007D485 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:40:54.0075 5472  srvnet - ok
15:40:54.0106 5472  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:40:54.0122 5472  SSDPSRV - ok
15:40:54.0122 5472  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:40:54.0153 5472  SstpSvc - ok
15:40:54.0169 5472  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:40:54.0184 5472  stexstor - ok
15:40:54.0200 5472  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
15:40:54.0247 5472  stisvc - ok
15:40:54.0247 5472  [ C588BBD37B432CE3204E5765B459E6B2 ] storahci        C:\Windows\system32\drivers\storahci.sys
15:40:54.0262 5472  storahci - ok
15:40:54.0278 5472  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
15:40:54.0278 5472  storflt - ok
15:40:54.0294 5472  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
15:40:54.0294 5472  StorSvc - ok
15:40:54.0294 5472  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:40:54.0309 5472  storvsc - ok
15:40:54.0325 5472  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
15:40:54.0356 5472  svsvc - ok
15:40:54.0372 5472  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
15:40:54.0372 5472  swenum - ok
15:40:54.0387 5472  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
15:40:54.0419 5472  swprv - ok
15:40:54.0466 5472  [ 157DFCD1E83E964A5074742AE2DFA0C1 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:40:54.0481 5472  SynTP - ok
15:40:54.0512 5472  [ DC21E1F06343773D7E24362DCEF7944B ] SysMain         C:\Windows\system32\sysmain.dll
15:40:54.0575 5472  SysMain - ok
15:40:54.0606 5472  [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
15:40:54.0637 5472  SystemEventsBroker - ok
15:40:54.0653 5472  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
15:40:54.0684 5472  TabletInputService - ok
15:40:54.0716 5472  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:40:54.0747 5472  TapiSrv - ok
15:40:54.0809 5472  [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:40:54.0887 5472  Tcpip - ok
15:40:54.0934 5472  [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:40:54.0966 5472  TCPIP6 - ok
15:40:54.0981 5472  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:40:54.0997 5472  tcpipreg - ok
15:40:54.0997 5472  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:40:55.0028 5472  tdx - ok
15:40:55.0044 5472  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
15:40:55.0044 5472  terminpt - ok
15:40:55.0091 5472  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
15:40:55.0106 5472  TermService - ok
15:40:55.0106 5472  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
15:40:55.0137 5472  Themes - ok
15:40:55.0169 5472  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
15:40:55.0184 5472  THREADORDER - ok
15:40:55.0200 5472  [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
15:40:55.0216 5472  TimeBroker - ok
15:40:55.0247 5472  [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM             C:\Windows\system32\drivers\tpm.sys
15:40:55.0262 5472  TPM - ok
15:40:55.0278 5472  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
15:40:55.0294 5472  TrkWks - ok
15:40:55.0325 5472  [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:40:55.0341 5472  TrustedInstaller - ok
15:40:55.0372 5472  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:40:55.0372 5472  TsUsbFlt - ok
15:40:55.0387 5472  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
15:40:55.0403 5472  TsUsbGD - ok
15:40:55.0419 5472  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:40:55.0466 5472  tunnel - ok
15:40:55.0481 5472  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:40:55.0497 5472  uagp35 - ok
15:40:55.0497 5472  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
15:40:55.0512 5472  UASPStor - ok
15:40:55.0544 5472  [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
15:40:55.0544 5472  UCX01000 - ok
15:40:55.0575 5472  [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:40:55.0591 5472  udfs - ok
15:40:55.0606 5472  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:40:55.0622 5472  UI0Detect - ok
15:40:55.0622 5472  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:40:55.0637 5472  uliagpkx - ok
15:40:55.0637 5472  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
15:40:55.0669 5472  umbus - ok
15:40:55.0669 5472  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
15:40:55.0669 5472  UmPass - ok
15:40:55.0700 5472  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
15:40:55.0716 5472  UmRdpService - ok
15:40:55.0794 5472  [ E1A119AD21F5AFE22EB516C549306D3D ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:40:55.0809 5472  UNS - ok
15:40:55.0841 5472  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
15:40:55.0856 5472  upnphost - ok
15:40:55.0872 5472  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
15:40:55.0887 5472  usbccgp - ok
15:40:55.0903 5472  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
15:40:55.0919 5472  usbcir - ok
15:40:55.0934 5472  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
15:40:55.0950 5472  usbehci - ok
15:40:55.0966 5472  [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub          C:\Windows\System32\drivers\usbhub.sys
15:40:55.0997 5472  usbhub - ok
15:40:56.0012 5472  [ B7A948501424805571BF562BB0BFE31D ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
15:40:56.0028 5472  USBHUB3 - ok
15:40:56.0044 5472  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
15:40:56.0059 5472  usbohci - ok
15:40:56.0059 5472  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
15:40:56.0091 5472  usbprint - ok
15:40:56.0122 5472  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:40:56.0137 5472  usbscan - ok
