| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AntiVir meldet TR/Rogue.kdv.901925Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.03.2013, 15:54
| #1 |
 |  AntiVir meldet TR/Rogue.kdv.901925 Hallo Ihr Lieben, mein AntiVir hat eben bei einem RoutineScan das Virus TR/Rogue.kdv.901925. Ich habe nur gelesen bisher, dass es sich um einen gefährlichen Trojaner handelt. Da ich gerade meine Bachelorarbeit schreibe und wirklich alles auf meinem Rechner ist benötige ich dringend Hilfe und hoffe dass ihr mir helfen könnt den Virus zu beseitigen ohne dass ich meine Festplatte löschen muss  Danke und liebe Grüße Sandra |
|
18.03.2013, 15:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | AntiVir meldet TR/Rogue.kdv.901925 Hallo und
__________________ Wo bitte sind die Logs dazu?  Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.03.2013, 16:05
| #3 |
| | AntiVir meldet TR/Rogue.kdv.901925 der anfängerfehler tut mir leid, hab ein bisschen panik =(
__________________hoffe so ist es für den Anfang ok? Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 18. März 2013 13:14
Es wird nach 5219869 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ***
Versionsinformationen:
BUILD.DAT : 12.1.9.1236 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 14:04:00
AVSCAN.DLL : 12.3.0.15 66256 Bytes 07.09.2012 18:26:03
LUKE.DLL : 12.3.0.15 68304 Bytes 07.09.2012 18:25:59
AVSCPLR.DLL : 12.3.0.27 97064 Bytes 07.09.2012 18:25:55
AVREG.DLL : 12.3.0.33 232232 Bytes 07.09.2012 18:25:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 22:37:35
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:26:03
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 18:37:27
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 06:11:38
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 18:48:09
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 18:48:09
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 18:48:09
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 18:48:09
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 18:48:09
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 08:42:40
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 08:42:40
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 08:46:04
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 16:07:56
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 17:36:05
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 22:43:38
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 22:43:39
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 18:01:35
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 18:33:24
VBASE022.VDF : 7.11.64.106 1510912 Bytes 11.03.2013 19:11:26
VBASE023.VDF : 7.11.64.157 137216 Bytes 12.03.2013 19:11:25
VBASE024.VDF : 7.11.64.233 159744 Bytes 14.03.2013 19:11:33
VBASE025.VDF : 7.11.65.19 143360 Bytes 15.03.2013 19:11:28
VBASE026.VDF : 7.11.65.63 150528 Bytes 17.03.2013 12:14:06
VBASE027.VDF : 7.11.65.64 2048 Bytes 17.03.2013 12:14:06
VBASE028.VDF : 7.11.65.65 2048 Bytes 17.03.2013 12:14:06
VBASE029.VDF : 7.11.65.66 2048 Bytes 17.03.2013 12:14:06
VBASE030.VDF : 7.11.65.67 2048 Bytes 17.03.2013 12:14:06
VBASE031.VDF : 7.11.65.74 47104 Bytes 18.03.2013 12:14:07
Engineversion : 8.2.12.16
AEVDF.DLL : 8.1.2.10 102772 Bytes 07.09.2012 18:25:51
AESCRIPT.DLL : 8.1.4.98 475516 Bytes 14.03.2013 19:11:45
AESCN.DLL : 8.1.10.0 131445 Bytes 15.12.2012 10:12:30
AESBX.DLL : 8.2.5.12 606578 Bytes 07.09.2012 18:25:51
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:19:25
AEPACK.DLL : 8.3.2.2 827767 Bytes 14.03.2013 19:11:44
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 18:33:55
AEHEUR.DLL : 8.1.4.248 5804409 Bytes 14.03.2013 19:11:43
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:07:05
AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 17:25:41
AEEXP.DLL : 8.4.0.12 192886 Bytes 14.03.2013 19:11:45
AEEMU.DLL : 8.1.3.2 393587 Bytes 07.09.2012 18:25:49
AECORE.DLL : 8.1.31.2 201080 Bytes 20.02.2013 18:01:36
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:38:33
AVWINLL.DLL : 12.3.0.15 27344 Bytes 07.09.2012 18:25:56
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 14:03:59
AVREP.DLL : 12.3.0.15 179208 Bytes 07.09.2012 18:25:55
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 14:03:58
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 07.09.2012 18:25:54
SQLITE3.DLL : 3.7.0.1 398288 Bytes 07.09.2012 18:26:01
AVSMTP.DLL : 12.3.0.32 63480 Bytes 07.09.2012 18:25:55
NETNT.DLL : 12.3.0.15 17104 Bytes 07.09.2012 18:25:59
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 07.09.2012 18:26:04
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 14:03:47
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 18. März 2013 13:14
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBVolumeWatcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\***\AppData\Roaming\ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.kdv.901925
Die Registry wurde durchsucht ( '2942' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\Local\Temp\tmp8191d721\34.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.kdv.901925
C:\Users\***\AppData\Roaming\ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.kdv.901925
Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\tmp8191d721\34.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.kdv.901925
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54d18883.qua' verschoben!
Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich entfernt.
C:\Users\***\AppData\Roaming\ie_util.exe
[FUND] Ist das Trojanische Pferd TR/Rogue.kdv.901925
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c95a715.qua' verschoben!
[WARNUNG] Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> konnte nicht repariert werden.
[HINWEIS] Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
[HINWEIS] Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
[HINWEIS] Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
Ende des Suchlaufs: Montag, 18. März 2013 15:58
Benötigte Zeit: 2:29:12 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
35328 Verzeichnisse wurden überprüft
1999678 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1999675 Dateien ohne Befall
7143 Archive wurden durchsucht
1 Warnungen
2 Hinweise
|
|
18.03.2013, 16:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir meldet TR/Rogue.kdv.901925 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.03.2013, 16:50
| #5 |
| | AntiVir meldet TR/Rogue.kdv.901925 erledigt.. hier die Logs: Code:
ATTFilter OTL Extras logfile created on: 18.03.2013 16:14:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 48,87% Memory free
7,71 Gb Paging File | 5,57 Gb Available in Paging File | 72,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,29 Gb Total Space | 362,35 Gb Free Space | 80,11% Space Free | Partition Type: NTFS
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C57163B-5F2F-43BB-8458-C0BA9DCE612A}" = lport=445 | protocol=6 | dir=in | app=system |
"{13003616-553B-4D83-9565-2875E741596C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5185D5FF-EA84-4ABC-98EC-C9F7D040AAB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5583077A-66D0-4648-9C18-CEF8F72E653E}" = lport=138 | protocol=17 | dir=in | app=system |
"{59746162-EDEA-42FC-B5BB-A2D1B534CF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6613FF3F-19E3-4258-9091-409695B96DC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{68ED5855-7F29-422B-8A98-C85335690D61}" = lport=10243 | protocol=6 | dir=in | app=system |
"{727EEC4C-DA92-4E67-8562-4D03F051DC8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F9A1B7C-AF6C-41CB-B4DF-C43FA918D545}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E2DEA7A-2FCF-45F5-855D-2A003237F688}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B837533-FB98-4A30-B1BD-8F90D9AFC7F7}" = rport=445 | protocol=6 | dir=out | app=system |
"{A042F7F4-A360-4D33-9478-811F1022D30E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A22095BB-B1CF-412D-9675-45E8359E700F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4DA65B9-87C8-4AFA-906E-979A6A3C9B12}" = rport=137 | protocol=17 | dir=out | app=system |
"{A60A6F0E-7F62-4AF1-92F3-B065688DAAA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFAD6D2A-F151-4FA4-BE10-201AD95F52C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B6ADB83D-B14C-4515-9C73-D9F1FF5B9328}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B92DBD7D-B35F-4C91-A42B-E585E5812A7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0339EE6-EB1C-463C-BD7A-A48BEE004E83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C577AF0C-C835-4208-A256-CB25FFF5BEAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5FD4150-E3CA-499B-95D9-56D7CD8921F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9912A56-EE10-4848-A98A-F9DFD1160B0F}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF5A756B-C8F0-430C-8409-78063C771F07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F13E3F99-B71C-4FF4-9C52-ACC0AA806F9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAC6EB77-4258-4749-BB05-6B464AAB0B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD1B919-8351-4F13-9666-B24A4C48D81A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10C57118-DEFB-4D65-A2DE-D8BE280B29E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12C2E9CF-77A3-459C-8C10-D279A80775C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2432F66B-2838-4295-92C6-674F6E379284}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2609F2F3-4E75-4D82-B111-4D1796049279}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29FDFE04-3D4E-45A4-A01F-F0E99ACF707F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D1111E4-28CF-46FB-83AD-F696AB5F8967}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35888EE2-381A-47F4-9BD9-418C8230FB54}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3776A326-283E-4268-A545-2208E8CD8A30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{452221AF-70F1-4216-80C2-EBD82E9CDE77}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4A801EF0-3A18-4FB5-A818-072678066BB8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{5104AF8D-4EB3-4A67-A448-03D1FE84B1A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54C1E70F-7F5B-4A05-AAC4-3A6C3D953A59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{59DA9F60-43F8-4AD8-9BBD-20DD5833BA73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E7BBECD-EECE-4AF0-A642-D1868F7FCA5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61815BB3-8697-4D67-BDFC-3088F2A17FF2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{65011983-B5BC-4D77-9B68-51315AD64027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{699234E4-D765-4A78-B289-8B990F7C0191}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D3AC6D7-DB32-4E47-95F1-A878779F4C37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71C6A8F6-1334-42EC-A769-F5C79DE260FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{75695691-51F7-4C7E-B6A7-16BCB31D3D44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F78F448-A522-4C73-989F-8343AA559710}" = protocol=6 | dir=out | app=system |
"{7FF1CECF-82D7-4886-B781-81FDB7DDAEE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88EF47C0-AA63-4DB8-A20D-2191014F3EE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E8F95C6-D7D9-4074-B1DE-DF83ABEBF250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98CB5CAC-DEFB-4243-9221-C5DCED6F7BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3D7C341-FA02-47E2-8567-3DA1E7276A9F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B4E8F4A0-5981-4B97-BD12-86940F071033}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B81EB3B0-46D3-4E17-BE20-D6130C587E49}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BD7BD756-462E-4F1F-80FA-5652EEAD7C61}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D358106E-0FC2-4542-B122-09001DD5211D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFBF3223-21CE-4ADB-B5B6-C694AD1A7A31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E674EF7F-67D7-46F5-BCFB-0257397AB64F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E986BC44-1E9C-4FF7-AFC6-F3A5E77650C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F21AEC34-D175-478A-8615-F6D0C9C4A6FC}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2F7DFB21-184B-4959-B23A-18070B3D3B45}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"TCP Query User{38EE2315-0374-40CD-9162-F65E7515E93F}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3EDB9376-6479-4D1A-8235-009E55011B9A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{60B68C0C-356D-4735-83B2-74C62DCD312D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{627DE985-DA09-4547-9184-12E1B8B99D92}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe |
"TCP Query User{7F62A073-9A3F-4CD8-9F82-F4DB5BB65D0F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{D72A20BD-E1D9-4AF6-84FD-C8E41B6D8252}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{FCC016DB-4334-4042-9E36-D8593C26DAF3}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"UDP Query User{04AA899B-87CB-4A90-855F-15289511D72B}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0868BA7E-6B33-4822-8417-C5C5936069BA}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe |
"UDP Query User{16F4CC8D-822D-4F17-B57E-EE0BC1FCCCC0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{301515C5-6124-45AA-BD2C-1E627671592A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{88BB1EC1-0A05-4D72-B19B-D2F752B9A43B}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"UDP Query User{B0D8D767-4E06-4394-9736-9DCC4CDFD2E5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B7746CDA-611B-4E1F-97AB-1632087A03FD}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"UDP Query User{D546018A-D0D8-44C4-822E-9EFE48DD20FB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A43014F4-44F8-4539-8F87-C8471CB810B1}" = Cisco AnyConnect Secure Mobility Client
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B87F4F22-611D-403C-A2A0-55426DE07509}" = pdfforge Toolbar v6.1
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.3.2
"KaloMa_is1" = KaloMa 5.00beta20100607
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"McAfee Security Scan" = McAfee Security Scan Plus
"MozBackup" = MozBackup 1.5
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PremElem80" = Adobe Premiere Elements 8.0
"RealPlayer 12.0" = RealPlayer
"splashtop" = VAIO Quick Web Access
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO screensaver" = VAIO screensaver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.8
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2012 12:08:09 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23.04.2012 12:08:09 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
Error - 23.04.2012 12:08:09 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
Error - 23.04.2012 12:08:10 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23.04.2012 12:08:10 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012
Error - 23.04.2012 12:08:10 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
Error - 23.04.2012 12:08:11 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 23.04.2012 12:08:11 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
Error - 23.04.2012 12:08:11 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
Error - 23.04.2012 12:08:12 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 18.03.2013 08:05:13 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391725
(0xFE210013) Description: CERTIFICATE_ERROR_VERIFY_NAME_FAILED server name: 132.176.101.101
Error - 18.03.2013 08:05:48 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 18.03.2013 08:06:35 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 18.03.2013 08:06:38 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1336 NULL object. Cannot establish a connection at this time.
Error - 18.03.2013 08:10:08 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 18.03.2013 08:10:08 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 18.03.2013 08:10:08 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
Error - 18.03.2013 11:12:51 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CVerifyServerName::VerifyCertName File: .\Certificates\VerifyServerName.cpp
Line:
150 Certificate name verification has failed. Server Name: 132.176.101.101 Common Name(s):
webvpn.fernuni-hagen.de
Error - 18.03.2013 11:12:51 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: COpenSSLCertUtils::VerifyCertName File: .\Certificates\OpenSSLCertUtils.cpp
Line:
1310 Invoked Function: CVerifyServerName::VerifyCertName Return Code: -31391725 (0xFE210013)
Description:
CERTIFICATE_ERROR_VERIFY_NAME_FAILED
Error - 18.03.2013 11:12:51 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391725
(0xFE210013) Description: CERTIFICATE_ERROR_VERIFY_NAME_FAILED server name: 132.176.101.101
[ OSession Events ]
Error - 02.03.2013 05:44:41 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 56203
seconds with 7620 seconds of active time. This session ended with a crash.
Error - 02.03.2013 14:05:06 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30004
seconds with 5760 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 20.02.2013 14:26:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 20.02.2013 14:26:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 24.02.2013 08:39:23 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?02.?2013 um 13:38:23 unerwartet heruntergefahren.