15:40:56.0153 5472  [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
15:40:56.0153 5472  USBSTOR - ok
15:40:56.0169 5472  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
15:40:56.0184 5472  usbuhci - ok
15:40:56.0231 5472  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:40:56.0247 5472  usbvideo - ok
15:40:56.0278 5472  [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
15:40:56.0309 5472  USBXHCI - ok
15:40:56.0356 5472  [ A3C75F5220CAB16A29784433DC241A5B ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
15:40:56.0372 5472  VAIO Event Service - ok
15:40:56.0434 5472  [ 8EF62038EBD54C240486A36F9259C64A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
15:40:56.0466 5472  VAIO Power Management - ok
15:40:56.0481 5472  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
15:40:56.0481 5472  VaultSvc - ok
15:40:56.0544 5472  [ 5B9E9B509770422967D2126E7D4F01EA ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
15:40:56.0606 5472  VCFw - ok
15:40:56.0653 5472  [ 3FD6585C0C2B3730DF30CFB8F41E1335 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
15:40:56.0653 5472  VCService - ok
15:40:56.0669 5472  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:40:56.0684 5472  vdrvroot - ok
15:40:56.0716 5472  [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds             C:\Windows\System32\vds.exe
15:40:56.0747 5472  vds - ok
15:40:56.0747 5472  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
15:40:56.0763 5472  VerifierExt - ok
15:40:56.0778 5472  [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
15:40:56.0794 5472  vhdmp - ok
15:40:56.0809 5472  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
15:40:56.0825 5472  viaide - ok
15:40:56.0825 5472  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:40:56.0825 5472  vmbus - ok
15:40:56.0841 5472  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
15:40:56.0841 5472  VMBusHID - ok
15:40:56.0872 5472  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
15:40:56.0903 5472  vmicheartbeat - ok
15:40:56.0919 5472  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
15:40:56.0934 5472  vmickvpexchange - ok
15:40:56.0950 5472  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
15:40:56.0966 5472  vmicrdv - ok
15:40:56.0966 5472  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
15:40:56.0981 5472  vmicshutdown - ok
15:40:56.0981 5472  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
15:40:56.0997 5472  vmictimesync - ok
15:40:56.0997 5472  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
15:40:57.0013 5472  vmicvss - ok
15:40:57.0013 5472  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:40:57.0028 5472  volmgr - ok
15:40:57.0028 5472  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:40:57.0044 5472  volmgrx - ok
15:40:57.0059 5472  [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:40:57.0075 5472  volsnap - ok
15:40:57.0091 5472  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
15:40:57.0091 5472  vpci - ok
15:40:57.0122 5472  [ 80E63B86C40C5E067475DC98F845A6DD ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
15:40:57.0138 5472  vpnagent - ok
15:40:57.0153 5472  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
15:40:57.0153 5472  vpnva - ok
15:40:57.0169 5472  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:40:57.0169 5472  vsmraid - ok
15:40:57.0216 5472  [ EA658570314042C914964FC72AB50E6B ] VSS             C:\Windows\system32\vssvc.exe
15:40:57.0294 5472  VSS - ok
15:40:57.0294 5472  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
15:40:57.0309 5472  VSTXRAID - ok
15:40:57.0388 5472  [ 8B54E63C1496FE7D92135DAECEC384D1 ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
15:40:57.0450 5472  VUAgent - ok
15:40:57.0466 5472  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:40:57.0466 5472  vwifibus - ok
15:40:57.0481 5472  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:40:57.0481 5472  vwififlt - ok
15:40:57.0481 5472  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:40:57.0513 5472  vwifimp - ok
15:40:57.0544 5472  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
15:40:57.0669 5472  W32Time - ok
15:40:57.0684 5472  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
15:40:57.0700 5472  WacomPen - ok
15:40:57.0731 5472  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:40:57.0747 5472  Wanarp - ok
15:40:57.0747 5472  [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:40:57.0747 5472  Wanarpv6 - ok
15:40:57.0794 5472  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
15:40:57.0872 5472  wbengine - ok
15:40:57.0903 5472  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:40:57.0934 5472  WbioSrvc - ok
15:40:57.0934 5472  [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
15:40:57.0966 5472  Wcmsvc - ok
15:40:57.0997 5472  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:40:58.0013 5472  wcncsvc - ok
15:40:58.0028 5472  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:40:58.0044 5472  WcsPlugInService - ok
15:40:58.0075 5472  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
15:40:58.0091 5472  Wd - ok
15:40:58.0091 5472  [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
15:40:58.0106 5472  WdBoot - ok
15:40:58.0138 5472  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:40:58.0153 5472  Wdf01000 - ok
15:40:58.0153 5472  [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
15:40:58.0169 5472  WdFilter - ok
15:40:58.0169 5472  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:40:58.0184 5472  WdiServiceHost - ok
15:40:58.0184 5472  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:40:58.0200 5472  WdiSystemHost - ok