Error - 24.02.2013 08:39:38 | Computer Name = ***-VAIO | Source = BugCheck | ID = 1001
Description =
Error - 18.03.2013 08:04:21 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062
Error - 18.03.2013 10:44:56 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 18.03.2013 10:44:57 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 18.03.2013 10:44:57 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 18.03.2013 10:44:58 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 18.03.2013 10:44:58 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
< End of report >
Code:
ATTFilter OTL logfile created on: 18.03.2013 16:14:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 48,87% Memory free 7,71 Gb Paging File | 5,57 Gb Available in Paging File | 72,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,29 Gb Total Space | 362,35 Gb Free Space | 80,11% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{31CF5488-1282-4CE7-BACF-DAC2D6103B66}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{4D7AE340-6731-4EE4-B8C1-DD73BA39A597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{7A28250A-EF45-4C6E-A2D2-9245F92B8167}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{8A139173-D5C3-4BB4-98C2-927617F6E246}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: firenes%40facundo.zaldo:2.0.2 FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8 FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:2.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.13.184 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.07 09:50:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.07 09:50:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.07.15 15:08:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.10.24 17:19:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M] [2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.15 09:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions [2013.03.15 09:20:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2013.03.01 18:10:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.27 08:04:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011.03.29 16:07:43 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\bkmrksync@nokia.com [2011.08.20 12:27:20 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\firefox@tvunetworks.com [2011.03.29 16:07:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\moveplayer@movenetworks.com [2011.06.16 09:02:15 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\toolbar@ask.com [2011.11.15 09:58:43 | 000,071,254 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\firenes@facundo.zaldo.xpi [2012.12.12 10:52:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.08 13:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 13:02:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 13:02:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.07.07 11:28:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 16:55:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.07 11:28:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.07 11:28:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.07 11:28:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.07 11:28:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DivX HiQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [Ywizanl] C:\Users\***\AppData\Roaming\Qoeg\ysow.exe (Корпорация Майкрософт) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 172.16.16.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c86757fc-59ed-11e0-9272-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c86757fc-59ed-11e0-9272-806e6f6e6963}\Shell\AutoRun\command - "" = D:\KODAK_Create@Home_Software(dm).exe O33 - MountPoints2\{df3cf012-f1a7-11e0-b537-889ffaddf14e}\Shell - "" = AutoRun O33 - MountPoints2\{df3cf012-f1a7-11e0-b537-889ffaddf14e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.18 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner [2013.03.16 16:46:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uvhiam [2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qoeg [2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Okynro [2013.03.14 22:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 16:16:01 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 16:15:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.13 16:15:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.13 16:15:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 16:15:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 16:15:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.13 16:15:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.13 16:15:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.13 16:15:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 16:15:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 16:15:54 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 16:15:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 16:15:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.13 16:15:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.13 16:15:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.12 10:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.08 13:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.21 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.18 16:12:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.18 16:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.18 15:26:13 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.18 15:26:13 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 15:26:13 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 15:26:13 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 15:26:13 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 13:12:59 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 13:12:59 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.18 13:04:41 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2013.03.15 09:03:24 | 000,673,298 | ---- | M] () -- C:\Users\***\Desktop\Diagnostik .pdf [2013.03.12 22:04:44 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 22:04:44 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.04 09:34:19 | 000,182,348 | ---- | M] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf [2013.03.02 22:29:57 | 000,113,872 | ---- | M] () -- C:\Users\***\Desktop\statistik im text.pdf [2013.02.28 20:34:23 | 000,118,681 | ---- | M] () -- C:\test.xml [2013.02.28 17:34:33 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.28 17:34:10 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.28 17:34:08 | 000,736,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.28 17:34:03 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.02.28 17:34:01 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.02.28 17:34:01 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.28 17:33:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.02.28 17:16:41 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.28 17:16:16 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.28 17:16:10 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.02.28 17:16:07 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.02.28 17:16:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.28 17:15:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.02.28 16:12:49 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.02.28 15:51:56 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.02.25 19:50:56 | 000,036,931 | ---- | M] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf [2013.02.25 18:47:50 | 007,918,036 | ---- | M] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf [2013.02.24 13:39:21 | 543,977,074 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.23 13:56:30 | 012,474,944 | ---- | M] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf [2013.02.23 12:27:53 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.15 09:03:22 | 000,673,298 | ---- | C] () -- C:\Users\***\Desktop\Diagnostik .pdf [2013.03.04 09:34:19 | 000,182,348 | ---- | C] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf [2013.03.02 22:29:57 | 000,113,872 | ---- | C] () -- C:\Users\***\Desktop\statistik im text.pdf [2013.02.25 19:50:53 | 000,036,931 | ---- | C] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf [2013.02.25 18:47:45 | 007,918,036 | ---- | C] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf [2013.02.23 09:19:29 | 012,474,944 | ---- | C] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf [2012.09.23 17:13:04 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.16 08:53:28 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.06 17:54:08 | 000,000,041 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan [2011.05.08 21:08:00 | 000,005,264 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.04.05 21:41:20 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.29 22:22:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
18.03.2013, 16:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir meldet TR/Rogue.kdv.901925 Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> AntiVir meldet TR/Rogue.kdv.901925 |
|
18.03.2013, 18:50
| #7 |
| | AntiVir meldet TR/Rogue.kdv.901925 So hier die nächsten Logs Gmer: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-18 17:19:16
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\***\AppData\Local\Temp\fgtyrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751f1465 2 bytes [1F, 75]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751f14bb 2 bytes [1F, 75]
.text ... * 2
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751f1465 2 bytes [1F, 75]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751f14bb 2 bytes [1F, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775508ac 4 bytes [68, A0, CF, 63]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775508b1 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007756260d 6 bytes [68, BD, 57, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007756c4aa 6 bytes [68, CB, D0, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077572a93 6 bytes [68, 03, 58, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077594170 6 bytes [68, 49, 58, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007759e6b5 6 bytes [68, 8F, 58, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW 0000000076c132f2 6 bytes [68, 34, D3, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\KERNEL32.dll!ExitProcess 0000000076c1734e 6 bytes [68, F3, D2, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076a5bbdb 6 bytes [68, B1, D3, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076a914fd 6 bytes [68, 9A, D3, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDC 0000000075107246 4 bytes [68, 92, 18, 63]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007510724b 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007510730e 6 bytes [68, 10, 19, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751079d8 4 bytes [68, D1, 18, 63]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751079dd 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075107d79 6 bytes [68, A5, 5D, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075107e92 6 bytes [68, 22, DE, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007510811b 6 bytes [68, 4A, DE, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075108bd6 6 bytes [68, C1, 5A, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075109ed3 6 bytes [68, 5B, 5B, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007510dd6d 6 bytes [68, AD, 5B, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075110112 6 bytes [68, 72, DE, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075110abb 6 bytes [68, F3, 59, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075110e0d 6 bytes [68, 55, DC, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075110e9a 4 bytes [68, F7, 17, 63]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075110e9f 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075110eba 4 bytes [68, 87, 17, 63]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075110ebf 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075112bc7 6 bytes [68, 23, DC, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075112dbd 6 bytes [68, 83, DD, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075112ec4 6 bytes [68, 33, DD, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075112ed1 4 bytes [68, D9, DC, 63]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075112ed6 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075113001 4 bytes [68, 37, 18, 63]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075113006 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075114b80 6 bytes [68, 0E, 5B, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075117af4 6 bytes [68, 3C, 5A, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007511808f 6 bytes [68, 1E, 59, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000751181e0 6 bytes [68, AD, 59, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075118632 6 bytes [68, D5, 58, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075118807 6 bytes [68, 67, 59, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007512ed58 6 bytes [68, 9D, DE, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007512f1fe 6 bytes [68, E3, 19, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007513011b 6 bytes [68, 50, 19, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000751497e4 6 bytes [68, 9F, 57, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075149c8d 6 bytes [68, 9C, DC, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075149f3b 6 bytes [68, 54, 5F, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007516895b 4 bytes [68, 4F, 57, 64]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075168960 1 byte [C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000760e3bed 6 bytes [68, 27, E3, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000760e6737 6 bytes [68, 38, DF, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000760e68a7 6 bytes [68, 80, E3, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!send 00000000760ec4c8 6 bytes [68, 5F, E3, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000760f7133 6 bytes [68, C8, DE, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000766112b0 6 bytes [68, 89, 7E, 63, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007670c83e 6 bytes [68, DC, 08, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007670cbc2 6 bytes [68, 7C, 0A, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007670e264 6 bytes [68, 49, 09, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007670eeb3 6 bytes [68, 62, 06, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076710352 6 bytes [68, 1E, 06, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 000000007671052b 6 bytes [68, DA, 05, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000767140df 6 bytes [68, 50, 0A, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076728e24 6 bytes [68, 0C, 07, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076728f4f 6 bytes [68, 46, 08, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076731301 6 bytes [68, 77, 09, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007676d2b3 6 bytes [68, F6, 09, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007678059a 6 bytes [68, A9, 07, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007678061d 6 bytes [68, 91, 08, 64, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076780680 6 bytes [68, B7, 06, 64, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775508ac 4 bytes [68, A0, CF, 84]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775508b1 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007756260d 6 bytes [68, BD, 57, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007756c4aa 6 bytes [68, CB, D0, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077572a93 6 bytes [68, 03, 58, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077594170 6 bytes [68, 49, 58, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007759e6b5 6 bytes [68, 8F, 58, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076c132f2 6 bytes [68, 34, D3, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000076c1734e 6 bytes [68, F3, D2, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076a5bbdb 6 bytes [68, B1, D3, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076a914fd 6 bytes [68, 9A, D3, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDC 0000000075107246 4 bytes [68, 92, 18, 84]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007510724b 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007510730e 6 bytes [68, 10, 19, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751079d8 4 bytes [68, D1, 18, 84]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751079dd 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075107d79 6 bytes [68, A5, 5D, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075107e92 6 bytes [68, 22, DE, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007510811b 6 bytes [68, 4A, DE, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075108bd6 6 bytes [68, C1, 5A, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075109ed3 6 bytes [68, 5B, 5B, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007510dd6d 6 bytes [68, AD, 5B, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075110112 6 bytes [68, 72, DE, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075110abb 6 bytes [68, F3, 59, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075110e0d 6 bytes [68, 55, DC, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075110e9a 4 bytes [68, F7, 17, 84]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075110e9f 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075110eba 4 bytes [68, 87, 17, 84]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075110ebf 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075112bc7 6 bytes [68, 23, DC, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075112dbd 6 bytes [68, 83, DD, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075112ec4 6 bytes [68, 33, DD, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075112ed1 4 bytes [68, D9, DC, 84]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075112ed6 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075113001 4 bytes [68, 37, 18, 84]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075113006 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075114b80 6 bytes [68, 0E, 5B, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075117af4 6 bytes [68, 3C, 5A, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007511808f 6 bytes [68, 1E, 59, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000751181e0 6 bytes [68, AD, 59, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075118632 6 bytes [68, D5, 58, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075118807 6 bytes [68, 67, 59, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007512ed58 6 bytes [68, 9D, DE, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007512f1fe 6 bytes [68, E3, 19, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007513011b 6 bytes [68, 50, 19, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000751497e4 6 bytes [68, 9F, 57, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075149c8d 6 bytes [68, 9C, DC, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075149f3b 6 bytes [68, 54, 5F, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007516895b 4 bytes [68, 4F, 57, 85]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075168960 1 byte [C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000766112b0 6 bytes [68, 89, 7E, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000760e3bed 6 bytes [68, 27, E3, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000760e6737 6 bytes [68, 38, DF, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000760e68a7 6 bytes [68, 80, E3, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!send 00000000760ec4c8 6 bytes [68, 5F, E3, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000760f7133 6 bytes [68, C8, DE, 84, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007670c83e 6 bytes [68, DC, 08, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007670cbc2 6 bytes [68, 7C, 0A, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007670e264 6 bytes [68, 49, 09, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007670eeb3 6 bytes [68, 62, 06, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076710352 6 bytes [68, 1E, 06, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 000000007671052b 6 bytes [68, DA, 05, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000767140df 6 bytes [68, 50, 0A, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076728e24 6 bytes [68, 0C, 07, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076728f4f 6 bytes [68, 46, 08, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076731301 6 bytes [68, 77, 09, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007676d2b3 6 bytes [68, F6, 09, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007678059a 6 bytes [68, A9, 07, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007678061d 6 bytes [68, 91, 08, 85, 00, C3]
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076780680 6 bytes [68, B7, 06, 85, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775508ac 4 bytes [68, A0, CF, 98]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775508b1 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007756260d 6 bytes [68, BD, 57, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007756c4aa 6 bytes [68, CB, D0, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077572a93 6 bytes [68, 03, 58, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077594170 6 bytes [68, 49, 58, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007759e6b5 6 bytes [68, 8F, 58, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076c132f2 6 bytes [68, 34, D3, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000076c1734e 6 bytes [68, F3, D2, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076a5bbdb 6 bytes [68, B1, D3, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076a914fd 6 bytes [68, 9A, D3, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDC 0000000075107246 4 bytes [68, 92, 18, 98]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007510724b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007510730e 6 bytes [68, 10, 19, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751079d8 4 bytes [68, D1, 18, 98]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751079dd 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075107d79 6 bytes [68, A5, 5D, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075107e92 6 bytes [68, 22, DE, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007510811b 6 bytes [68, 4A, DE, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075108bd6 6 bytes [68, C1, 5A, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075109ed3 6 bytes [68, 5B, 5B, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007510dd6d 6 bytes [68, AD, 5B, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075110112 6 bytes [68, 72, DE, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075110abb 6 bytes [68, F3, 59, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075110e0d 6 bytes [68, 55, DC, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075110e9a 4 bytes [68, F7, 17, 98]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075110e9f 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075110eba 4 bytes [68, 87, 17, 98]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075110ebf 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075112bc7 6 bytes [68, 23, DC, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075112dbd 6 bytes [68, 83, DD, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075112ec4 6 bytes [68, 33, DD, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075112ed1 4 bytes [68, D9, DC, 98]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075112ed6 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075113001 4 bytes [68, 37, 18, 98]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075113006 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075114b80 6 bytes [68, 0E, 5B, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075117af4 6 bytes [68, 3C, 5A, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007511808f 6 bytes [68, 1E, 59, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000751181e0 6 bytes [68, AD, 59, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075118632 6 bytes [68, D5, 58, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075118807 6 bytes [68, 67, 59, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007512ed58 6 bytes [68, 9D, DE, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007512f1fe 6 bytes [68, E3, 19, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007513011b 6 bytes [68, 50, 19, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000751497e4 6 bytes [68, 9F, 57, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075149c8d 6 bytes [68, 9C, DC, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075149f3b 6 bytes [68, 54, 5F, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007516895b 4 bytes [68, 4F, 57, 99]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075168960 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751f1465 2 bytes [1F, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751f14bb 2 bytes [1F, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007670c83e 6 bytes [68, DC, 08, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007670cbc2 6 bytes [68, 7C, 0A, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007670e264 6 bytes [68, 49, 09, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007670eeb3 6 bytes [68, 62, 06, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076710352 6 bytes [68, 1E, 06, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 000000007671052b 6 bytes [68, DA, 05, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000767140df 6 bytes [68, 50, 0A, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076728e24 6 bytes [68, 0C, 07, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076728f4f 6 bytes [68, 46, 08, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076731301 6 bytes [68, 77, 09, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007676d2b3 6 bytes [68, F6, 09, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007678059a 6 bytes [68, A9, 07, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007678061d 6 bytes [68, 91, 08, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076780680 6 bytes [68, B7, 06, 99, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000766112b0 6 bytes [68, 89, 7E, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000760e3bed 6 bytes [68, 27, E3, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000760e6737 6 bytes [68, 38, DF, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000760e68a7 6 bytes [68, 80, E3, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!send 00000000760ec4c8 6 bytes [68, 5F, E3, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000760f7133 6 bytes [68, C8, DE, 98, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000775508ac 4 bytes [68, A0, CF, 3D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5 00000000775508b1 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007756260d 6 bytes [68, BD, 57, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007756c4aa 6 bytes [68, CB, D0, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077572a93 6 bytes [68, 03, 58, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W 0000000077594170 6 bytes [68, 49, 58, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A 000000007759e6b5 6 bytes [68, 8F, 58, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW 0000000076c132f2 6 bytes [68, 34, D3, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\kernel32.dll!ExitProcess 0000000076c1734e 6 bytes [68, F3, D2, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW 0000000076a5bbdb 6 bytes [68, B1, D3, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076a914fd 6 bytes [68, 9A, D3, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDC 0000000075107246 4 bytes [68, 92, 18, 3D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDC + 5 000000007510724b 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!ReleaseDC 000000007510730e 6 bytes [68, 10, 19, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetWindowDC 00000000751079d8 4 bytes [68, D1, 18, 3D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5 00000000751079dd 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000075107d79 6 bytes [68, A5, 5D, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessageW 0000000075107e92 6 bytes [68, 22, DE, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessageA 000000007510811b 6 bytes [68, 4A, DE, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassW 0000000075108bd6 6 bytes [68, C1, 5A, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassExW 0000000075109ed3 6 bytes [68, 5B, 5B, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassExA 000000007510dd6d 6 bytes [68, AD, 5B, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!PeekMessageW 0000000075110112 6 bytes [68, 72, DE, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!CallWindowProcW 0000000075110abb 6 bytes [68, F3, 59, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075110e0d 6 bytes [68, 55, DC, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!EndPaint 0000000075110e9a 4 bytes [68, F7, 17, 3D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!EndPaint + 5 0000000075110e9f 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000075110eba 4 bytes [68, 87, 17, 3D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!BeginPaint + 5 0000000075110ebf 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessagePos 0000000075112bc7 6 bytes [68, 23, DC, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetCapture 0000000075112dbd 6 bytes [68, 83, DD, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!ReleaseCapture 0000000075112ec4 6 bytes [68, 33, DD, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SetCapture 0000000075112ed1 4 bytes [68, D9, DC, 3D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SetCapture + 5 0000000075112ed6 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDCEx 0000000075113001 4 bytes [68, 37, 18, 3D]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDCEx + 5 0000000075113006 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassA 0000000075114b80 6 bytes [68, 0E, 5B, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!CallWindowProcA 0000000075117af4 6 bytes [68, 3C, 5A, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefFrameProcA 000000007511808f 6 bytes [68, 1E, 59, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA 00000000751181e0 6 bytes [68, AD, 59, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefFrameProcW 0000000075118632 6 bytes [68, D5, 58, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW 0000000075118807 6 bytes [68, 67, 59, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!PeekMessageA 000000007512ed58 6 bytes [68, 9D, DE, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetUpdateRgn 000000007512f1fe 6 bytes [68, E3, 19, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetUpdateRect 000000007513011b 6 bytes [68, 50, 19, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SwitchDesktop 00000000751497e4 6 bytes [68, 9F, 57, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075149c8d 6 bytes [68, 9C, DC, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075149f3b 6 bytes [68, 54, 5F, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!OpenInputDesktop 000000007516895b 4 bytes [68, 4F, 57, 3E]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5 0000000075168960 1 byte [C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007670c83e 6 bytes [68, DC, 08, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007670cbc2 6 bytes [68, 7C, 0A, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007670e264 6 bytes [68, 49, 09, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 000000007670eeb3 6 bytes [68, 62, 06, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 0000000076710352 6 bytes [68, 1E, 06, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW 000000007671052b 6 bytes [68, DA, 05, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 00000000767140df 6 bytes [68, 50, 0A, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW 0000000076728e24 6 bytes [68, 0C, 07, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpEndRequestA 0000000076728f4f 6 bytes [68, 46, 08, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 0000000076731301 6 bytes [68, 77, 09, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer 000000007676d2b3 6 bytes [68, F6, 09, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA 000000007678059a 6 bytes [68, A9, 07, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpEndRequestW 000000007678061d 6 bytes [68, 91, 08, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 0000000076780680 6 bytes [68, B7, 06, 3E, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000766112b0 6 bytes [68, 89, 7E, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!closesocket 00000000760e3bed 6 bytes [68, 27, E3, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!getaddrinfo 00000000760e6737 6 bytes [68, 38, DF, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!WSASend 00000000760e68a7 6 bytes [68, 80, E3, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!send 00000000760ec4c8 6 bytes [68, 5F, E3, 3D, 00, C3]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!gethostbyname 00000000760f7133 6 bytes [68, C8, DE, 3D, 00, C3]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000751f1465 2 bytes [1F, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751f14bb 2 bytes [1F, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:5396] 000007fefb962a88
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:5412] 000007feec4dc0b0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:5216] 000007fef9345124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:2612] 000007feec449e68
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:3068] 000007feec4dc0b0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27b11
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaddf14e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaddf14e@f8db7ff96252 0xFC 0x76 0xF8 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38ed02c9
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27b11 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaddf14e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaddf14e@f8db7ff96252 0xFC 0x76 0xF8 0x1A ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38ed02c9 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.10
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-VAIO [administrator]
18.03.2013 17:42:35
mbar-log-2013-03-18 (17-42-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31359
Time elapsed: 19 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ywizanl (Trojan.Zbot) -> Data: C:\Users\***\AppData\Roaming\Qoeg\ysow.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\***\AppData\Roaming\Qoeg\ysow.exe (Trojan.Zbot) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.10
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-VAIO [administrator]
18.03.2013 18:35:58
mbar-log-2013-03-18 (18-35-58).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31323
Time elapsed: 21 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
18.03.2013, 23:25
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir meldet TR/Rogue.kdv.901925 aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 08:50
| #9 |
| | AntiVir meldet TR/Rogue.kdv.901925 so dann hier mal aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 07:52:45
-----------------------------
07:52:45.873 OS Version: Windows x64 6.1.7600
07:52:45.873 Number of processors: 4 586 0x2505
07:52:45.873 ComputerName: ***-VAIO UserName: ***
07:52:47.402 Initialize success
07:53:55.145 AVAST engine defs: 13031801
07:54:16.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:54:16.969 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
07:54:17.109 Disk 0 MBR read successfully
07:54:17.109 Disk 0 MBR scan
07:54:17.125 Disk 0 Windows 7 default MBR code
07:54:17.141 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13693 MB offset 2048
07:54:17.172 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28045312
07:54:17.187 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463145 MB offset 28250112
07:54:17.312 Disk 0 scanning C:\Windows\system32\drivers
07:54:34.582 Service scanning
07:55:07.967 Modules scanning
07:55:07.967 Disk 0 trace - called modules:
07:55:08.014 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
07:55:08.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006389060]
07:55:08.014 3 CLASSPNP.SYS[fffff88001ad943f] -> nt!IofCallDriver -> [0xfffffa80043438e0]
07:55:08.030 5 ACPI.sys[fffff88000eec781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004346050]
07:55:10.807 AVAST engine scan C:\Windows
07:55:13.973 AVAST engine scan C:\Windows\system32
08:00:54.790 AVAST engine scan C:\Windows\system32\drivers
08:01:14.604 AVAST engine scan C:\Users\***
08:19:45.145 AVAST engine scan C:\ProgramData
08:23:59.727 Scan finished successfully
08:30:04.240 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
08:30:04.256 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 08:31:31.0239 3924 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:31:31.0427 3924 ============================================================
08:31:31.0427 3924 Current date / time: 2013/03/19 08:31:31.0427
08:31:31.0427 3924 SystemInfo:
08:31:31.0427 3924
08:31:31.0427 3924 OS Version: 6.1.7600 ServicePack: 0.0
08:31:31.0427 3924 Product type: Workstation
08:31:31.0427 3924 ComputerName: ***-VAIO
08:31:31.0427 3924 UserName: ***
08:31:31.0427 3924 Windows directory: C:\Windows
08:31:31.0427 3924 System windows directory: C:\Windows
08:31:31.0427 3924 Running under WOW64
08:31:31.0427 3924 Processor architecture: Intel x64
08:31:31.0427 3924 Number of processors: 4
08:31:31.0427 3924 Page size: 0x1000
08:31:31.0427 3924 Boot type: Normal boot
08:31:31.0427 3924 ============================================================
08:31:32.0004 3924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:32.0019 3924 ============================================================
08:31:32.0019 3924 \Device\Harddisk0\DR0:
08:31:32.0019 3924 MBR partitions:
08:31:32.0019 3924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1ABF000, BlocksNum 0x32000
08:31:32.0019 3924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1000, BlocksNum 0x38894830
08:31:32.0019 3924 ============================================================
08:31:32.0035 3924 C: <-> \Device\Harddisk0\DR0\Partition2
08:31:32.0035 3924 ============================================================
08:31:32.0035 3924 Initialize success
08:31:32.0035 3924 ============================================================
08:32:02.0939 3160 ============================================================
08:32:02.0939 3160 Scan started
08:32:02.0939 3160 Mode: Manual; SigCheck; TDLFS;
08:32:02.0939 3160 ============================================================
08:32:04.0265 3160 ================ Scan system memory ========================
08:32:04.0265 3160 System memory - ok
08:32:04.0265 3160 ================ Scan services =============================
08:32:04.0670 3160 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:32:04.0889 3160 1394ohci - ok
08:32:04.0967 3160 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:32:05.0029 3160 ACDaemon - ok
08:32:05.0076 3160 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:32:05.0107 3160 ACPI - ok
08:32:05.0138 3160 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:32:05.0248 3160 AcpiPmi - ok
08:32:05.0326 3160 [ 5AE65DCD983077278A6173C2872BCA99 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
08:32:05.0357 3160 acsock - ok
08:32:05.0435 3160 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
08:32:05.0450 3160 AdobeActiveFileMonitor8.0 - ok
08:32:05.0544 3160 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:32:05.0560 3160 AdobeARMservice - ok
08:32:05.0700 3160 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:32:05.0731 3160 AdobeFlashPlayerUpdateSvc - ok
08:32:05.0794 3160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:32:05.0840 3160 adp94xx - ok
08:32:05.0872 3160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:32:05.0903 3160 adpahci - ok
08:32:05.0918 3160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:32:05.0934 3160 adpu320 - ok
08:32:05.0965 3160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:32:06.0168 3160 AeLookupSvc - ok
08:32:06.0262 3160 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
08:32:06.0386 3160 AFD - ok
08:32:06.0418 3160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:32:06.0449 3160 agp440 - ok
08:32:06.0480 3160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:32:06.0542 3160 ALG - ok
08:32:06.0574 3160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:32:06.0589 3160 aliide - ok
08:32:06.0620 3160 [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:32:06.0714 3160 AMD External Events Utility - ok
08:32:06.0776 3160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:32:06.0792 3160 amdide - ok
08:32:06.0823 3160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:32:06.0901 3160 AmdK8 - ok
08:32:07.0088 3160 [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:32:07.0369 3160 amdkmdag - ok
08:32:07.0432 3160 [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:32:07.0464 3160 amdkmdap - ok
08:32:07.0479 3160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:32:07.0542 3160 AmdPPM - ok
08:32:07.0573 3160 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:32:07.0589 3160 amdsata - ok
08:32:07.0635 3160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:32:07.0667 3160 amdsbs - ok
08:32:07.0713 3160 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:32:07.0729 3160 amdxata - ok
08:32:07.0807 3160 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:32:07.0854 3160 AntiVirSchedulerService - ok
08:32:07.0885 3160 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:32:07.0901 3160 AntiVirService - ok
08:32:07.0963 3160 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
08:32:07.0994 3160 ApfiltrService - ok
08:32:08.0041 3160 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
08:32:08.0166 3160 AppID - ok
08:32:08.0181 3160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:32:08.0244 3160 AppIDSvc - ok
08:32:08.0259 3160 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
08:32:08.0322 3160 Appinfo - ok
08:32:08.0400 3160 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:32:08.0415 3160 Apple Mobile Device - ok
08:32:08.0447 3160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:32:08.0479 3160 arc - ok
08:32:08.0510 3160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:32:08.0541 3160 arcsas - ok
08:32:08.0588 3160 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
08:32:08.0604 3160 ArcSoftKsUFilter - ok
08:32:08.0713 3160 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:32:08.0760 3160 aspnet_state - ok
08:32:08.0806 3160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:32:08.0884 3160 AsyncMac - ok
08:32:08.0947 3160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:32:08.0962 3160 atapi - ok
08:32:09.0040 3160 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\Windows\system32\DRIVERS\athrx.sys
08:32:09.0150 3160 athr - ok
08:32:09.0352 3160 [ EA244A8B88DE8B5986BF3B7903B063AF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:32:09.0430 3160 atikmdag - ok
08:32:09.0477 3160 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:32:09.0586 3160 AudioEndpointBuilder - ok
08:32:09.0602 3160 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:32:09.0633 3160 AudioSrv - ok
08:32:09.0664 3160 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
08:32:09.0664 3160 avgntflt - ok
08:32:09.0727 3160 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
08:32:09.0742 3160 avipbb - ok
08:32:09.0758 3160 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
08:32:09.0774 3160 avkmgr - ok
08:32:09.0836 3160 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:32:09.0945 3160 AxInstSV - ok
08:32:10.0008 3160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:32:10.0070 3160 b06bdrv - ok
08:32:10.0117 3160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:32:10.0179 3160 b57nd60a - ok
08:32:10.0210 3160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:32:10.0273 3160 BDESVC - ok
08:32:10.0304 3160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:32:10.0429 3160 Beep - ok
08:32:10.0476 3160 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
08:32:10.0522 3160 BFE - ok
08:32:10.0569 3160 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
08:32:10.0694 3160 BITS - ok
08:32:10.0725 3160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:32:10.0756 3160 blbdrive - ok
08:32:10.0834 3160 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:32:10.0881 3160 Bonjour Service - ok
08:32:10.0897 3160 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:32:10.0975 3160 bowser - ok
08:32:11.0022 3160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:32:11.0068 3160 BrFiltLo - ok
08:32:11.0084 3160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:32:11.0100 3160 BrFiltUp - ok
08:32:11.0131 3160 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
08:32:11.0209 3160 Browser - ok
08:32:11.0256 3160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:32:11.0334 3160 Brserid - ok
08:32:11.0349 3160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:32:11.0380 3160 BrSerWdm - ok