15:40:58.0216 5472  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
15:40:58.0231 5472  WebClient - ok
15:40:58.0247 5472  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:40:58.0263 5472  Wecsvc - ok
15:40:58.0278 5472  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:40:58.0294 5472  wercplsupport - ok
15:40:58.0309 5472  [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:40:58.0341 5472  WerSvc - ok
15:40:58.0341 5472  [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
15:40:58.0356 5472  WFPLWFS - ok
15:40:58.0372 5472  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
15:40:58.0403 5472  WiaRpc - ok
15:40:58.0434 5472  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:40:58.0450 5472  WIMMount - ok
15:40:58.0466 5472  WinDefend - ok
15:40:58.0513 5472  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
15:40:58.0559 5472  WinHttpAutoProxySvc - ok
15:40:58.0606 5472  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:40:58.0622 5472  Winmgmt - ok
15:40:58.0716 5472  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:40:58.0809 5472  WinRM - ok
15:40:58.0841 5472  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:40:58.0872 5472  WinUsb - ok
15:40:58.0935 5472  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
15:40:58.0981 5472  WlanSvc - ok
15:40:59.0028 5472  [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
15:40:59.0091 5472  wlidsvc - ok
15:40:59.0106 5472  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
15:40:59.0122 5472  WmiAcpi - ok
15:40:59.0153 5472  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:40:59.0169 5472  wmiApSrv - ok
15:40:59.0200 5472  WMPNetworkSvc - ok
15:40:59.0216 5472  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
15:40:59.0247 5472  wpcfltr - ok
15:40:59.0263 5472  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:40:59.0294 5472  WPCSvc - ok
15:40:59.0310 5472  [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:40:59.0341 5472  WPDBusEnum - ok
15:40:59.0356 5472  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
15:40:59.0372 5472  WpdUpFltr - ok
15:40:59.0403 5472  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:40:59.0435 5472  ws2ifsl - ok
15:40:59.0450 5472  [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:40:59.0497 5472  wscsvc - ok
15:40:59.0513 5472  [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
15:40:59.0528 5472  WSDPrintDevice - ok
15:40:59.0528 5472  WSearch - ok
15:40:59.0591 5472  [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService       C:\Windows\System32\WSService.dll
15:40:59.0685 5472  WSService - ok
15:40:59.0778 5472  [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv        C:\Windows\system32\wuaueng.dll
15:40:59.0856 5472  wuauserv - ok
15:40:59.0872 5472  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:40:59.0888 5472  WudfPf - ok
15:40:59.0903 5472  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
15:40:59.0919 5472  WUDFRd - ok
15:40:59.0950 5472  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:40:59.0981 5472  wudfsvc - ok
15:40:59.0997 5472  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
15:41:00.0013 5472  WUDFWpdFs - ok
15:41:00.0028 5472  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
15:41:00.0044 5472  WUDFWpdMtp - ok
15:41:00.0075 5472  [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:41:00.0106 5472  WwanSvc - ok
15:41:00.0169 5472  [ 918C73F0275D7813E6F01E100B39DBD9 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
15:41:00.0185 5472  ZAtheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
15:41:00.0185 5472  ZAtheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
15:41:00.0216 5472  ================ Scan global ===============================
15:41:00.0263 5472  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
15:41:00.0294 5472  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
15:41:00.0310 5472  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
15:41:00.0341 5472  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
15:41:00.0356 5472  [Global] - ok
15:41:00.0356 5472  ================ Scan MBR ==================================
15:41:00.0372 5472  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:41:00.0513 5472  \Device\Harddisk0\DR0 - ok
15:41:00.0513 5472  ================ Scan VBR ==================================
15:41:00.0513 5472  [ 7F024544F8077B744646E1C89262FC6C ] \Device\Harddisk0\DR0\Partition1
15:41:00.0513 5472  \Device\Harddisk0\DR0\Partition1 - ok
15:41:00.0544 5472  [ 7DB589C0037A2130188E1BC1F1990EAC ] \Device\Harddisk0\DR0\Partition2
15:41:00.0544 5472  \Device\Harddisk0\DR0\Partition2 - ok
15:41:00.0560 5472  [ DFAA04F2DBB41F14B0144EFFDB60AAA4 ] \Device\Harddisk0\DR0\Partition3
15:41:00.0560 5472  \Device\Harddisk0\DR0\Partition3 - ok
15:41:00.0575 5472  [ CA139E4C6472338501A1B6ACD959D7E8 ] \Device\Harddisk0\DR0\Partition4
15:41:00.0575 5472  \Device\Harddisk0\DR0\Partition4 - ok
15:41:00.0591 5472  [ 03F141408B1B7A78C103D390E109A0CB ] \Device\Harddisk0\DR0\Partition5
15:41:00.0591 5472  \Device\Harddisk0\DR0\Partition5 - ok
15:41:00.0622 5472  [ 3747BACECA3B5A9305BDB64816272145 ] \Device\Harddisk0\DR0\Partition6
15:41:00.0622 5472  \Device\Harddisk0\DR0\Partition6 - ok
15:41:00.0622 5472  ============================================================
15:41:00.0622 5472  Scan finished
15:41:00.0622 5472  ============================================================
15:41:00.0638 3228  Detected object count: 1
15:41:00.0638 3228  Actual detected object count: 1
15:41:48.0257 3228  ZAtheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
15:41:48.0257 3228  ZAtheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 28.01.2013, 11:16