08:32:11.0412 3160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:32:11.0443 3160 BrUsbMdm - ok
08:32:11.0458 3160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:32:11.0474 3160 BrUsbSer - ok
08:32:11.0505 3160 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
08:32:11.0599 3160 BthEnum - ok
08:32:11.0630 3160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:32:11.0677 3160 BTHMODEM - ok
08:32:11.0708 3160 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
08:32:11.0739 3160 BthPan - ok
08:32:11.0802 3160 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
08:32:11.0864 3160 BTHPORT - ok
08:32:11.0880 3160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:32:11.0942 3160 bthserv - ok
08:32:11.0973 3160 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
08:32:11.0989 3160 BTHUSB - ok
08:32:12.0020 3160 [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
08:32:12.0051 3160 btwampfl - ok
08:32:12.0067 3160 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
08:32:12.0082 3160 btwaudio - ok
08:32:12.0114 3160 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
08:32:12.0129 3160 btwavdt - ok
08:32:12.0223 3160 [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:32:12.0301 3160 btwdins - ok
08:32:12.0316 3160 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
08:32:12.0332 3160 btwl2cap - ok
08:32:12.0363 3160 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
08:32:12.0363 3160 btwrchid - ok
08:32:12.0394 3160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:32:12.0535 3160 cdfs - ok
08:32:12.0566 3160 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:32:12.0582 3160 cdrom - ok
08:32:12.0628 3160 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
08:32:12.0691 3160 CertPropSvc - ok
08:32:12.0706 3160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:32:12.0738 3160 circlass - ok
08:32:12.0753 3160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:32:12.0769 3160 CLFS - ok
08:32:12.0800 3160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:32:12.0816 3160 clr_optimization_v2.0.50727_32 - ok
08:32:12.0862 3160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:32:12.0878 3160 clr_optimization_v2.0.50727_64 - ok
08:32:12.0940 3160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:32:13.0018 3160 clr_optimization_v4.0.30319_32 - ok
08:32:13.0050 3160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:32:13.0081 3160 clr_optimization_v4.0.30319_64 - ok
08:32:13.0096 3160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:32:13.0128 3160 CmBatt - ok
08:32:13.0159 3160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:32:13.0174 3160 cmdide - ok
08:32:13.0221 3160 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
08:32:13.0284 3160 CNG - ok
08:32:13.0315 3160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:32:13.0330 3160 Compbatt - ok
08:32:13.0346 3160 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:32:13.0377 3160 CompositeBus - ok
08:32:13.0393 3160 COMSysApp - ok
08:32:13.0408 3160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:32:13.0440 3160 crcdisk - ok
08:32:13.0486 3160 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:32:13.0549 3160 CryptSvc - ok
08:32:13.0580 3160 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:32:13.0705 3160 DcomLaunch - ok
08:32:13.0752 3160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:32:13.0814 3160 defragsvc - ok
08:32:13.0845 3160 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:32:13.0923 3160 DfsC - ok
08:32:13.0954 3160 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
08:32:14.0095 3160 Dhcp - ok
08:32:14.0126 3160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:32:14.0188 3160 discache - ok
08:32:14.0235 3160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:32:14.0266 3160 Disk - ok
08:32:14.0298 3160 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:32:14.0344 3160 Dnscache - ok
08:32:14.0391 3160 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
08:32:14.0485 3160 dot3svc - ok
08:32:14.0500 3160 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
08:32:14.0547 3160 DPS - ok
08:32:14.0563 3160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:32:14.0578 3160 drmkaud - ok
08:32:14.0625 3160 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:32:14.0656 3160 dtsoftbus01 - ok
08:32:14.0703 3160 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:32:14.0750 3160 DXGKrnl - ok
08:32:14.0781 3160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:32:14.0844 3160 EapHost - ok
08:32:14.0953 3160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:32:15.0078 3160 ebdrv - ok
08:32:15.0109 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
08:32:15.0187 3160 EFS - ok
08:32:15.0234 3160 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:32:15.0312 3160 ehRecvr - ok
08:32:15.0343 3160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:32:15.0405 3160 ehSched - ok
08:32:15.0452 3160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:32:15.0468 3160 elxstor - ok
08:32:15.0499 3160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:32:15.0514 3160 ErrDev - ok
08:32:15.0577 3160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:32:15.0639 3160 EventSystem - ok
08:32:15.0670 3160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:32:15.0733 3160 exfat - ok
08:32:15.0748 3160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:32:15.0826 3160 fastfat - ok
08:32:15.0873 3160 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
08:32:15.0967 3160 Fax - ok
08:32:15.0982 3160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:32:15.0998 3160 fdc - ok
08:32:16.0014 3160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:32:16.0076 3160 fdPHost - ok
08:32:16.0092 3160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:32:16.0138 3160 FDResPub - ok
08:32:16.0154 3160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:32:16.0170 3160 FileInfo - ok
08:32:16.0185 3160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:32:16.0216 3160 Filetrace - ok
08:32:16.0263 3160 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:32:16.0310 3160 FLEXnet Licensing Service - ok
08:32:16.0341 3160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:32:16.0357 3160 flpydisk - ok
08:32:16.0404 3160 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:32:16.0435 3160 FltMgr - ok
08:32:16.0482 3160 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
08:32:16.0560 3160 FontCache - ok
08:32:16.0606 3160 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:32:16.0638 3160 FontCache3.0.0.0 - ok
08:32:16.0638 3160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:32:16.0653 3160 FsDepends - ok
08:32:16.0700 3160 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:32:16.0716 3160 fssfltr - ok
08:32:16.0809 3160 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:32:16.0887 3160 fsssvc - ok
08:32:16.0918 3160 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:32:16.0934 3160 Fs_Rec - ok
08:32:16.0981 3160 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:32:16.0996 3160 fvevol - ok
08:32:17.0012 3160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:32:17.0028 3160 gagp30kx - ok
08:32:17.0059 3160 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:32:17.0074 3160 GEARAspiWDM - ok
08:32:17.0106 3160 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
08:32:17.0199 3160 gpsvc - ok
08:32:17.0215 3160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:32:17.0308 3160 hcw85cir - ok
08:32:17.0340 3160 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:32:17.0386 3160 HdAudAddService - ok
08:32:17.0418 3160 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:32:17.0464 3160 HDAudBus - ok
08:32:17.0496 3160 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
08:32:17.0496 3160 HECIx64 - ok
08:32:17.0511 3160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:32:17.0542 3160 HidBatt - ok
08:32:17.0558 3160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:32:17.0589 3160 HidBth - ok
08:32:17.0620 3160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:32:17.0636 3160 HidIr - ok
08:32:17.0652 3160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:32:17.0698 3160 hidserv - ok
08:32:17.0761 3160 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:32:17.0808 3160 HidUsb - ok
08:32:17.0839 3160 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:32:17.0917 3160 hkmsvc - ok
08:32:17.0932 3160 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:32:17.0995 3160 HomeGroupListener - ok
08:32:18.0010 3160 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:32:18.0042 3160 HomeGroupProvider - ok
08:32:18.0073 3160 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:32:18.0088 3160 HpSAMD - ok
08:32:18.0120 3160 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:32:18.0198 3160 HTTP - ok
08:32:18.0213 3160 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:32:18.0229 3160 hwpolicy - ok
08:32:18.0260 3160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:32:18.0276 3160 i8042prt - ok
08:32:18.0322 3160 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\drivers\iaStor.sys
08:32:18.0338 3160 iaStor - ok
08:32:18.0400 3160 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:32:18.0416 3160 IAStorDataMgrSvc - ok
08:32:18.0447 3160 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:32:18.0494 3160 iaStorV - ok
08:32:18.0541 3160 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:32:18.0588 3160 idsvc - ok
08:32:18.0806 3160 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:32:19.0118 3160 igfx ( UnsignedFile.Multi.Generic ) - warning
08:32:19.0118 3160 igfx - detected UnsignedFile.Multi.Generic (1)
08:32:19.0149 3160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:32:19.0165 3160 iirsp - ok
08:32:19.0212 3160 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
08:32:19.0290 3160 IKEEXT - ok
08:32:19.0352 3160 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
08:32:19.0414 3160 Impcd - ok
08:32:19.0508 3160 [ 526E482AFB586CB1CDD687869DECF686 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:32:19.0617 3160 IntcAzAudAddService - ok
08:32:19.0648 3160 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:32:19.0664 3160 IntcDAud ( UnsignedFile.Multi.Generic ) - warning
08:32:19.0664 3160 IntcDAud - detected UnsignedFile.Multi.Generic (1)
08:32:19.0695 3160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:32:19.0711 3160 intelide - ok
08:32:19.0726 3160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
08:32:19.0758 3160 intelppm - ok
08:32:19.0773 3160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:32:19.0804 3160 IPBusEnum - ok
08:32:19.0820 3160 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:32:19.0867 3160 IpFilterDriver - ok
08:32:19.0882 3160 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:32:19.0945 3160 iphlpsvc - ok
08:32:19.0960 3160 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:32:20.0007 3160 IPMIDRV - ok
08:32:20.0038 3160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:32:20.0101 3160 IPNAT - ok
08:32:20.0148 3160 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:32:20.0210 3160 iPod Service - ok
08:32:20.0241 3160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:32:20.0257 3160 IRENUM - ok
08:32:20.0288 3160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:32:20.0288 3160 isapnp - ok
08:32:20.0319 3160 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:32:20.0366 3160 iScsiPrt - ok
08:32:20.0382 3160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:32:20.0397 3160 kbdclass - ok
08:32:20.0413 3160 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:32:20.0460 3160 kbdhid - ok
08:32:20.0475 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
08:32:20.0491 3160 KeyIso - ok
08:32:20.0522 3160 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:32:20.0553 3160 KSecDD - ok
08:32:20.0569 3160 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:32:20.0584 3160 KSecPkg - ok
08:32:20.0616 3160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:32:20.0694 3160 ksthunk - ok
08:32:20.0725 3160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:32:20.0787 3160 KtmRm - ok
08:32:20.0818 3160 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:32:20.0881 3160 LanmanServer - ok
08:32:20.0912 3160 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:32:20.0974 3160 LanmanWorkstation - ok
08:32:20.0990 3160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:32:21.0037 3160 lltdio - ok
08:32:21.0068 3160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:32:21.0115 3160 lltdsvc - ok
08:32:21.0146 3160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:32:21.0177 3160 lmhosts - ok
08:32:21.0255 3160 [ 3D23191672D83E90D1CF63927EE98136 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:32:21.0286 3160 LMS - ok
08:32:21.0318 3160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:32:21.0349 3160 LSI_FC - ok
08:32:21.0380 3160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:32:21.0411 3160 LSI_SAS - ok
08:32:21.0411 3160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:32:21.0427 3160 LSI_SAS2 - ok
08:32:21.0442 3160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:32:21.0458 3160 LSI_SCSI - ok
08:32:21.0489 3160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:32:21.0520 3160 luafv - ok
08:32:21.0661 3160 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
08:32:21.0692 3160 McComponentHostService - ok
08:32:21.0723 3160 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:32:21.0754 3160 Mcx2Svc - ok
08:32:21.0770 3160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:32:21.0786 3160 megasas - ok
08:32:21.0817 3160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:32:21.0832 3160 MegaSR - ok
08:32:21.0848 3160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:32:21.0910 3160 MMCSS - ok
08:32:21.0926 3160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:32:21.0973 3160 Modem - ok
08:32:22.0020 3160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:32:22.0066 3160 monitor - ok
08:32:22.0082 3160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
08:32:22.0098 3160 mouclass - ok
08:32:22.0113 3160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
08:32:22.0144 3160 mouhid - ok
08:32:22.0160 3160 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:32:22.0176 3160 mountmgr - ok
08:32:22.0238 3160 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:32:22.0269 3160 MozillaMaintenance - ok
08:32:22.0300 3160 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\drivers\mpio.sys
08:32:22.0316 3160 mpio - ok
08:32:22.0332 3160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:32:22.0378 3160 mpsdrv - ok
08:32:22.0410 3160 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:32:22.0488 3160 MpsSvc - ok
08:32:22.0519 3160 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:32:22.0550 3160 MRxDAV - ok
08:32:22.0581 3160 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:32:22.0659 3160 mrxsmb - ok
08:32:22.0675 3160 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:32:22.0722 3160 mrxsmb10 - ok
08:32:22.0753 3160 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:32:22.0784 3160 mrxsmb20 - ok
08:32:22.0800 3160 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\drivers\msahci.sys
08:32:22.0815 3160 msahci - ok
08:32:22.0846 3160 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:32:22.0862 3160 msdsm - ok
08:32:22.0862 3160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:32:22.0893 3160 MSDTC - ok
08:32:22.0924 3160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:32:22.0956 3160 Msfs - ok
08:32:22.0971 3160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:32:23.0018 3160 mshidkmdf - ok
08:32:23.0018 3160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:32:23.0034 3160 msisadrv - ok
08:32:23.0080 3160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:32:23.0127 3160 MSiSCSI - ok
08:32:23.0127 3160 msiserver - ok
08:32:23.0158 3160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:32:23.0221 3160 MSKSSRV - ok
08:32:23.0236 3160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:32:23.0283 3160 MSPCLOCK - ok
08:32:23.0299 3160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:32:23.0346 3160 MSPQM - ok
08:32:23.0377 3160 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:32:23.0392 3160 MsRPC - ok
08:32:23.0408 3160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:32:23.0408 3160 mssmbios - ok
08:32:23.0439 3160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:32:23.0486 3160 MSTEE - ok
08:32:23.0502 3160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:32:23.0533 3160 MTConfig - ok
08:32:23.0548 3160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:32:23.0564 3160 Mup - ok
08:32:23.0580 3160 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
08:32:23.0642 3160 napagent - ok
08:32:23.0673 3160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:32:23.0704 3160 NativeWifiP - ok
08:32:23.0751 3160 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:32:23.0845 3160 NDIS - ok
08:32:23.0860 3160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:32:23.0923 3160 NdisCap - ok
08:32:23.0954 3160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:32:24.0016 3160 NdisTapi - ok
08:32:24.0032 3160 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:32:24.0079 3160 Ndisuio - ok
08:32:24.0094 3160 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:32:24.0141 3160 NdisWan - ok
08:32:24.0157 3160 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:32:24.0204 3160 NDProxy - ok
08:32:24.0219 3160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:32:24.0266 3160 NetBIOS - ok
08:32:24.0282 3160 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:32:24.0328 3160 NetBT - ok
08:32:24.0344 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
08:32:24.0344 3160 Netlogon - ok
08:32:24.0391 3160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:32:24.0438 3160 Netman - ok
08:32:24.0500 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0547 3160 NetMsmqActivator - ok
08:32:24.0562 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0578 3160 NetPipeActivator - ok
08:32:24.0609 3160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:32:24.0672 3160 netprofm - ok
08:32:24.0687 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0703 3160 NetTcpActivator - ok
08:32:24.0718 3160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0718 3160 NetTcpPortSharing - ok
08:32:24.0765 3160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:32:24.0781 3160 nfrd960 - ok
08:32:24.0828 3160 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:32:24.0921 3160 NlaSvc - ok
08:32:24.0952 3160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:32:24.0999 3160 Npfs - ok
08:32:24.0999 3160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:32:25.0062 3160 nsi - ok
08:32:25.0077 3160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:32:25.0108 3160 nsiproxy - ok
08:32:25.0186 3160 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:32:25.0280 3160 Ntfs - ok
08:32:25.0311 3160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:32:25.0405 3160 Null - ok
08:32:25.0467 3160 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:32:25.0498 3160 nvraid - ok
08:32:25.0514 3160 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:32:25.0530 3160 nvstor - ok
08:32:25.0545 3160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:32:25.0561 3160 nv_agp - ok
08:32:25.0654 3160 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:32:25.0686 3160 odserv - ok
08:32:25.0732 3160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:32:25.0779 3160 ohci1394 - ok
08:32:25.0826 3160 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:25.0842 3160 ose - ok
08:32:25.0888 3160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:32:25.0935 3160 p2pimsvc - ok
08:32:25.0966 3160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:32:25.0982 3160 p2psvc - ok
08:32:26.0013 3160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:32:26.0029 3160 Parport - ok
08:32:26.0060 3160 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:32:26.0076 3160 partmgr - ok
08:32:26.0091 3160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:32:26.0122 3160 PcaSvc - ok
08:32:26.0154 3160 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\drivers\pci.sys
08:32:26.0169 3160 pci - ok
08:32:26.0200 3160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:32:26.0216 3160 pciide - ok
08:32:26.0232 3160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:32:26.0247 3160 pcmcia - ok
08:32:26.0278 3160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:32:26.0278 3160 pcw - ok
08:32:26.0310 3160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:32:26.0356 3160 PEAUTH - ok
08:32:26.0419 3160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:32:26.0450 3160 PerfHost - ok
08:32:26.0497 3160 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
08:32:26.0590 3160 pla - ok
08:32:26.0622 3160 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:32:26.0653 3160 PlugPlay - ok
08:32:26.0715 3160 [ 80E85394D8CD7F84340B1C6F4B9D698F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
08:32:26.0762 3160 PMBDeviceInfoProvider - ok
08:32:26.0793 3160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:32:26.0809 3160 PNRPAutoReg - ok
08:32:26.0840 3160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:32:26.0856 3160 PNRPsvc - ok
08:32:26.0887 3160 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:32:26.0949 3160 PolicyAgent - ok
08:32:26.0980 3160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:32:27.0027 3160 Power - ok
08:32:27.0074 3160 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:32:27.0152 3160 PptpMiniport - ok
08:32:27.0168 3160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:32:27.0183 3160 Processor - ok
08:32:27.0230 3160 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
08:32:27.0308 3160 ProfSvc - ok
08:32:27.0324 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:32:27.0339 3160 ProtectedStorage - ok
08:32:27.0355 3160 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:32:27.0402 3160 Psched - ok
08:32:27.0433 3160 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:32:27.0448 3160 PxHlpa64 - ok
08:32:27.0495 3160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:32:27.0558 3160 ql2300 - ok
08:32:27.0573 3160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:32:27.0589 3160 ql40xx - ok
08:32:27.0620 3160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:32:27.0651 3160 QWAVE - ok
08:32:27.0682 3160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:32:27.0698 3160 QWAVEdrv - ok
08:32:27.0714 3160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:32:27.0760 3160 RasAcd - ok
08:32:27.0776 3160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:32:27.0823 3160 RasAgileVpn - ok