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

BTB4L · 28.01.2013, 12:40

Mir ist gerade leider erst etwas aufgefallen. Mein Laptop speichert die Dateien immer ohne zu fragen, wo, gleich unter Downloads, also habe ich die vorherigen Programme (aswMBR und TDSS) von dort gestartet. Stellt dies ein Problem dar und sollte ich dies nochmal wiederholen, vom Desktop aus?
Vg

cosinus · 28.01.2013, 13:31

Rechtsklick => Speicherung unter => Desktop auswählen

BTB4L · 28.01.2013, 16:42

hallo,
combofix meldet beim versuch der ausführung, dass es nicht kompatibel für windows 8 ist und lässt sich auch nicht im kompatibilitätsmodus ausführen...was nun?

cosinus · 28.01.2013, 16:47

Ähm ja

mein Fehler, CF läuft auf Win8 noch nicht

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

BTB4L · 28.01.2013, 16:59

anbei, danke!

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 28/01/2013 um 16:53:47 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : *** - VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\v6uz76t9.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [804 octets] - [28/01/2013 16:53:47]

########## EOF - C:\AdwCleaner[R1].txt - [863 octets] ##########

cosinus · 28.01.2013, 17:05

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

BTB4L · 28.01.2013, 17:59

Code:

ATTFilter

# AdwCleaner v2.109 - Datei am 28/01/2013 um 17:30:54 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : *** - VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\v6uz76t9.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [931 octets] - [28/01/2013 16:53:47]
AdwCleaner[S1].txt - [865 octets] - [28/01/2013 17:30:54]

########## EOF - C:\AdwCleaner[S1].txt - [924 octets] ##########

Code:

ATTFilter

OTL logfile created on: 28.01.2013 17:39:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\,***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 77,59% Memory free
6,89 Gb Paging File | 5,41 Gb Available in Paging File | 78,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 662,54 Gb Total Space | 614,20 Gb Free Space | 92,70% Space Free | Partition Type: NTFS
 
Computer Name: VAIO | User Name: ,*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\,***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Programme\Sony\VAIO Care\listener.exe ()
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
PRC - C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe (Avaya)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Sony\VAIO Care\listener.exe ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\ServiceManagerStarter.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll ()
MOD - C:\Program Files (x86)\Intel\IntelAppStore\bin\DeviceProfile.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (McOobeSv2) -- C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe ()
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (NetworkSupport) -- C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (NvcSvcMgr) -- C:\Program Files (x86)\Avaya\Avaya VPN Client\NvcSvcMgr.exe (Avaya)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_VDP) -- C:\Windows\SysNative\Drivers\btath_vdp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\Drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\Drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\Drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\Drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)
DRV:64bit: - (SOWS) -- C:\Windows\SysNative\Drivers\sows.sys (Sony Corporation)
DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\Drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (nvcwfpco) -- C:\Windows\SysNative\Drivers\nvcwfpco.sys (Avaya)
DRV:64bit: - (NT_NvcA) -- C:\Windows\SysNative\Drivers\ntnvca.sys (Avaya)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu [binary data]
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://vaioportal.sony.eu [binary data]
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://sony13.msn.com
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\..\SearchScopes\{4335BCCD-307B-410A-BFDE-7CE8FF0BC59E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\..\SearchScopes\{99F594D8-CBFE-4CA0-ADFD-0328FDA0E8F1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q312&_nkw={searchTerms}
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1938747887-848816128-2372482076-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 11:40:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.22 20:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\,***\AppData\Roaming\mozilla\Extensions
[2013.01.19 11:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.01.19 11:40:16 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NVC] C:\Program Files (x86)\Avaya\Avaya VPN Client\Nvc.exe (Avaya)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\,***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\,***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://ciscovpn.rrze.uni-erlangen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20BF2B22-360B-4893-88A1-821F7A6F32B4}: NameServer = 141.67.44.21,141.67.44.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882680D9-9FDC-4255-A2FE-3C923896138E}: DhcpNameServer = 83.169.184.225 83.169.184.161
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8c16f796-3358-11e2-be73-083e8ed83924}\Shell - "" = AutoRun
O33 - MountPoints2\{8c16f796-3358-11e2-be73-083e8ed83924}\Shell\AutoRun\command - "" = "E:\LaunchU3.exe" -a
O33 - MountPoints2\{ac19dfe5-3564-11e2-be78-083e8ed83924}\Shell - "" = AutoRun
O33 - MountPoints2\{ac19dfe5-3564-11e2-be78-083e8ed83924}\Shell\AutoRun\command - "" = "E:\Setup.exe" 
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = "E:\Setup.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.28 12:22:36 | 005,028,084 | ---- | C] (Swearware) -- C:\Users\,***\Desktop\ComboFix.exe
[2013.01.25 21:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.25 21:30:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.01.25 20:06:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\,***\Desktop\OTL.exe
[2013.01.24 01:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.01.24 01:14:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2013.01.24 01:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2013.01.24 01:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013.01.23 18:01:02 | 000,000,000 | ---D | C] -- C:\Users\,***\AppData\Roaming\Malwarebytes
[2013.01.23 18:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.23 18:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.23 18:00:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.23 18:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.23 17:59:37 | 000,000,000 | ---D | C] -- C:\Users\,***\AppData\Local\Programs
[2013.01.23 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.23 15:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.23 15:10:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.23 12:53:09 | 065,273,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2013.01.23 09:35:31 | 000,000,000 | ---D | C] -- C:\Users\,***\AppData\Roaming\Rnpvh
[2013.01.19 11:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.18 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.01.18 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.01.12 12:25:21 | 000,000,000 | ---D | C] -- C:\Users\,***\Local Settings
[2013.01.12 12:25:09 | 000,000,000 | ---D | C] -- C:\Temp
[2013.01.12 12:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avaya VPN Client
[2013.01.12 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\,***\AppData\Local\Avaya
[2013.01.12 12:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avaya
[2013.01.12 12:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avaya
[2013.01.11 22:17:00 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013.01.11 22:17:00 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013.01.11 22:16:59 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013.01.11 22:16:59 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013.01.11 22:16:57 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013.01.11 22:16:53 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.01.11 22:16:52 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.01.11 22:16:52 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013.01.11 22:16:52 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013.01.11 22:16:51 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.01.11 22:16:51 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.01.11 22:16:50 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013.01.11 22:16:50 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013.01.11 22:16:49 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013.01.11 22:16:49 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013.01.11 22:16:49 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013.01.11 22:16:49 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013.01.11 22:16:49 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013.01.11 22:16:48 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.01.11 22:16:48 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013.01.11 22:16:48 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013.01.11 22:16:47 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.01.11 22:16:47 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.01.11 22:16:46 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013.01.11 22:16:46 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013.01.11 22:16:46 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013.01.11 22:16:46 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.01.11 22:16:46 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.11 22:16:45 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013.01.11 22:16:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.01.11 22:16:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.01.11 22:16:45 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.01.11 22:16:45 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.01.11 22:16:44 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.01.11 22:16:44 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.01.11 22:16:44 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013.01.11 22:16:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013.01.11 22:16:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013.01.11 22:16:43 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013.01.11 22:16:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013.01.11 22:16:43 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.01.11 22:16:43 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013.01.11 22:16:43 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013.01.08 22:21:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013.01.08 22:21:09 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013.01.08 22:20:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013.01.08 22:20:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013.01.08 22:20:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.01.08 22:20:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.28 17:36:52 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.28 17:36:52 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.28 17:36:52 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.28 17:36:52 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.28 17:36:52 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.28 17:33:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.28 17:31:52 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.01.28 17:31:49 | 814,759,935 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.28 17:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.28 16:50:58 | 000,580,235 | ---- | M] () -- C:\Users\,***\Desktop\adwcleaner.exe
[2013.01.28 12:22:40 | 005,028,084 | ---- | M] (Swearware) -- C:\Users\,***\Desktop\ComboFix.exe
[2013.01.27 15:37:20 | 000,000,512 | ---- | M] () -- C:\Users\,***\Desktop\MBR.dat
[2013.01.27 10:54:23 | 000,001,047 | ---- | M] () -- C:\Users\,***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.27 10:54:15 | 000,001,019 | ---- | M] () -- C:\Users\,***\Desktop\Dropbox.lnk
[2013.01.25 20:09:18 | 000,000,000 | ---- | M] () -- C:\Users\,***\defogger_reenable
[2013.01.25 20:07:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\,***\Desktop\OTL.exe
[2013.01.24 22:03:47 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2013.01.24 01:14:29 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.01.23 18:00:23 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.23 15:10:13 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.01.18 23:36:02 | 000,690,529 | ---- | M] () -- C:\Users\,***f\Desktop\proof_corrected.pdf
[2013.01.18 09:43:00 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.18 00:06:33 | 000,715,251 | ---- | M] () -- C:\Users\,***\Desktop\proof.pdf
[2013.01.13 11:55:26 | 000,420,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 12:24:10 | 000,001,772 | ---- | M] () -- C:\Users\Public\Desktop\Avaya VPN Client.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.28 16:50:52 | 000,580,235 | ---- | C] () -- C:\Users\,***\Desktop\adwcleaner.exe
[2013.01.27 15:37:20 | 000,000,512 | ---- | C] () -- C:\Users\,***\Desktop\MBR.dat
[2013.01.25 20:09:18 | 000,000,000 | ---- | C] () -- C:\Users\,***\defogger_reenable
[2013.01.24 19:54:58 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2013.01.24 01:14:29 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2013.01.24 01:14:29 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013.01.23 18:00:23 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.18 10:58:42 | 000,690,529 | ---- | C] () -- C:\Users\,***\Desktop\proof_corrected.pdf
[2013.01.18 09:43:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.01.18 09:43:00 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.01.18 00:06:33 | 000,715,251 | ---- | C] () -- C:\Users\,***\Desktop\proof.pdf
[2013.01.13 11:55:19 | 000,420,984 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 12:24:10 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\Avaya VPN Client.lnk
[2012.11.22 19:55:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.11.17 16:15:40 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012.10.31 17:05:53 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.10.31 15:27:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.21 11:02:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.08.21 11:02:51 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.08.21 11:02:50 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2012.12.04 21:01:11 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 28.01.2013 17:39:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\,***\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,95 Gb Total Physical Memory | 4,62 Gb Available Physical Memory | 77,59% Memory free
6,89 Gb Paging File | 5,41 Gb Available in Paging File | 78,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 662,54 Gb Total Space | 614,20 Gb Free Space | 92,70% Space Free | Partition Type: NTFS
 