08:32:27.0838 3160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:32:27.0885 3160 RasAuto - ok
08:32:27.0916 3160 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:32:27.0963 3160 Rasl2tp - ok
08:32:27.0994 3160 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
08:32:28.0041 3160 RasMan - ok
08:32:28.0057 3160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:32:28.0104 3160 RasPppoe - ok
08:32:28.0119 3160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:32:28.0166 3160 RasSstp - ok
08:32:28.0197 3160 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:32:28.0228 3160 rdbss - ok
08:32:28.0244 3160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:32:28.0275 3160 rdpbus - ok
08:32:28.0275 3160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:32:28.0322 3160 RDPCDD - ok
08:32:28.0338 3160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:32:28.0384 3160 RDPENCDD - ok
08:32:28.0400 3160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:32:28.0431 3160 RDPREFMP - ok
08:32:28.0462 3160 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:32:28.0525 3160 RDPWD - ok
08:32:28.0572 3160 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:32:28.0603 3160 rdyboost - ok
08:32:28.0618 3160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:32:28.0696 3160 RemoteAccess - ok
08:32:28.0712 3160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:32:28.0774 3160 RemoteRegistry - ok
08:32:28.0806 3160 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
08:32:28.0852 3160 RFCOMM - ok
08:32:28.0884 3160 [ FA6ABC06B629DA29634D31F1FE0347BD ] rimspci C:\Windows\system32\drivers\rimssne64.sys
08:32:28.0915 3160 rimspci - ok
08:32:28.0962 3160 [ 8F8539A7F5C117D4407B2985995671F2 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
08:32:28.0977 3160 risdsnpe - ok
08:32:29.0008 3160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:32:29.0055 3160 RpcEptMapper - ok
08:32:29.0086 3160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:32:29.0102 3160 RpcLocator - ok
08:32:29.0118 3160 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
08:32:29.0164 3160 RpcSs - ok
08:32:29.0196 3160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:32:29.0242 3160 rspndr - ok
08:32:29.0289 3160 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
08:32:29.0305 3160 RTHDMIAzAudService - ok
08:32:29.0352 3160 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
08:32:29.0367 3160 s0017bus - ok
08:32:29.0398 3160 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
08:32:29.0430 3160 s0017mdfl - ok
08:32:29.0445 3160 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
08:32:29.0461 3160 s0017mdm - ok
08:32:29.0476 3160 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
08:32:29.0492 3160 s0017mgmt - ok
08:32:29.0523 3160 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
08:32:29.0523 3160 s0017nd5 - ok
08:32:29.0539 3160 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
08:32:29.0554 3160 s0017obex - ok
08:32:29.0570 3160 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
08:32:29.0586 3160 s0017unic - ok
08:32:29.0617 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
08:32:29.0632 3160 SamSs - ok
08:32:29.0648 3160 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:32:29.0664 3160 sbp2port - ok
08:32:29.0695 3160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:32:29.0742 3160 SCardSvr - ok
08:32:29.0757 3160 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:32:29.0804 3160 scfilter - ok
08:32:29.0835 3160 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
08:32:29.0913 3160 Schedule - ok
08:32:29.0944 3160 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:32:29.0976 3160 SCPolicySvc - ok
08:32:30.0007 3160 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
08:32:30.0069 3160 sdbus - ok
08:32:30.0100 3160 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:32:30.0163 3160 SDRSVC - ok
08:32:30.0194 3160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:32:30.0272 3160 secdrv - ok
08:32:30.0272 3160 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
08:32:30.0319 3160 seclogon - ok
08:32:30.0334 3160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:32:30.0381 3160 SENS - ok
08:32:30.0412 3160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:32:30.0459 3160 SensrSvc - ok
08:32:30.0490 3160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:32:30.0506 3160 Serenum - ok
08:32:30.0553 3160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:32:30.0600 3160 Serial - ok
08:32:30.0631 3160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:32:30.0662 3160 sermouse - ok
08:32:30.0709 3160 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
08:32:30.0771 3160 SessionEnv - ok
08:32:30.0802 3160 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
08:32:30.0849 3160 SFEP - ok
08:32:30.0865 3160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:32:30.0896 3160 sffdisk - ok
08:32:30.0912 3160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:32:30.0943 3160 sffp_mmc - ok
08:32:30.0958 3160 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:32:30.0990 3160 sffp_sd - ok
08:32:31.0005 3160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:32:31.0036 3160 sfloppy - ok
08:32:31.0068 3160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:32:31.0146 3160 SharedAccess - ok
08:32:31.0177 3160 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:32:31.0208 3160 ShellHWDetection - ok
08:32:31.0239 3160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:32:31.0255 3160 SiSRaid2 - ok
08:32:31.0270 3160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:32:31.0302 3160 SiSRaid4 - ok
08:32:31.0333 3160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:32:31.0411 3160 Smb - ok
08:32:31.0442 3160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:32:31.0473 3160 SNMPTRAP - ok
08:32:31.0536 3160 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
08:32:31.0567 3160 SOHCImp - ok
08:32:31.0582 3160 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
08:32:31.0614 3160 SOHDms - ok
08:32:31.0629 3160 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
08:32:31.0629 3160 SOHDs - ok
08:32:31.0707 3160 [ 5449FC97476F52E027409E703791E6A9 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
08:32:31.0738 3160 SpfService - ok
08:32:31.0754 3160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:32:31.0770 3160 spldr - ok
08:32:31.0801 3160 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
08:32:31.0894 3160 Spooler - ok
08:32:32.0004 3160 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
08:32:32.0144 3160 sppsvc - ok
08:32:32.0160 3160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:32:32.0206 3160 sppuinotify - ok
08:32:32.0238 3160 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:32:32.0316 3160 srv - ok
08:32:32.0331 3160 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:32:32.0362 3160 srv2 - ok
08:32:32.0378 3160 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:32:32.0409 3160 srvnet - ok
08:32:32.0440 3160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:32:32.0534 3160 SSDPSRV - ok
08:32:32.0550 3160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:32:32.0581 3160 SstpSvc - ok
08:32:32.0612 3160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:32:32.0628 3160 stexstor - ok
08:32:32.0659 3160 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
08:32:32.0674 3160 stisvc - ok
08:32:32.0690 3160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:32:32.0706 3160 swenum - ok
08:32:32.0721 3160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:32:32.0784 3160 swprv - ok
08:32:32.0830 3160 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
08:32:32.0940 3160 SysMain - ok
08:32:32.0955 3160 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:32:32.0971 3160 TabletInputService - ok
08:32:32.0986 3160 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
08:32:33.0033 3160 TapiSrv - ok
08:32:33.0049 3160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:32:33.0096 3160 TBS - ok
08:32:33.0174 3160 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:32:33.0283 3160 Tcpip - ok
08:32:33.0345 3160 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:32:33.0376 3160 TCPIP6 - ok
08:32:33.0408 3160 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:32:33.0439 3160 tcpipreg - ok
08:32:33.0454 3160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:32:33.0517 3160 TDPIPE - ok
08:32:33.0548 3160 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:32:33.0579 3160 TDTCP - ok
08:32:33.0610 3160 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:32:33.0673 3160 tdx - ok
08:32:33.0688 3160 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:32:33.0704 3160 TermDD - ok
08:32:33.0735 3160 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
08:32:33.0844 3160 TermService - ok
08:32:33.0860 3160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:32:33.0876 3160 Themes - ok
08:32:33.0907 3160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:32:33.0938 3160 THREADORDER - ok
08:32:33.0969 3160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:32:34.0016 3160 TrkWks - ok
08:32:34.0063 3160 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:32:34.0110 3160 TrustedInstaller - ok
08:32:34.0125 3160 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:32:34.0203 3160 tssecsrv - ok
08:32:34.0219 3160 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:32:34.0266 3160 tunnel - ok
08:32:34.0281 3160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:32:34.0281 3160 uagp35 - ok
08:32:34.0328 3160 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
08:32:34.0344 3160 uCamMonitor - ok
08:32:34.0359 3160 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:32:34.0453 3160 udfs - ok
08:32:34.0484 3160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:32:34.0500 3160 UI0Detect - ok
08:32:34.0515 3160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:32:34.0531 3160 uliagpkx - ok
08:32:34.0546 3160 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:32:34.0593 3160 umbus - ok
08:32:34.0640 3160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:32:34.0671 3160 UmPass - ok
08:32:34.0780 3160 [ 11A559E0F10CC5E788984023DF400A6F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:32:34.0890 3160 UNS - ok
08:32:34.0921 3160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:32:35.0014 3160 upnphost - ok
08:32:35.0046 3160 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:32:35.0077 3160 USBAAPL64 - ok
08:32:35.0124 3160 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:32:35.0170 3160 usbaudio - ok
08:32:35.0202 3160 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:32:35.0264 3160 usbccgp - ok
08:32:35.0280 3160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:32:35.0311 3160 usbcir - ok
08:32:35.0326 3160 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:32:35.0342 3160 usbehci - ok
08:32:35.0373 3160 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:32:35.0404 3160 usbhub - ok
08:32:35.0420 3160 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:32:35.0436 3160 usbohci - ok
08:32:35.0467 3160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:32:35.0514 3160 usbprint - ok
08:32:35.0545 3160 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:32:35.0607 3160 USBSTOR - ok
08:32:35.0623 3160 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:32:35.0654 3160 usbuhci - ok
08:32:35.0701 3160 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
08:32:35.0763 3160 usbvideo - ok
08:32:35.0779 3160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:32:35.0826 3160 UxSms - ok
08:32:35.0857 3160 [ A60605FC66552B421EE1F3D4EBB9A4E0 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
08:32:35.0888 3160 VAIO Event Service - ok
08:32:35.0950 3160 [ D469BE2723F79CF4B384680B1FDC577D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
08:32:36.0013 3160 VAIO Power Management - ok
08:32:36.0028 3160 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
08:32:36.0044 3160 VaultSvc - ok
08:32:36.0091 3160 [ 96EFA2698D6B9E2931609A3EA73FC5DC ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
08:32:36.0153 3160 VCFw - ok
08:32:36.0216 3160 [ 7BEBF6A5285FFC03C34A7297A4E177CB ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
08:32:36.0262 3160 VcmIAlzMgr - ok
08:32:36.0278 3160 [ E005B04DFCA99F5880C5111933194CA9 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
08:32:36.0309 3160 VcmINSMgr - ok
08:32:36.0340 3160 [ 829A32FD1334F72429CA0515760EB7A7 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
08:32:36.0340 3160 VcmXmlIfHelper - ok
08:32:36.0403 3160 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
08:32:36.0418 3160 VCService - ok
08:32:36.0450 3160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:32:36.0465 3160 vdrvroot - ok
08:32:36.0496 3160 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
08:32:36.0512 3160 vds - ok
08:32:36.0543 3160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:32:36.0559 3160 vga - ok
08:32:36.0574 3160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:32:36.0621 3160 VgaSave - ok
08:32:36.0652 3160 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:32:36.0668 3160 vhdmp - ok
08:32:36.0684 3160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:32:36.0699 3160 viaide - ok
08:32:36.0730 3160 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:32:36.0746 3160 volmgr - ok
08:32:36.0762 3160 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:32:36.0777 3160 volmgrx - ok
08:32:36.0824 3160 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:32:36.0855 3160 volsnap - ok
08:32:36.0933 3160 [ B671E1CE912B85478DAC11C7A210B6F6 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
08:32:36.0980 3160 vpnagent - ok
08:32:37.0042 3160 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
08:32:37.0058 3160 vpnva - ok
08:32:37.0105 3160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:32:37.0136 3160 vsmraid - ok
08:32:37.0198 3160 [ A7EB62C664A03901165290A714BD48D0 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
08:32:37.0261 3160 VSNService ( UnsignedFile.Multi.Generic ) - warning
08:32:37.0261 3160 VSNService - detected UnsignedFile.Multi.Generic (1)
08:32:37.0323 3160 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
08:32:37.0417 3160 VSS - ok
08:32:37.0573 3160 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
08:32:37.0698 3160 VUAgent - ok
08:32:37.0713 3160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:32:37.0729 3160 vwifibus - ok
08:32:37.0760 3160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:32:37.0791 3160 vwififlt - ok
08:32:37.0838 3160 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:32:37.0854 3160 vwifimp - ok
08:32:37.0885 3160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:32:37.0947 3160 W32Time - ok
08:32:37.0978 3160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:32:37.0994 3160 WacomPen - ok
08:32:38.0010 3160 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:32:38.0072 3160 WANARP - ok
08:32:38.0072 3160 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:32:38.0103 3160 Wanarpv6 - ok
08:32:38.0150 3160 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
08:32:38.0228 3160 wbengine - ok
08:32:38.0259 3160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:32:38.0275 3160 WbioSrvc - ok
08:32:38.0306 3160 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:32:38.0337 3160 wcncsvc - ok
08:32:38.0353 3160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:32:38.0400 3160 WcsPlugInService - ok
08:32:38.0431 3160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:32:38.0446 3160 Wd - ok
08:32:38.0493 3160 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:32:38.0540 3160 Wdf01000 - ok
08:32:38.0556 3160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:32:38.0587 3160 WdiServiceHost - ok
08:32:38.0587 3160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:32:38.0602 3160 WdiSystemHost - ok
08:32:38.0634 3160 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
08:32:38.0680 3160 WebClient - ok
08:32:38.0696 3160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:32:38.0743 3160 Wecsvc - ok
08:32:38.0774 3160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:32:38.0868 3160 wercplsupport - ok
08:32:38.0883 3160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:32:38.0946 3160 WerSvc - ok
08:32:38.0977 3160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:32:39.0008 3160 WfpLwf - ok
08:32:39.0024 3160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:32:39.0039 3160 WIMMount - ok
08:32:39.0055 3160 WinDefend - ok
08:32:39.0055 3160 WinHttpAutoProxySvc - ok
08:32:39.0102 3160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:32:39.0148 3160 Winmgmt - ok
08:32:39.0211 3160 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
08:32:39.0351 3160 WinRM - ok
08:32:39.0398 3160 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:32:39.0429 3160 WinUsb - ok
08:32:39.0476 3160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:32:39.0523 3160 Wlansvc - ok
08:32:39.0601 3160 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:32:39.0616 3160 wlcrasvc - ok
08:32:39.0710 3160 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:32:39.0819 3160 wlidsvc - ok
08:32:39.0850 3160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:32:39.0850 3160 WmiAcpi - ok
08:32:39.0897 3160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:32:39.0928 3160 wmiApSrv - ok
08:32:39.0960 3160 WMPNetworkSvc - ok
08:32:40.0069 3160 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
08:32:40.0116 3160 WMZuneComm - ok
08:32:40.0147 3160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:32:40.0194 3160 WPCSvc - ok
08:32:40.0209 3160 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:32:40.0256 3160 WPDBusEnum - ok
08:32:40.0272 3160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:32:40.0334 3160 ws2ifsl - ok
08:32:40.0365 3160 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
08:32:40.0381 3160 wscsvc - ok
08:32:40.0396 3160 WSearch - ok
08:32:40.0459 3160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:32:40.0552 3160 wuauserv - ok
08:32:40.0568 3160 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:32:40.0615 3160 WudfPf - ok
08:32:40.0662 3160 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:32:40.0708 3160 WUDFRd - ok
08:32:40.0740 3160 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:32:40.0786 3160 wudfsvc - ok
08:32:40.0818 3160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:32:40.0849 3160 WwanSvc - ok
08:32:40.0896 3160 [ 5250193EF8E173AA7491250F00EB367F ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
08:32:40.0927 3160 yukonw7 - ok
08:32:41.0145 3160 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
08:32:41.0426 3160 ZuneNetworkSvc - ok
08:32:41.0488 3160 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
08:32:41.0535 3160 ZuneWlanCfgSvc - ok
08:32:41.0598 3160 ================ Scan global ===============================
08:32:41.0613 3160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:32:41.0660 3160 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
08:32:41.0738 3160 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
08:32:41.0785 3160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:32:41.0816 3160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:32:41.0832 3160 [Global] - ok
08:32:41.0832 3160 ================ Scan MBR ==================================
08:32:41.0847 3160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:32:42.0300 3160 \Device\Harddisk0\DR0 - ok
08:32:42.0300 3160 ================ Scan VBR ==================================
08:32:42.0300 3160 [ 25FBBBDC5860CDB4FBDFEF6F7339852D ] \Device\Harddisk0\DR0\Partition1
08:32:42.0300 3160 \Device\Harddisk0\DR0\Partition1 - ok
08:32:42.0346 3160 [ F531585E13AAC193649EB59B87534786 ] \Device\Harddisk0\DR0\Partition2
08:32:42.0346 3160 \Device\Harddisk0\DR0\Partition2 - ok
08:32:42.0346 3160 ============================================================
08:32:42.0346 3160 Scan finished
08:32:42.0346 3160 ============================================================
08:32:42.0362 1128 Detected object count: 3
08:32:42.0362 1128 Actual detected object count: 3
08:34:30.0081 1128 igfx ( UnsignedFile.Multi.Generic ) - skipped by user
08:34:30.0081 1128 igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:34:30.0081 1128 IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
08:34:30.0081 1128 IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:34:30.0081 1128 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
08:34:30.0081 1128 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:34:40.0898 2388 ============================================================
08:34:40.0898 2388 Scan started
08:34:40.0898 2388 Mode: Manual; SigCheck; TDLFS;
08:34:40.0898 2388 ============================================================
08:34:41.0226 2388 ================ Scan system memory ========================
08:34:41.0226 2388 System memory - ok
08:34:41.0226 2388 ================ Scan services =============================
08:34:41.0413 2388 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:34:41.0476 2388 1394ohci - ok
08:34:41.0569 2388 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:34:41.0585 2388 ACDaemon - ok
08:34:41.0632 2388 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:34:41.0663 2388 ACPI - ok
08:34:41.0678 2388 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:34:41.0694 2388 AcpiPmi - ok
08:34:41.0725 2388 [ 5AE65DCD983077278A6173C2872BCA99 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
08:34:41.0725 2388 acsock - ok
08:34:41.0866 2388 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
08:34:41.0881 2388 AdobeActiveFileMonitor8.0 - ok
08:34:41.0944 2388 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:34:41.0959 2388 AdobeARMservice - ok
08:34:42.0053 2388 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:34:42.0084 2388 AdobeFlashPlayerUpdateSvc - ok
08:34:42.0131 2388 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:34:42.0146 2388 adp94xx - ok
08:34:42.0178 2388 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:34:42.0193 2388 adpahci - ok
08:34:42.0224 2388 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:34:42.0240 2388 adpu320 - ok
08:34:42.0256 2388 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:34:42.0287 2388 AeLookupSvc - ok
08:34:42.0349 2388 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
08:34:42.0380 2388 AFD - ok
08:34:42.0380 2388 Scan interrupted by user!
08:34:42.0380 2388 ================ Scan global ===============================
08:34:42.0380 2388 Scan interrupted by user!
08:34:42.0380 2388 ================ Scan MBR ==================================
08:34:42.0380 2388 Scan interrupted by user!
08:34:42.0380 2388 ================ Scan VBR ==================================
08:34:42.0380 2388 Scan interrupted by user!