Computer Name: VAIO | User Name: ,*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X4 durchsuchen] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mit Corel PaintShop Pro X4 durchsuchen] -- "C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{137885FE-EC71-452B-88A4-592A35616F22}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1CFFCCB1-3506-49B2-A3CA-D578330DA55A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{274798CA-8289-4CEC-936C-FC8756D754F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2D01F3D9-A311-4D58-8908-BD70A18224EF}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2FDA182A-71A9-4E26-BFCA-5C7BE83462FB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4C3786F7-B040-47D4-86AB-56BB08C3D6DC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{505E025B-D2FC-49FB-AE22-FC98590EBD11}" = rport=137 | protocol=17 | dir=out | app=system | 
"{52F7B9E9-11CB-4BAE-9E49-6DEE49403C41}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{55717ACF-2EE5-403F-A803-4523AD755400}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B2E9D4D-D112-4137-837E-8D0E7DFE3B4E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6180884D-97E6-42FB-A1F3-80D6F968B690}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65F8995A-8A03-40A0-87BA-DA10BED37E6B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{70012FE8-5CAA-48D6-9E5A-3AD1AE579FD8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C958A0B-E6D7-488D-8937-F74EB874D96B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98F868C7-51BA-4292-85DA-DE8DD39AD02F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AAEFB38F-7C4C-4DC7-B385-F7ECE133AD0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B2DC73CC-3F18-406E-B80F-976956F59554}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0CC61F9-93DF-4363-AB7F-6052954EEE5F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CC92E406-299A-48E1-BCC3-4195E739C29C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E72CF734-1312-41D4-BAB4-67B9752E0ECB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FE604B31-1701-4961-AEC4-0A4F1191790A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011F1B1B-B790-42A9-9AF6-0B20A3429F25}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{028CDDE2-48FE-4BC6-8069-BF6C18230969}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{03C6D0FD-37CD-4A6A-AF25-6D7D9A0ACB77}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{06DA9A47-4EFB-499B-84C3-AA415EF026B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{14618913-EB29-46A7-AC86-472379B06212}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{1D39243C-F9C0-4130-8C79-BBCDB36DC25F}" = dir=in | name=skype | 
"{2001F502-602A-472F-A92A-E86899AFE3BB}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{23B0CB1F-37BB-43EE-9EFD-3AE7E0FD234A}" = dir=out | name=wordament | 
"{31A23F63-6416-4C91-B423-2A466D6828B7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{34736CA1-6D3F-45A2-A3F0-C9AF794AEC16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D2CBD96-CF31-45CA-9578-1A629D33D88E}" = dir=out | name=skype | 
"{3DA18A38-6E66-43DB-854B-D971A90F8106}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{402E011E-8C84-4BE4-AA4A-AB88766F5A46}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4235D741-E634-4158-BB21-F584E8F8A404}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{455701A2-8CC5-4264-8365-0E50175F58C6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{4A9214EE-85C4-4556-B2A7-59D65707F21E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{535AE1CE-B414-4B13-B55D-5460C686929C}" = dir=out | name=vaio message center | 
"{5678983E-6B0B-4D7F-B5BB-1E7922485C5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56EF91D5-1E2C-4738-8C95-036DA3A7E22A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5729AC1A-719A-4A25-AB47-CBF25E5E44B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5A1BD473-1544-43D9-8ECE-5FD5B8913950}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{675248C4-D140-42B8-BA45-EB30AF039F65}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{71748A12-69B8-49F9-A721-E653590EA160}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{739C4F4B-A42C-41A4-A120-7179C2D3C273}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{766EC5CF-E5A6-4075-9FB4-954135725859}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{76C42C3B-5AAD-4378-B1C4-A5A3CE0D5C44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C489B3C-F09B-4FDF-B66B-0D9355B44B39}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7CF6505B-A35F-43EF-B4F8-D6A58BAA6B6B}" = dir=out | name=vaio care | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{84040648-8A1C-4587-B374-D1C26A2F5C52}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{881007E2-6FA5-43A2-8E24-4E2A8E1A045E}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{891A9D4C-1072-4A52-AE3C-C7AE2BA6F052}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{8C688063-BFE0-4659-B24F-F03E0750AFE9}" = dir=out | name=microsoft solitaire collection | 
"{90A5374D-6495-44D6-9530-9E91EF59823F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9229F0FA-7557-4BDA-A57F-8B7C3EDEE00D}" = protocol=6 | dir=out | app=system | 
"{92C1EABC-AEC4-4FA6-9EB9-A474E70C06F4}" = dir=out | name=taptiles | 
"{950A197B-A14A-4A38-AFD5-95CA0C8C0E5D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9A57BCEF-B4A1-441A-B360-A3C9E4A58EA7}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{A2039910-FAE8-4BC8-A87B-D3BC34E99F15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4E50211-5355-4352-9A17-D8DEAB53CA0C}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{B62D39A6-6D03-4A03-AE17-DC4E3A3BB820}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{B6538220-81D1-4159-9865-46531F8C5253}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BA8DC5B0-E862-40BF-900C-AA8511C674AF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{BB0400C0-6E93-4442-992F-025A9079904F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BB6111B7-A8B8-456A-8231-D8D775DD779B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C39F6D39-C9ED-4766-865E-5F37073E78F5}" = protocol=6 | dir=in | app=c:\users\,***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C9D2803F-523A-42A5-AEE3-EE09FCEA7DA1}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{CD498B19-DAC3-4B86-A047-484C1DAD8AE6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D87BBE26-083F-4362-88B1-E4FB52CEE07A}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{DA503DEC-3D0D-4FCF-AE17-DE889375FB0E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{E6EEC10A-B7E3-46FC-B35B-83B07338A61B}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7FA815C-9037-4ABB-8D05-2FF1F9025CEA}" = dir=in | name=vaio care | 
"{E8946A04-46C7-48CC-BC6F-2739CAB41D91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{E9E70FBF-AEA3-4EF3-AD39-F1E5CDCF25D1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{ED52C4C3-FC2E-4A9E-9809-759ADE835C5D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EFA816B0-0D64-4D9D-A4DF-CC84A8544F2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F4E8142B-A10A-403A-A8DC-0929274DDD9E}" = protocol=17 | dir=in | app=c:\users\,***f\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F5446D1E-A1ED-4DE6-AC3E-8B4EF87C05D2}" = dir=out | name=microsoft minesweeper | 
"{F6426D2B-77F3-460E-8E83-F6AAFB129F18}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{F6E66A39-C2BE-4F19-BBE4-BC39D09C1B85}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F9B0A41D-BF84-43CF-AD98-71CAB68DB0FA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FDF39097-A0E7-4AAA-998F-1DAB6D5343D4}" = dir=out | name=windows_ie_ac_001 | 
"TCP Query User{B8D4CE25-01F7-419D-8164-C9E6A1E95282}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{FD8E3B47-0202-4B0F-B708-DCF2F734E381}C:\users\,***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\,***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{CB495D96-7416-48A6-AC2F-B62870CD00C3}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{F38A7CF9-E9BB-4C95-BC53-272FD0972C83}C:\users\,***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\,***\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B432082-B58C-4035-91FB-F28D504D3148}" = VUx64
"{4EC5CF64-2E59-411D-0822-220111005100}" = Avaya VPN Client
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = VSSTx64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5388ABD8-6E23-4498-BE10-01079387590F}" = VGClientX64
"{563F8449-4B3A-97E2-7A81-4F759B839A24}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62A172B2-550E-499D-9A82-5190D18390AA}" = VAIO Media Server Settings
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{AB447E3B-7A95-4CA6-8ECD-B25C96314B67}" = VCCx64
"{AF091FA7-20BF-49D4-4C98-4E4AD04D6FB3}" = AMD Catalyst Install Manager
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{E0F928B4-2BB2-4D7E-B16E-2B202CB58EDE}" = VAIO Care
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00A663F1-6C03-48CA-8E85-55806AAE2615}" = VAIO Movie Creator Template Data
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{10181264-340D-4BE7-B879-3A49604A6FD1}" = VUx86
"{1231D46E-3174-4F1F-859E-41DCB0D070D2}" = mediscript Hammerexamen
"{14AC95A2-7675-4988-A5BD-3F5B943AED08}" = VAIO Gate
"{213A3194-8823-AF6B-C337-7F30BFDF6E24}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{316417DF-A8D7-7205-62E1-936888623793}" = CCC Help Finnish
"{3490653F-2789-46A1-B1BF-6BD4CF4131AB}" = FDUx86
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F2023E0-E239-2949-FE8F-109AE94F6FEE}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D189642-1AEE-FF5C-C22B-C475E8F5277E}" = CCC Help Czech
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51A80EB0-B405-11E1-9C1E-005056C00008}" = SCS Shortcut
"{5597C927-029A-46A7-A0C0-8DABD9891A50}" = VAIO Image Optimizer
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{59CBE755-0DB7-6D38-7844-D3F64C02C276}" = CCC Help French
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{628B0EA5-5DDA-8B14-564C-4118AD6BB510}" = CCC Help Chinese Standard
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{6422F3DE-C1B3-D119-CD48-2C5DC279848F}" = CCC Help Norwegian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{692955F2-DE9F-4078-8FAA-858D6F3A1776}" = VAIO Gesture Control
"{6E9E809C-11A1-8200-EC5C-11F6BF9AF20A}" = CCC Help German
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}" = VMLx86
"{7F6E0234-231C-49C5-AB31-6BAB49E3C3A4}" = Catalyst Control Center - Branding
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{857087BB-A988-4462-A5C6-CF6739143B56}" = KUx86
"{86B3F2D6-AC2B-0016-8AE1-F2F77F781B0C}" = EndNote X6
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{97104137-F5C1-2942-D133-7C2270A86522}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC49216-ACA9-20FA-E3B9-0086E068A54E}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8112DB-3490-4BF1-AAFA-1D224FFB5D3C}" = VHD
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A5FBFE07-B781-EFFB-35DF-257FF747FA31}" = CCC Help Russian
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"{AA4B3623-6213-41EC-9BFB-F001D72C47A6}" = VAIO Gesture Control
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AD987AA5-9763-8B69-8DB3-7F89C4FE1E8A}" = CCC Help Hungarian
"{B24BB74E-8359-43AA-985A-8E80C9219C70}" = VSSTx86
"{B27588E3-A374-CC37-B0C1-3CB424620019}" = CCC Help Turkish
"{B31938C7-7E97-49EE-8F88-951E156268A3}" = VCCx86
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{B8D91D32-0820-4D76-8D95-2EB69392BA08}" = CCC Help Portuguese
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO*CPU-Lüfterdiagnose
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C37139BF-04DB-DF3C-19A4-99A5516C1507}" = CCC Help Chinese Traditional
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{CA17221C-586B-89E0-66CB-DA5C050BFB22}" = Catalyst Control Center Localization All
"{CD650B6A-FE79-40E0-A069-299CF6575E6B}" = XperiaLinkx86
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D8B63B13-8508-596F-8160-ACEA2FA39FA5}" = Catalyst Control Center Graphics Previews Common
"{D91558BF-D1F3-411F-AEFE-8774CB406512}" = VAIO - Xperia Link
"{D96F904B-1145-83E2-09B3-12153541EAF7}" = CCC Help Dutch
"{E5D82C0C-4AD7-5CC5-942C-72B749EFEE0D}" = CCC Help Korean
"{E64E9130-B2DD-3124-07BD-B767D51FDB8A}" = CCC Help Thai
"{E8597443-184D-4531-EEAE-211698F90205}" = CCC Help Danish
"{ECCEB4D0-7080-4F8A-B498-E40A32A4FBED}" = Restore
"{EF0ACDFD-39CB-396F-1F23-EC861885DA29}" = CCC Help Polish
"{EFFEE375-EC29-15A3-5DB0-41658D9BB10C}" = CCC Help English
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D2A254-F2AE-EDE4-3CD2-AD8BDCC0B255}" = CCC Help Swedish
"{F7F163E1-4BF4-E56B-E400-B97D362E17CC}" = Catalyst Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FC520B48-BFFC-A91F-64D5-213EFD759783}" = CCC Help Greek
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}" = VAIO Movie Creator Template Data
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}" = VAIO Image Optimizer
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"Intel AppUp(SM) center 38645" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1938747887-848816128-2372482076-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2013 05:15:03 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsMpEng.exe, Version: 4.0.9200.16384,
 Zeitstempel: 0x5010a938  Name des fehlerhaften Moduls: mpengine.dll, Version: 1.1.9002.0,
 Zeitstempel: 0x509be9ae  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000005d81c
ID
 des fehlerhaften Prozesses: 0x10f8  Startzeit der fehlerhaften Anwendung: 0x01cde14b810f78a3
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Defender\MsMpEng.exe  Pfad des
 fehlerhaften Moduls: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4E86C946-5AB0-4891-9BF3-2FDCC0FA600B}\mpengine.dll
Berichtskennung:
 8d1ad1f2-57e1-11e2-be7c-083e8ed83924  Vollständiger Name des fehlerhaften Pakets:
   Anwendungs-ID, die relativ zum fehlerhaften Paket ist: 
 