08:34:42.0380 2388 ============================================================
08:34:42.0380 2388 Scan finished
08:34:42.0380 2388 ============================================================
08:34:42.0396 4172 Detected object count: 0
08:34:42.0396 4172 Actual detected object count: 0
08:34:44.0393 5964 Deinitialize success
|
|
19.03.2013, 12:27
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir meldet TR/Rogue.kdv.901925Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 12:37
| #11 |
| | AntiVir meldet TR/Rogue.kdv.901925 tut mir leid ich bin ausversehen vorhin ein zweites mal auf start gegangen und habe gleich abgebrochen.. naja hab es jetzt nochmal scannen lassen..: Code:
ATTFilter 12:34:01.0087 5648 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:34:01.0243 5648 ============================================================
12:34:01.0243 5648 Current date / time: 2013/03/19 12:34:01.0243
12:34:01.0243 5648 SystemInfo:
12:34:01.0243 5648
12:34:01.0243 5648 OS Version: 6.1.7600 ServicePack: 0.0
12:34:01.0243 5648 Product type: Workstation
12:34:01.0243 5648 ComputerName: ***-VAIO
12:34:01.0243 5648 UserName: ***
12:34:01.0243 5648 Windows directory: C:\Windows
12:34:01.0243 5648 System windows directory: C:\Windows
12:34:01.0243 5648 Running under WOW64
12:34:01.0243 5648 Processor architecture: Intel x64
12:34:01.0243 5648 Number of processors: 4
12:34:01.0243 5648 Page size: 0x1000
12:34:01.0243 5648 Boot type: Normal boot
12:34:01.0243 5648 ============================================================
12:34:01.0789 5648 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:34:01.0805 5648 ============================================================
12:34:01.0805 5648 \Device\Harddisk0\DR0:
12:34:01.0805 5648 MBR partitions:
12:34:01.0805 5648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1ABF000, BlocksNum 0x32000
12:34:01.0805 5648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1000, BlocksNum 0x38894830
12:34:01.0805 5648 ============================================================
12:34:01.0821 5648 C: <-> \Device\Harddisk0\DR0\Partition2
12:34:01.0821 5648 ============================================================
12:34:01.0821 5648 Initialize success
12:34:01.0821 5648 ============================================================
12:34:17.0577 1760 ============================================================
12:34:17.0577 1760 Scan started
12:34:17.0577 1760 Mode: Manual; SigCheck; TDLFS;
12:34:17.0577 1760 ============================================================
12:34:17.0967 1760 ================ Scan system memory ========================
12:34:17.0967 1760 System memory - ok
12:34:17.0967 1760 ================ Scan services =============================
12:34:18.0123 1760 [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:34:18.0185 1760 1394ohci - ok
12:34:18.0263 1760 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:34:18.0294 1760 ACDaemon - ok
12:34:18.0341 1760 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:34:18.0357 1760 ACPI - ok
12:34:18.0388 1760 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:34:18.0403 1760 AcpiPmi - ok
12:34:18.0481 1760 [ 5AE65DCD983077278A6173C2872BCA99 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
12:34:18.0513 1760 acsock - ok
12:34:18.0575 1760 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
12:34:18.0606 1760 AdobeActiveFileMonitor8.0 - ok
12:34:18.0700 1760 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:34:18.0731 1760 AdobeARMservice - ok
12:34:18.0840 1760 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:34:18.0871 1760 AdobeFlashPlayerUpdateSvc - ok
12:34:18.0918 1760 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:34:18.0965 1760 adp94xx - ok
12:34:18.0996 1760 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:34:19.0012 1760 adpahci - ok
12:34:19.0027 1760 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:34:19.0043 1760 adpu320 - ok
12:34:19.0059 1760 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:34:19.0090 1760 AeLookupSvc - ok
12:34:19.0152 1760 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
12:34:19.0215 1760 AFD - ok
12:34:19.0246 1760 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:34:19.0261 1760 agp440 - ok
12:34:19.0261 1760 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:34:19.0277 1760 ALG - ok
12:34:19.0308 1760 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:34:19.0324 1760 aliide - ok
12:34:19.0355 1760 [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:34:19.0355 1760 AMD External Events Utility - ok
12:34:19.0386 1760 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:34:19.0386 1760 amdide - ok
12:34:19.0417 1760 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:34:19.0433 1760 AmdK8 - ok
12:34:19.0651 1760 [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:34:19.0729 1760 amdkmdag - ok
12:34:19.0761 1760 [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:34:19.0776 1760 amdkmdap - ok
12:34:19.0792 1760 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:34:19.0807 1760 AmdPPM - ok
12:34:19.0839 1760 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:34:19.0870 1760 amdsata - ok
12:34:19.0901 1760 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:34:19.0917 1760 amdsbs - ok
12:34:19.0932 1760 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:34:19.0948 1760 amdxata - ok
12:34:20.0057 1760 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:34:20.0073 1760 AntiVirSchedulerService - ok
12:34:20.0104 1760 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:34:20.0119 1760 AntiVirService - ok
12:34:20.0166 1760 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
12:34:20.0197 1760 ApfiltrService - ok
12:34:20.0244 1760 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
12:34:20.0275 1760 AppID - ok
12:34:20.0307 1760 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:34:20.0353 1760 AppIDSvc - ok
12:34:20.0369 1760 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
12:34:20.0385 1760 Appinfo - ok
12:34:20.0463 1760 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:34:20.0494 1760 Apple Mobile Device - ok
12:34:20.0525 1760 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:34:20.0541 1760 arc - ok
12:34:20.0572 1760 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:34:20.0587 1760 arcsas - ok
12:34:20.0603 1760 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:34:20.0619 1760 ArcSoftKsUFilter - ok
12:34:20.0697 1760 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:34:20.0728 1760 aspnet_state - ok
12:34:20.0759 1760 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:34:20.0806 1760 AsyncMac - ok
12:34:20.0853 1760 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:34:20.0884 1760 atapi - ok
12:34:20.0946 1760 [ CCA705CDF038D5BC243203CE4416B345 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:34:20.0993 1760 athr - ok
12:34:21.0196 1760 [ EA244A8B88DE8B5986BF3B7903B063AF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:34:21.0274 1760 atikmdag - ok
12:34:21.0352 1760 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:34:21.0414 1760 AudioEndpointBuilder - ok
12:34:21.0461 1760 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:34:21.0539 1760 AudioSrv - ok
12:34:21.0570 1760 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:34:21.0570 1760 avgntflt - ok
12:34:21.0617 1760 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:34:21.0648 1760 avipbb - ok
12:34:21.0648 1760 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:34:21.0664 1760 avkmgr - ok
12:34:21.0726 1760 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:34:21.0773 1760 AxInstSV - ok
12:34:21.0804 1760 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:34:21.0835 1760 b06bdrv - ok
12:34:21.0882 1760 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:34:21.0898 1760 b57nd60a - ok
12:34:21.0913 1760 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:34:21.0929 1760 BDESVC - ok
12:34:21.0929 1760 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:34:21.0976 1760 Beep - ok
12:34:22.0007 1760 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
12:34:22.0054 1760 BFE - ok
12:34:22.0101 1760 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
12:34:22.0163 1760 BITS - ok
12:34:22.0194 1760 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:34:22.0210 1760 blbdrive - ok
12:34:22.0272 1760 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:34:22.0303 1760 Bonjour Service - ok
12:34:22.0350 1760 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:34:22.0397 1760 bowser - ok
12:34:22.0428 1760 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:34:22.0459 1760 BrFiltLo - ok
12:34:22.0475 1760 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:34:22.0491 1760 BrFiltUp - ok
12:34:22.0537 1760 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
12:34:22.0553 1760 Browser - ok
12:34:22.0584 1760 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:34:22.0600 1760 Brserid - ok
12:34:22.0615 1760 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:34:22.0631 1760 BrSerWdm - ok
12:34:22.0662 1760 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:34:22.0678 1760 BrUsbMdm - ok
12:34:22.0678 1760 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:34:22.0693 1760 BrUsbSer - ok
12:34:22.0740 1760 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:34:22.0771 1760 BthEnum - ok
12:34:22.0803 1760 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:34:22.0849 1760 BTHMODEM - ok
12:34:22.0865 1760 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:34:22.0881 1760 BthPan - ok
12:34:22.0927 1760 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:34:22.0943 1760 BTHPORT - ok
12:34:22.0974 1760 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:34:23.0005 1760 bthserv - ok
12:34:23.0052 1760 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:34:23.0052 1760 BTHUSB - ok
12:34:23.0099 1760 [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
12:34:23.0130 1760 btwampfl - ok
12:34:23.0161 1760 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:34:23.0161 1760 btwaudio - ok
12:34:23.0224 1760 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
12:34:23.0239 1760 btwavdt - ok
12:34:23.0333 1760 [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:34:23.0395 1760 btwdins - ok
12:34:23.0427 1760 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
12:34:23.0427 1760 btwl2cap - ok
12:34:23.0458 1760 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:34:23.0458 1760 btwrchid - ok
12:34:23.0489 1760 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:34:23.0520 1760 cdfs - ok
12:34:23.0551 1760 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:34:23.0567 1760 cdrom - ok
12:34:23.0598 1760 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
12:34:23.0629 1760 CertPropSvc - ok
12:34:23.0645 1760 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:34:23.0661 1760 circlass - ok
12:34:23.0692 1760 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:34:23.0707 1760 CLFS - ok
12:34:23.0739 1760 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:34:23.0770 1760 clr_optimization_v2.0.50727_32 - ok
12:34:23.0801 1760 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:34:23.0832 1760 clr_optimization_v2.0.50727_64 - ok
12:34:23.0895 1760 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:34:23.0926 1760 clr_optimization_v4.0.30319_32 - ok
12:34:23.0926 1760 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:34:23.0941 1760 clr_optimization_v4.0.30319_64 - ok
12:34:23.0973 1760 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:34:23.0973 1760 CmBatt - ok
12:34:24.0004 1760 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:34:24.0019 1760 cmdide - ok
12:34:24.0051 1760 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
12:34:24.0082 1760 CNG - ok
12:34:24.0113 1760 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:34:24.0129 1760 Compbatt - ok
12:34:24.0160 1760 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:34:24.0191 1760 CompositeBus - ok
12:34:24.0207 1760 COMSysApp - ok
12:34:24.0238 1760 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:34:24.0238 1760 crcdisk - ok
12:34:24.0285 1760 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:34:24.0316 1760 CryptSvc - ok
12:34:24.0347 1760 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:34:24.0394 1760 DcomLaunch - ok
12:34:24.0425 1760 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:34:24.0472 1760 defragsvc - ok
12:34:24.0519 1760 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:34:24.0550 1760 DfsC - ok
12:34:24.0581 1760 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
12:34:24.0612 1760 Dhcp - ok
12:34:24.0628 1760 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:34:24.0659 1760 discache - ok
12:34:24.0706 1760 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:34:24.0737 1760 Disk - ok
12:34:24.0784 1760 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:34:24.0799 1760 Dnscache - ok
12:34:24.0831 1760 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
12:34:24.0877 1760 dot3svc - ok
12:34:24.0893 1760 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
12:34:24.0940 1760 DPS - ok
12:34:24.0955 1760 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:34:24.0971 1760 drmkaud - ok
12:34:25.0002 1760 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:34:25.0018 1760 dtsoftbus01 - ok
12:34:25.0065 1760 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:34:25.0111 1760 DXGKrnl - ok
12:34:25.0143 1760 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:34:25.0174 1760 EapHost - ok
12:34:25.0283 1760 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:34:25.0330 1760 ebdrv - ok
12:34:25.0361 1760 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
12:34:25.0377 1760 EFS - ok
12:34:25.0439 1760 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:34:25.0486 1760 ehRecvr - ok
12:34:25.0517 1760 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:34:25.0533 1760 ehSched - ok
12:34:25.0579 1760 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:34:25.0611 1760 elxstor - ok
12:34:25.0642 1760 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:34:25.0657 1760 ErrDev - ok
12:34:25.0704 1760 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:34:25.0767 1760 EventSystem - ok
12:34:25.0798 1760 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:34:25.0829 1760 exfat - ok
12:34:25.0845 1760 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:34:25.0876 1760 fastfat - ok
12:34:25.0923 1760 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
12:34:25.0938 1760 Fax - ok
12:34:25.0954 1760 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:34:25.0969 1760 fdc - ok
12:34:25.0969 1760 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:34:26.0016 1760 fdPHost - ok
12:34:26.0016 1760 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:34:26.0063 1760 FDResPub - ok
12:34:26.0079 1760 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:34:26.0094 1760 FileInfo - ok
12:34:26.0110 1760 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:34:26.0141 1760 Filetrace - ok
12:34:26.0188 1760 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:34:26.0250 1760 FLEXnet Licensing Service - ok
12:34:26.0266 1760 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:34:26.0281 1760 flpydisk - ok
12:34:26.0313 1760 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:34:26.0328 1760 FltMgr - ok
12:34:26.0359 1760 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
12:34:26.0406 1760 FontCache - ok
12:34:26.0453 1760 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:34:26.0469 1760 FontCache3.0.0.0 - ok
12:34:26.0484 1760 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:34:26.0500 1760 FsDepends - ok
12:34:26.0547 1760 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
12:34:26.0562 1760 fssfltr - ok
12:34:26.0625 1760 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:34:26.0718 1760 fsssvc - ok
12:34:26.0765 1760 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:34:26.0765 1760 Fs_Rec - ok
12:34:26.0812 1760 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:34:26.0843 1760 fvevol - ok
12:34:26.0874 1760 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:34:26.0874 1760 gagp30kx - ok
12:34:26.0921 1760 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:34:26.0937 1760 GEARAspiWDM - ok
12:34:26.0983 1760 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
12:34:27.0030 1760 gpsvc - ok
12:34:27.0046 1760 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:34:27.0061 1760 hcw85cir - ok
12:34:27.0093 1760 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:34:27.0108 1760 HdAudAddService - ok
12:34:27.0124 1760 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:34:27.0139 1760 HDAudBus - ok
12:34:27.0155 1760 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\drivers\HECIx64.sys
12:34:27.0171 1760 HECIx64 - ok
12:34:27.0171 1760 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:34:27.0186 1760 HidBatt - ok
12:34:27.0202 1760 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:34:27.0217 1760 HidBth - ok
12:34:27.0249 1760 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:34:27.0264 1760 HidIr - ok
12:34:27.0280 1760 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:34:27.0327 1760 hidserv - ok
12:34:27.0373 1760 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:34:27.0389 1760 HidUsb - ok
12:34:27.0420 1760 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:34:27.0483 1760 hkmsvc - ok
12:34:27.0498 1760 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:34:27.0529 1760 HomeGroupListener - ok
12:34:27.0545 1760 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:34:27.0561 1760 HomeGroupProvider - ok
12:34:27.0576 1760 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:34:27.0592 1760 HpSAMD - ok
12:34:27.0623 1760 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:34:27.0685 1760 HTTP - ok
12:34:27.0701 1760 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:34:27.0701 1760 hwpolicy - ok
12:34:27.0748 1760 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:34:27.0779 1760 i8042prt - ok
12:34:27.0810 1760 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:34:27.0826 1760 iaStor - ok
12:34:27.0888 1760 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:34:27.0904 1760 IAStorDataMgrSvc - ok
12:34:27.0935 1760 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:34:27.0966 1760 iaStorV - ok
12:34:27.0997 1760 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:34:28.0075 1760 idsvc - ok
12:34:28.0294 1760 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:34:28.0419 1760 igfx ( UnsignedFile.Multi.Generic ) - warning
12:34:28.0419 1760 igfx - detected UnsignedFile.Multi.Generic (1)
12:34:28.0450 1760 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:34:28.0465 1760 iirsp - ok
12:34:28.0497 1760 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
12:34:28.0543 1760 IKEEXT - ok
12:34:28.0590 1760 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
12:34:28.0606 1760 Impcd - ok
12:34:28.0715 1760 [ 526E482AFB586CB1CDD687869DECF686 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:34:28.0762 1760 IntcAzAudAddService - ok
12:34:28.0809 1760 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:34:28.0809 1760 IntcDAud ( UnsignedFile.Multi.Generic ) - warning
12:34:28.0809 1760 IntcDAud - detected UnsignedFile.Multi.Generic (1)
12:34:28.0840 1760 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:34:28.0855 1760 intelide - ok
12:34:28.0871 1760 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:34:28.0887 1760 intelppm - ok
12:34:28.0902 1760 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:34:28.0949 1760 IPBusEnum - ok
12:34:28.0949 1760 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:34:28.0996 1760 IpFilterDriver - ok
12:34:29.0011 1760 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:34:29.0058 1760 iphlpsvc - ok
12:34:29.0089 1760 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:34:29.0089 1760 IPMIDRV - ok
12:34:29.0121 1760 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:34:29.0167 1760 IPNAT - ok
12:34:29.0214 1760 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:34:29.0277 1760 iPod Service - ok
12:34:29.0292 1760 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:34:29.0323 1760 IRENUM - ok
12:34:29.0323 1760 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:34:29.0339 1760 isapnp - ok
12:34:29.0370 1760 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:34:29.0386 1760 iScsiPrt - ok
12:34:29.0401 1760 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:34:29.0417 1760 kbdclass - ok
12:34:29.0433 1760 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:34:29.0448 1760 kbdhid - ok
12:34:29.0464 1760 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
12:34:29.0479 1760 KeyIso - ok
12:34:29.0511 1760 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:34:29.0526 1760 KSecDD - ok
12:34:29.0557 1760 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:34:29.0573 1760 KSecPkg - ok
12:34:29.0604 1760 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:34:29.0635 1760 ksthunk - ok
12:34:29.0667 1760 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:34:29.0698 1760 KtmRm - ok
12:34:29.0745 1760 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:34:29.0776 1760 LanmanServer - ok
12:34:29.0807 1760 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:34:29.0854 1760 LanmanWorkstation - ok
12:34:29.0901 1760 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:34:29.0947 1760 lltdio - ok
12:34:29.0979 1760 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:34:30.0010 1760 lltdsvc - ok
12:34:30.0025 1760 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:34:30.0057 1760 lmhosts - ok
12:34:30.0119 1760 [ 3D23191672D83E90D1CF63927EE98136 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:34:30.0150 1760 LMS - ok
12:34:30.0181 1760 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:34:30.0197 1760 LSI_FC - ok
12:34:30.0213 1760 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:34:30.0228 1760 LSI_SAS - ok
12:34:30.0244 1760 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:34:30.0244 1760 LSI_SAS2 - ok
12:34:30.0259 1760 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:34:30.0275 1760 LSI_SCSI - ok
12:34:30.0291 1760 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:34:30.0337 1760 luafv - ok
12:34:30.0431 1760 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
12:34:30.0462 1760 McComponentHostService - ok
12:34:30.0493 1760 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:34:30.0509 1760 Mcx2Svc - ok
12:34:30.0525 1760 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:34:30.0540 1760 megasas - ok
12:34:30.0556 1760 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:34:30.0571 1760 MegaSR - ok
12:34:30.0603 1760 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:34:30.0634 1760 MMCSS - ok
12:34:30.0649 1760 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:34:30.0681 1760 Modem - ok
12:34:30.0712 1760 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:34:30.0727 1760 monitor - ok
12:34:30.0743 1760 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
12:34:30.0759 1760 mouclass - ok
12:34:30.0774 1760 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys
12:34:30.0790 1760 mouhid - ok
12:34:30.0805 1760 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:34:30.0805 1760 mountmgr - ok
12:34:30.0883 1760 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:34:30.0915 1760 MozillaMaintenance - ok
12:34:30.0930 1760 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\drivers\mpio.sys
12:34:30.0946 1760 mpio - ok
12:34:30.0977 1760 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:34:31.0008 1760 mpsdrv - ok
12:34:31.0039 1760 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:34:31.0086 1760 MpsSvc - ok
12:34:31.0117 1760 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:34:31.0133 1760 MRxDAV - ok
12:34:31.0164 1760 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:34:31.0195 1760 mrxsmb - ok
12:34:31.0242 1760 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:34:31.0258 1760 mrxsmb10 - ok
12:34:31.0273 1760 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:34:31.0289 1760 mrxsmb20 - ok
12:34:31.0320 1760 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\drivers\msahci.sys
12:34:31.0336 1760 msahci - ok
12:34:31.0351 1760 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:34:31.0367 1760 msdsm - ok
12:34:31.0383 1760 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:34:31.0398 1760 MSDTC - ok
12:34:31.0429 1760 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:34:31.0461 1760 Msfs - ok
12:34:31.0476 1760 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:34:31.0507 1760 mshidkmdf - ok
12:34:31.0523 1760 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:34:31.0523 1760 msisadrv - ok
12:34:31.0570 1760 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:34:31.0601 1760 MSiSCSI - ok
12:34:31.0617 1760 msiserver - ok
12:34:31.0632 1760 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:34:31.0679 1760 MSKSSRV - ok
12:34:31.0695 1760 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:34:31.0726 1760 MSPCLOCK - ok
12:34:31.0741 1760 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:34:31.0773 1760 MSPQM - ok
12:34:31.0788 1760 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:34:31.0804 1760 MsRPC - ok
12:34:31.0819 1760 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:34:31.0835 1760 mssmbios - ok
12:34:31.0851 1760 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:34:31.0882 1760 MSTEE - ok
12:34:31.0897 1760 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:34:31.0913 1760 MTConfig - ok
12:34:31.0929 1760 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:34:31.0944 1760 Mup - ok
12:34:31.0975 1760 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
12:34:32.0007 1760 napagent - ok
12:34:32.0038 1760 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:34:32.0053 1760 NativeWifiP - ok
12:34:32.0085 1760 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:34:32.0147 1760 NDIS - ok
12:34:32.0178 1760 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:34:32.0209 1760 NdisCap - ok
12:34:32.0241 1760 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:34:32.0272 1760 NdisTapi - ok
12:34:32.0303 1760 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:34:32.0334 1760 Ndisuio - ok
12:34:32.0350 1760 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:34:32.0397 1760 NdisWan - ok
12:34:32.0412 1760 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:34:32.0443 1760 NDProxy - ok
12:34:32.0459 1760 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:34:32.0490 1760 NetBIOS - ok
12:34:32.0506 1760 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:34:32.0553 1760 NetBT - ok
12:34:32.0553 1760 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
12:34:32.0568 1760 Netlogon - ok
12:34:32.0599 1760 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:34:32.0646 1760 Netman - ok
12:34:32.0709 1760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0724 1760 NetMsmqActivator - ok
12:34:32.0755 1760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0771 1760 NetPipeActivator - ok
12:34:32.0802 1760 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:34:32.0849 1760 netprofm - ok
12:34:32.0865 1760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0880 1760 NetTcpActivator - ok
12:34:32.0880 1760 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0896 1760 NetTcpPortSharing - ok
12:34:32.0927 1760 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:34:32.0943 1760 nfrd960 - ok
12:34:32.0989 1760 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:34:33.0052 1760 NlaSvc - ok
12:34:33.0083 1760 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:34:33.0130 1760 Npfs - ok
12:34:33.0130 1760 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:34:33.0177 1760 nsi - ok
12:34:33.0177 1760 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:34:33.0223 1760 nsiproxy - ok
12:34:33.0286 1760 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:34:33.0333 1760 Ntfs - ok
12:34:33.0364 1760 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:34:33.0395 1760 Null - ok
12:34:33.0457 1760 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:34:33.0489 1760 nvraid - ok
12:34:33.0504 1760 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:34:33.0520 1760 nvstor - ok
12:34:33.0551 1760 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:34:33.0567 1760 nv_agp - ok
12:34:33.0629 1760 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:34:33.0676 1760 odserv - ok
12:34:33.0707 1760 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:34:33.0723 1760 ohci1394 - ok
12:34:33.0769 1760 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:34:33.0801 1760 ose - ok
12:34:33.0832 1760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:34:33.0879 1760 p2pimsvc - ok
12:34:33.0910 1760 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:34:33.0925 1760 p2psvc - ok
12:34:33.0941 1760 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:34:33.0957 1760 Parport - ok
12:34:33.0988 1760 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:34:34.0003 1760 partmgr - ok
12:34:34.0019 1760 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:34:34.0035 1760 PcaSvc - ok
12:34:34.0035 1760 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\drivers\pci.sys
12:34:34.0050 1760 pci - ok
12:34:34.0081 1760 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:34:34.0113 1760 pciide - ok
12:34:34.0128 1760 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:34:34.0144 1760 pcmcia - ok
12:34:34.0175 1760 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:34:34.0175 1760 pcw - ok
12:34:34.0206 1760 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:34:34.0237 1760 PEAUTH - ok
12:34:34.0315 1760 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:34:34.0347 1760 PerfHost - ok
12:34:34.0440 1760 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
12:34:34.0503 1760 pla - ok
12:34:34.0534 1760 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:34:34.0549 1760 PlugPlay - ok
12:34:34.0612 1760 [ 80E85394D8CD7F84340B1C6F4B9D698F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
12:34:34.0643 1760 PMBDeviceInfoProvider - ok
12:34:34.0674 1760 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:34:34.0690 1760 PNRPAutoReg - ok
12:34:34.0705 1760 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:34:34.0721 1760 PNRPsvc - ok
12:34:34.0752 1760 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:34:34.0783 1760 PolicyAgent - ok
12:34:34.0815 1760 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:34:34.0846 1760 Power - ok
12:34:34.0877 1760 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:34:34.0924 1760 PptpMiniport - ok
12:34:34.0955 1760 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:34:34.0955 1760 Processor - ok
12:34:35.0002 1760 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
12:34:35.0033 1760 ProfSvc - ok
12:34:35.0049 1760 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:34:35.0080 1760 ProtectedStorage - ok
12:34:35.0111 1760 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:34:35.0142 1760 Psched - ok
12:34:35.0189 1760 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
12:34:35.0189 1760 PxHlpa64 - ok
12:34:35.0251 1760 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:34:35.0314 1760 ql2300 - ok
12:34:35.0329 1760 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:34:35.0329 1760 ql40xx - ok
12:34:35.0361 1760 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:34:35.0376 1760 QWAVE - ok
12:34:35.0407 1760 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:34:35.0423 1760 QWAVEdrv - ok
12:34:35.0439 1760 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:34:35.0470 1760 RasAcd - ok
12:34:35.0485 1760 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:34:35.0532 1760 RasAgileVpn - ok
12:34:35.0532 1760 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:34:35.0579 1760 RasAuto - ok
12:34:35.0595 1760 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:34:35.0626 1760 Rasl2tp - ok
12:34:35.0641 1760 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
12:34:35.0688 1760 RasMan - ok
12:34:35.0704 1760 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:34:35.0751 1760 RasPppoe - ok
12:34:35.0766 1760 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:34:35.0797 1760 RasSstp - ok
12:34:35.0813 1760 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:34:35.0860 1760 rdbss - ok
12:34:35.0875 1760 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:34:35.0875 1760 rdpbus - ok
12:34:35.0891 1760 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:34:35.0922 1760 RDPCDD - ok
12:34:35.0953 1760 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:34:36.0000 1760 RDPENCDD - ok
12:34:36.0016 1760 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:34:36.0047 1760 RDPREFMP - ok
12:34:36.0078 1760 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:34:36.0109 1760 RDPWD - ok
12:34:36.0141 1760 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:34:36.0172 1760 rdyboost - ok
12:34:36.0187 1760 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:34:36.0234 1760 RemoteAccess - ok
12:34:36.0265 1760 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:34:36.0297 1760 RemoteRegistry - ok
12:34:36.0328 1760 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:34:36.0343 1760 RFCOMM - ok
12:34:36.0390 1760 [ FA6ABC06B629DA29634D31F1FE0347BD ] rimspci C:\Windows\system32\drivers\rimssne64.sys
12:34:36.0390 1760 rimspci - ok
12:34:36.0421 1760 [ 8F8539A7F5C117D4407B2985995671F2 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
12:34:36.0437 1760 risdsnpe - ok
12:34:36.0468 1760 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:34:36.0499 1760 RpcEptMapper - ok
12:34:36.0531 1760 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:34:36.0546 1760 RpcLocator - ok
12:34:36.0577 1760 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
12:34:36.0609 1760 RpcSs - ok
12:34:36.0655 1760 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:34:36.0718 1760 rspndr - ok
12:34:36.0749 1760 [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:34:36.0765 1760 RTHDMIAzAudService - ok
12:34:36.0811 1760 [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
12:34:36.0811 1760 s0017bus - ok
12:34:36.0843 1760 [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
12:34:36.0843 1760 s0017mdfl - ok
12:34:36.0858 1760 [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
12:34:36.0874 1760 s0017mdm - ok
12:34:36.0889 1760 [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
12:34:36.0905 1760 s0017mgmt - ok
12:34:36.0921 1760 [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
12:34:36.0936 1760 s0017nd5 - ok
12:34:36.0952 1760 [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
12:34:36.0952 1760 s0017obex - ok
12:34:36.0967 1760 [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
12:34:36.0983 1760 s0017unic - ok
12:34:37.0014 1760 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
12:34:37.0030 1760 SamSs - ok
12:34:37.0045 1760 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:34:37.0045 1760 sbp2port - ok
12:34:37.0077 1760 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:34:37.0123 1760 SCardSvr - ok
12:34:37.0139 1760 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:34:37.0186 1760 scfilter - ok
12:34:37.0217 1760 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
12:34:37.0264 1760 Schedule - ok
12:34:37.0279 1760 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:34:37.0326 1760 SCPolicySvc - ok
12:34:37.0357 1760 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:34:37.0404 1760 sdbus - ok
12:34:37.0420 1760 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:34:37.0435 1760 SDRSVC - ok
12:34:37.0467 1760 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:34:37.0513 1760 secdrv - ok
12:34:37.0529 1760 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
12:34:37.0560 1760 seclogon - ok
12:34:37.0576 1760 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:34:37.0607 1760 SENS - ok
12:34:37.0654 1760 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:34:37.0654 1760 SensrSvc - ok
12:34:37.0669 1760 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:34:37.0685 1760 Serenum - ok
12:34:37.0716 1760 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:34:37.0716 1760 Serial - ok
12:34:37.0747 1760 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:34:37.0763 1760 sermouse - ok
12:34:37.0779 1760 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
12:34:37.0825 1760 SessionEnv - ok
12:34:37.0857 1760 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
12:34:37.0872 1760 SFEP - ok
12:34:37.0888 1760 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:34:37.0903 1760 sffdisk - ok
12:34:37.0919 1760 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:34:37.0919 1760 sffp_mmc - ok
12:34:37.0950 1760 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:34:37.0950 1760 sffp_sd - ok
12:34:37.0966 1760 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:34:37.0981 1760 sfloppy - ok
12:34:38.0013 1760 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:34:38.0044 1760 SharedAccess - ok
12:34:38.0091 1760 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:34:38.0122 1760 ShellHWDetection - ok
12:34:38.0153 1760 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:34:38.0169 1760 SiSRaid2 - ok
12:34:38.0200 1760 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:34:38.0215 1760 SiSRaid4 - ok
12:34:38.0247 1760 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:34:38.0278 1760 Smb - ok
12:34:38.0325 1760 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:34:38.0340 1760 SNMPTRAP - ok
12:34:38.0434 1760 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
12:34:38.0449 1760 SOHCImp - ok
12:34:38.0481 1760 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
12:34:38.0512 1760 SOHDms - ok
12:34:38.0527 1760 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
12:34:38.0543 1760 SOHDs - ok
12:34:38.0621 1760 [ 5449FC97476F52E027409E703791E6A9 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
12:34:38.0652 1760 SpfService - ok
12:34:38.0683 1760 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:34:38.0699 1760 spldr - ok
12:34:38.0746 1760 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
12:34:38.0793 1760 Spooler - ok
12:34:38.0902 1760 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
12:34:39.0011 1760 sppsvc - ok
12:34:39.0027 1760 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:34:39.0058 1760 sppuinotify - ok
12:34:39.0089 1760 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:34:39.0120 1760 srv - ok
12:34:39.0151 1760 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:34:39.0151 1760 srv2 - ok
12:34:39.0183 1760 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:34:39.0214 1760 srvnet - ok
12:34:39.0245 1760 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:34:39.0292 1760 SSDPSRV - ok
12:34:39.0307 1760 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:34:39.0339 1760 SstpSvc - ok
12:34:39.0370 1760 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:34:39.0370 1760 stexstor - ok
12:34:39.0401 1760 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
12:34:39.0432 1760 stisvc - ok
12:34:39.0448 1760 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:34:39.0448 1760 swenum - ok
12:34:39.0479 1760 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:34:39.0510 1760 swprv - ok
12:34:39.0573 1760 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
12:34:39.0619 1760 SysMain - ok
12:34:39.0666 1760 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:34:39.0682 1760 TabletInputService - ok
12:34:39.0697 1760 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
12:34:39.0729 1760 TapiSrv - ok
12:34:39.0744 1760 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:34:39.0775 1760 TBS - ok
12:34:39.0853 1760 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:34:39.0916 1760 Tcpip - ok
12:34:39.0963 1760 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:34:39.0994 1760 TCPIP6 - ok
12:34:40.0025 1760 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:34:40.0072 1760 tcpipreg - ok
12:34:40.0103 1760 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:34:40.0119 1760 TDPIPE - ok
12:34:40.0165 1760 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:34:40.0197 1760 TDTCP - ok
12:34:40.0228 1760 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:34:40.0290 1760 tdx - ok
12:34:40.0306 1760 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:34:40.0321 1760 TermDD - ok
12:34:40.0353 1760 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
12:34:40.0399 1760 TermService - ok
12:34:40.0415 1760 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:34:40.0431 1760 Themes - ok
12:34:40.0446 1760 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:34:40.0493 1760 THREADORDER - ok
12:34:40.0509 1760 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:34:40.0555 1760 TrkWks - ok
12:34:40.0602 1760 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:34:40.0633 1760 TrustedInstaller - ok
12:34:40.0649 1760 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:34:40.0696 1760 tssecsrv - ok
12:34:40.0711 1760 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:34:40.0758 1760 tunnel - ok
12:34:40.0774 1760 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:34:40.0774 1760 uagp35 - ok
12:34:40.0805 1760 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
12:34:40.0821 1760 uCamMonitor - ok
12:34:40.0852 1760 [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:34:40.0883 1760 udfs - ok
12:34:40.0899 1760 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:34:40.0930 1760 UI0Detect - ok
12:34:40.0930 1760 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:34:40.0945 1760 uliagpkx - ok
12:34:40.0961 1760 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:34:40.0977 1760 umbus - ok
12:34:41.0008 1760 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:34:41.0008 1760 UmPass - ok
12:34:41.0148 1760 [ 11A559E0F10CC5E788984023DF400A6F ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:34:41.0273 1760 UNS - ok
12:34:41.0304 1760 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:34:41.0335 1760 upnphost - ok
12:34:41.0382 1760 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:34:41.0413 1760 USBAAPL64 - ok
12:34:41.0460 1760 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:34:41.0491 1760 usbaudio - ok
12:34:41.0523 1760 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:34:41.0554 1760 usbccgp - ok
12:34:41.0585 1760 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:34:41.0616 1760 usbcir - ok
12:34:41.0632 1760 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:34:41.0647 1760 usbehci - ok
12:34:41.0679 1760 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:34:41.0694 1760 usbhub - ok
12:34:41.0710 1760 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:34:41.0710 1760 usbohci - ok
12:34:41.0757 1760 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:34:41.0788 1760 usbprint - ok
12:34:41.0803 1760 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:34:41.0819 1760 USBSTOR - ok
12:34:41.0835 1760 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:34:41.0850 1760 usbuhci - ok
12:34:41.0881 1760 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:34:41.0928 1760 usbvideo - ok
12:34:41.0959 1760 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:34:42.0006 1760 UxSms - ok
12:34:42.0037 1760 [ A60605FC66552B421EE1F3D4EBB9A4E0 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
12:34:42.0069 1760 VAIO Event Service - ok
12:34:42.0147 1760 [ D469BE2723F79CF4B384680B1FDC577D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
12:34:42.0178 1760 VAIO Power Management - ok
12:34:42.0193 1760 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
12:34:42.0209 1760 VaultSvc - ok
12:34:42.0256 1760 [ 96EFA2698D6B9E2931609A3EA73FC5DC ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
12:34:42.0318 1760 VCFw - ok
12:34:42.0365 1760 [ 7BEBF6A5285FFC03C34A7297A4E177CB ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
12:34:42.0412 1760 VcmIAlzMgr - ok
12:34:42.0443 1760 [ E005B04DFCA99F5880C5111933194CA9 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
12:34:42.0459 1760 VcmINSMgr - ok
12:34:42.0490 1760 [ 829A32FD1334F72429CA0515760EB7A7 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
12:34:42.0490 1760 VcmXmlIfHelper - ok
12:34:42.0552 1760 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
12:34:42.0568 1760 VCService - ok
12:34:42.0583 1760 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:34:42.0599 1760 vdrvroot - ok
12:34:42.0646 1760 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
12:34:42.0677 1760 vds - ok
12:34:42.0708 1760 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:34:42.0724 1760 vga - ok
12:34:42.0740 1760 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:34:42.0786 1760 VgaSave - ok
12:34:42.0802 1760 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:34:42.0818 1760 vhdmp - ok
12:34:42.0833 1760 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:34:42.0833 1760 viaide - ok
12:34:42.0864 1760 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:34:42.0880 1760 volmgr - ok
12:34:42.0896 1760 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:34:42.0911 1760 volmgrx - ok
12:34:42.0942 1760 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:34:42.0958 1760 volsnap - ok
12:34:43.0036 1760 [ B671E1CE912B85478DAC11C7A210B6F6 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:34:43.0098 1760 vpnagent - ok