Error - 11.01.2013 04:56:15 | Computer Name = VAIO | Source = SampleCollector | ID = 131331
Description = CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht 
auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.  
 
Error - 13.01.2013 12:09:22 | Computer Name = VAIO | Source = SampleCollector | ID = 131331
Description = CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht 
auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.  
 
Error - 17.01.2013 08:06:24 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.12.1.36415,
 Zeitstempel: 0x4f9afca4  Name des fehlerhaften Moduls: cryptnet.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x50108a86  Ausnahmecode: 0xc00001a5  Fehleroffset: 0x000176d4  ID des fehlerhaften
 Prozesses: 0xe14  Startzeit der fehlerhaften Anwendung: 0x01cdf4ab0e07d1e9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\cryptnet.dll  Berichtskennung: 4fb159b0-609e-11e2-be83-083e8ed83924
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 17.01.2013 08:06:29 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ismagent.exe, Version: 1.12.1.36415,
 Zeitstempel: 0x4f9afca4  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7782bda1  ID des fehlerhaften
 Prozesses: 0xe14  Startzeit der fehlerhaften Anwendung: 0x01cdf4ab0e07d1e9  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 52e58d91-609e-11e2-be83-083e8ed83924
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 18.01.2013 17:05:38 | Computer Name = VAIO | Source = SampleCollector | ID = 131331
Description = CreateFile:SState: Failed with error 0x20: Der Prozess kann nicht 
auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.  
 
Error - 23.01.2013 05:02:09 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: {CCCF-7CF730-7CFB30}, Version: 0.0.0.0,
 Zeitstempel: 0x50fe7dbf  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0070006d  ID des fehlerhaften
 Prozesses: 0xeb0  Startzeit der fehlerhaften Anwendung: 0x01cdf9485305eede  Pfad der
 fehlerhaften Anwendung: C:\Users\,***\AppData\Local\Temp\{CCCF-7CF730-7CFB30}
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 91143c9b-653b-11e2-be84-083e8ed83924
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 23.01.2013 05:22:24 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: {117BA-7CF730-7CFB30}, Version: 5.1.2600.5512,
 Zeitstempel: 0x50f83178  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
 Zeitstempel: 0x505aaa82  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000410fe  ID des fehlerhaften
 Prozesses: 0x350  Startzeit der fehlerhaften Anwendung: 0x01cdf94b274baab2  Pfad der
 fehlerhaften Anwendung: C:\Users\,***\AppData\Local\Temp\{117BA-7CF730-7CFB30}
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6527e648-653e-11e2-be84-083e8ed83924
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 23.01.2013 05:32:31 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: {B333-7CF730-7CFB30}, Version: 0.0.0.0,
 Zeitstempel: 0x50fe7dbf  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00830017  ID des fehlerhaften
 Prozesses: 0x1224  Startzeit der fehlerhaften Anwendung: 0x01cdf94c913d21c4  Pfad der
 fehlerhaften Anwendung: C:\Users\,***\AppData\Local\Temp\{B333-7CF730-7CFB30}
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: cefcc0c7-653f-11e2-be84-083e8ed83924
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 23.01.2013 06:34:04 | Computer Name = VAIO | Source = VSS | ID = 8194
Description = 
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 28.01.2013 12:31:26 | Computer Name = VAIO | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.
 
Error - 28.01.2013 12:32:02 | Computer Name = VAIO | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
 Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
 Das angegebene Objekt wurde nicht gefunden.   
 
Error - 28.01.2013 12:32:02 | Computer Name = VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
 616 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 28.01.2013 12:32:03 | Computer Name = VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CPhoneHomeAgent::InitPhoneHomeAgent File: ..\PhoneHomeAgent.cpp
Line:
 532 Illegal last reported time, using default value (0)
 
Error - 28.01.2013 12:32:21 | Computer Name = VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 28.01.2013 12:37:03 | Computer Name = VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 28.01.2013 12:37:03 | Computer Name = VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 28.01.2013 12:37:03 | Computer Name = VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
Error - 28.01.2013 12:37:03 | Computer Name = VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
 407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
 HTTP_SESSION_ERROR_DNS_RESOLUTION 
 
Error - 28.01.2013 12:37:03 | Computer Name = VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
 1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423 
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
 experence feedback data (C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility 
Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
 
[ System Events ]
Error - 23.01.2013 08:37:16 | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 23.01.2013 08:37:21 | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 23.01.2013 08:38:01 | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 23.01.2013 08:38:06 | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 23.01.2013 08:38:18 | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 23.01.2013 08:38:26 | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 23.01.2013 08:38:38 | Computer Name = VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 23.01.2013 08:39:11 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee OOBE Service2" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 23.01.2013 14:18:10 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee OOBE Service2" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 24.01.2013 13:00:05 | Computer Name = VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee OOBE Service2" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
 
< End of report >

28.01.2013, 13:31	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Defender findet Trojaner Rechtsklick => Speicherung unter => Desktop auswählen __________________ Logfiles bitte immer in CODE-Tags posten

Windows Defender findet Trojaner

Plagegeister aller Art und deren Bekämpfung: Windows Defender findet Trojaner