12:34:43.0145 1760 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
12:34:43.0161 1760 vpnva - ok
12:34:43.0208 1760 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:34:43.0223 1760 vsmraid - ok
12:34:43.0286 1760 [ A7EB62C664A03901165290A714BD48D0 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
12:34:43.0332 1760 VSNService ( UnsignedFile.Multi.Generic ) - warning
12:34:43.0332 1760 VSNService - detected UnsignedFile.Multi.Generic (1)
12:34:43.0395 1760 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
12:34:43.0457 1760 VSS - ok
12:34:43.0535 1760 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
12:34:43.0613 1760 VUAgent - ok
12:34:43.0644 1760 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:34:43.0660 1760 vwifibus - ok
12:34:43.0676 1760 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:34:43.0691 1760 vwififlt - ok
12:34:43.0722 1760 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:34:43.0738 1760 vwifimp - ok
12:34:43.0754 1760 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:34:43.0785 1760 W32Time - ok
12:34:43.0816 1760 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:34:43.0832 1760 WacomPen - ok
12:34:43.0863 1760 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:34:43.0925 1760 WANARP - ok
12:34:43.0956 1760 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:34:43.0988 1760 Wanarpv6 - ok
12:34:44.0050 1760 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
12:34:44.0128 1760 wbengine - ok
12:34:44.0128 1760 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:34:44.0144 1760 WbioSrvc - ok
12:34:44.0175 1760 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:34:44.0190 1760 wcncsvc - ok
12:34:44.0206 1760 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:34:44.0222 1760 WcsPlugInService - ok
12:34:44.0253 1760 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:34:44.0253 1760 Wd - ok
12:34:44.0300 1760 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:34:44.0346 1760 Wdf01000 - ok
12:34:44.0362 1760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:34:44.0378 1760 WdiServiceHost - ok
12:34:44.0393 1760 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:34:44.0409 1760 WdiSystemHost - ok
12:34:44.0440 1760 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
12:34:44.0471 1760 WebClient - ok
12:34:44.0502 1760 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:34:44.0534 1760 Wecsvc - ok
12:34:44.0549 1760 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:34:44.0596 1760 wercplsupport - ok
12:34:44.0627 1760 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:34:44.0658 1760 WerSvc - ok
12:34:44.0690 1760 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:34:44.0736 1760 WfpLwf - ok
12:34:44.0752 1760 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:34:44.0768 1760 WIMMount - ok
12:34:44.0768 1760 WinDefend - ok
12:34:44.0783 1760 WinHttpAutoProxySvc - ok
12:34:44.0814 1760 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:34:44.0861 1760 Winmgmt - ok
12:34:44.0924 1760 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
12:34:45.0033 1760 WinRM - ok
12:34:45.0080 1760 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:34:45.0111 1760 WinUsb - ok
12:34:45.0158 1760 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:34:45.0204 1760 Wlansvc - ok
12:34:45.0282 1760 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:34:45.0282 1760 wlcrasvc - ok
12:34:45.0392 1760 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:34:45.0485 1760 wlidsvc - ok
12:34:45.0516 1760 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:34:45.0516 1760 WmiAcpi - ok
12:34:45.0548 1760 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:34:45.0594 1760 wmiApSrv - ok
12:34:45.0610 1760 WMPNetworkSvc - ok
12:34:45.0719 1760 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm c:\Program Files\Zune\WMZuneComm.exe
12:34:45.0766 1760 WMZuneComm - ok
12:34:45.0782 1760 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:34:45.0797 1760 WPCSvc - ok
12:34:45.0813 1760 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:34:45.0828 1760 WPDBusEnum - ok
12:34:45.0844 1760 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:34:45.0875 1760 ws2ifsl - ok
12:34:45.0891 1760 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
12:34:45.0922 1760 wscsvc - ok
12:34:45.0922 1760 WSearch - ok
12:34:46.0016 1760 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:34:46.0078 1760 wuauserv - ok
12:34:46.0109 1760 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:34:46.0140 1760 WudfPf - ok
12:34:46.0172 1760 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:34:46.0187 1760 WUDFRd - ok
12:34:46.0203 1760 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:34:46.0218 1760 wudfsvc - ok
12:34:46.0265 1760 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:34:46.0281 1760 WwanSvc - ok
12:34:46.0328 1760 [ 5250193EF8E173AA7491250F00EB367F ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
12:34:46.0343 1760 yukonw7 - ok
12:34:46.0562 1760 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
12:34:46.0842 1760 ZuneNetworkSvc - ok
12:34:46.0905 1760 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc c:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:34:46.0936 1760 ZuneWlanCfgSvc - ok
12:34:46.0998 1760 ================ Scan global ===============================
12:34:47.0014 1760 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:34:47.0061 1760 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
12:34:47.0076 1760 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
12:34:47.0108 1760 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:34:47.0139 1760 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:34:47.0139 1760 [Global] - ok
12:34:47.0139 1760 ================ Scan MBR ==================================
12:34:47.0154 1760 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:34:47.0591 1760 \Device\Harddisk0\DR0 - ok
12:34:47.0591 1760 ================ Scan VBR ==================================
12:34:47.0607 1760 [ 25FBBBDC5860CDB4FBDFEF6F7339852D ] \Device\Harddisk0\DR0\Partition1
12:34:47.0607 1760 \Device\Harddisk0\DR0\Partition1 - ok
12:34:47.0638 1760 [ F531585E13AAC193649EB59B87534786 ] \Device\Harddisk0\DR0\Partition2
12:34:47.0654 1760 \Device\Harddisk0\DR0\Partition2 - ok
12:34:47.0654 1760 ============================================================
12:34:47.0654 1760 Scan finished
12:34:47.0654 1760 ============================================================
12:34:47.0669 3172 Detected object count: 3
12:34:47.0669 3172 Actual detected object count: 3
12:34:50.0976 3172 igfx ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:50.0976 3172 igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:50.0976 3172 IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:50.0976 3172 IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:50.0976 3172 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:50.0976 3172 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:34:55.0532 4172 Deinitialize success
|
|
19.03.2013, 12:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir meldet TR/Rogue.kdv.901925 Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 13:02
| #13 |
| | AntiVir meldet TR/Rogue.kdv.901925 hier der log: Code:
ATTFilter ComboFix 13-03-19.01 - *** 19.03.2013 12:49:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3950.2244 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-19 bis 2013-03-19 ))))))))))))))))))))))))))))))
.
.
2013-03-19 11:54 . 2013-03-19 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-16 15:46 . 2013-02-12 14:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-16 13:52 . 2013-03-18 17:09 -------- d-----w- c:\users\***\AppData\Roaming\Qoeg
2013-03-16 13:52 . 2013-03-18 02:02 -------- d-----w- c:\users\***\AppData\Roaming\Okynro
2013-03-16 13:52 . 2013-03-16 13:52 -------- d-----w- c:\users\***\AppData\Roaming\Uvhiam
2013-03-14 21:25 . 2013-03-14 21:25 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 21:25 . 2013-03-14 21:25 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 15:16 . 2013-02-28 16:34 12405248 ----a-w- c:\windows\system32\ieframe.dll
2013-03-13 15:16 . 2013-02-28 16:34 9377280 ----a-w- c:\windows\system32\mshtml.dll
2013-03-13 15:16 . 2013-02-28 16:34 2463744 ----a-w- c:\windows\system32\iertutil.dll
2013-03-13 15:16 . 2013-02-28 16:34 1500160 ----a-w- c:\windows\system32\urlmon.dll
2013-03-13 15:16 . 2013-02-28 16:34 1026560 ----a-w- c:\windows\system32\mstime.dll
2013-03-13 15:16 . 2013-02-28 16:34 736256 ----a-w- c:\windows\system32\msfeeds.dll
2013-03-12 09:49 . 2013-03-13 12:02 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 21:27 . 2011-03-29 15:36 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-12 21:04 . 2012-04-14 17:10 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:04 . 2011-07-21 11:49 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-24 17:33 . 2013-01-24 17:33 11184 ----a-w- c:\windows\SysWow64\vpncategories.dll
2013-01-24 17:33 . 2013-01-24 17:33 34224 ----a-w- c:\windows\SysWow64\vpnevents.dll
2013-01-24 17:15 . 2011-01-11 12:54 27048 ----a-w- c:\windows\system32\drivers\vpnva64.sys
2013-01-24 17:13 . 2011-01-11 12:53 112080 ----a-r- c:\windows\system32\drivers\acsock64.sys
2013-01-05 05:57 . 2013-02-13 16:16 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:02 . 2013-02-13 16:16 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-13 16:16 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41 . 2013-02-13 16:15 1893224 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 05:40 . 2013-02-13 16:15 287576 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 05:37 . 2013-02-13 16:15 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-04 05:37 . 2013-02-13 16:15 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-04 05:37 . 2013-02-13 16:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-04 05:36 . 2013-02-13 16:15 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 05:33 . 2013-02-13 16:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-04 05:30 . 2013-02-13 16:15 424960 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 05:30 . 2013-02-13 16:15 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-04 05:27 . 2013-02-13 16:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:51 . 2013-02-13 16:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:51 . 2013-02-13 16:15 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-04 04:43 . 2013-02-13 16:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:22 . 2013-02-13 16:16 3150848 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 03:19 . 2013-02-13 16:15 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:48 . 2013-02-13 16:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:48 . 2013-02-13 16:15 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:48 . 2013-02-13 16:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-04 02:48 . 2013-02-13 16:15 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:43 . 2013-02-13 16:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 16:15 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 16:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 16:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-10-09 615808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-01-24 701872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\***\Desktop\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2013-01-24 112080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-05-28 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-07 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-29 254528]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-07 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-01-24 544688]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-05-28 56344]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 22063730
*NewlyCreated* - 63858901
*NewlyCreated* - ASWMBR
*Deregistered* - 22063730
*Deregistered* - 63858901
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 21:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ilpb9bwh.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-19 12:56:09
ComboFix-quarantined-files.txt 2013-03-19 11:56
.
Vor Suchlauf: 13 Verzeichnis(se), 389.761.732.608 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 391.937.867.776 Bytes frei
.
- - End Of File - - D06FFA1ED5EC400EF09402368DCC0158
|
|
19.03.2013, 13:05
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | AntiVir meldet TR/Rogue.kdv.901925 JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 13:50
| #15 |
| | AntiVir meldet TR/Rogue.kdv.901925 JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 19.03.2013 at 13:18:49,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\pdfforge toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
~~~ FireFox
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\user.js
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\prefs.js
user_pref("extensions.asktb.cbid", "N9");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
user_pref("extensions.asktb.first-launch-url", "hxxp://www.studivz.net/Messages");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1312616208388");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.o", "15418");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "5");
user_pref("extensions.asktb.v", "3.6.13.100005");
user_pref("extensions.enabledItems", "firenes@facundo.zaldo:2.0,moveplayer@movenetworks.com:1.0.0.071303000004,toolbar@ask.com:3.6.13.184,{1018e4d6-728f-4b20-ad56-37578a4de76b
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\minidumps [124 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 13:24:59,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 19/03/2013 um 13:28:25 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : *** - ***-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.17256
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ilpb9bwh.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1578 octets] - [19/03/2013 13:28:25]
########## EOF - C:\AdwCleaner[S1].txt - [1638 octets] ##########
Code:
ATTFilter OTL logfile created on: 19.03.2013 13:32:33 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,87% Memory free 7,71 Gb Paging File | 5,96 Gb Available in Paging File | 77,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,29 Gb Total Space | 365,08 Gb Free Space | 80,72% Space Free | Partition Type: NTFS Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC) DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation) DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation) DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation) DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation) DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation) DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation) DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{31CF5488-1282-4CE7-BACF-DAC2D6103B66}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{4D7AE340-6731-4EE4-B8C1-DD73BA39A597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{7A28250A-EF45-4C6E-A2D2-9245F92B8167}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{8A139173-D5C3-4BB4-98C2-927617F6E246}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: firenes%40facundo.zaldo:2.0.2 FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8 FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.07 09:50:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.07 09:50:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.07.15 15:08:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.10.24 17:19:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M] [2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.19 13:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions [2013.03.15 09:20:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2013.03.01 18:10:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.03.27 08:04:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2011.03.29 16:07:43 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\bkmrksync@nokia.com [2011.08.20 12:27:20 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\firefox@tvunetworks.com [2011.03.29 16:07:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\moveplayer@movenetworks.com [2011.11.15 09:58:43 | 000,071,254 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\firenes@facundo.zaldo.xpi [2012.12.12 10:52:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.03.08 13:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 13:02:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 13:02:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.07.07 11:28:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 16:55:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.07 11:28:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.07 11:28:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.07 11:28:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.07 11:28:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DivX HiQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 172.16.16.19 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 13:20:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.19 13:18:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.19 13:18:43 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.19 13:16:19 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.03.19 12:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.19 12:49:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.19 12:49:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.19 12:49:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.19 12:49:03 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.19 12:48:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.18 17:21:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.03.18 16:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.18 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner [2013.03.16 16:46:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uvhiam [2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qoeg [2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Okynro [2013.03.14 22:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.13 16:16:01 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 16:15:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.03.13 16:15:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.03.13 16:15:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 16:15:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 16:15:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.03.13 16:15:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.03.13 16:15:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.03.13 16:15:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 16:15:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 16:15:54 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 16:15:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 16:15:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.03.13 16:15:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.03.13 16:15:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.03.12 10:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.08 13:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.21 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.19 13:37:16 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 13:37:16 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 13:29:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 13:29:20 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys [2013.03.19 13:16:47 | 000,609,993 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.03.19 13:16:20 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.03.19 13:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.19 08:30:04 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.03.18 18:11:18 | 000,375,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 16:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.18 15:26:13 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.18 15:26:13 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.18 15:26:13 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.18 15:26:13 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.18 15:26:13 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.15 09:03:24 | 000,673,298 | ---- | M] () -- C:\Users\***\Desktop\Diagnostik .pdf [2013.03.12 22:04:44 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 22:04:44 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.04 09:34:19 | 000,182,348 | ---- | M] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf [2013.03.02 22:29:57 | 000,113,872 | ---- | M] () -- C:\Users\***\Desktop\statistik im text.pdf [2013.02.28 20:34:23 | 000,118,681 | ---- | M] () -- C:\test.xml [2013.02.28 17:34:33 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.28 17:34:10 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.28 17:34:08 | 000,736,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.28 17:34:03 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.02.28 17:34:01 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.02.28 17:34:01 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.28 17:33:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.02.28 17:16:41 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.28 17:16:16 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.28 17:16:10 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.02.28 17:16:07 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.02.28 17:16:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.28 17:15:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.02.28 16:12:49 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.02.28 15:51:56 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.02.25 19:50:56 | 000,036,931 | ---- | M] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf [2013.02.25 18:47:50 | 007,918,036 | ---- | M] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf [2013.02.24 13:39:21 | 543,977,074 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.23 13:56:30 | 012,474,944 | ---- | M] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf [2013.02.23 12:27:53 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.19 13:16:47 | 000,609,993 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.03.19 12:49:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.19 12:49:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.19 12:49:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.19 12:49:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.19 12:49:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.19 08:30:04 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.03.15 09:03:22 | 000,673,298 | ---- | C] () -- C:\Users\***\Desktop\Diagnostik .pdf [2013.03.04 09:34:19 | 000,182,348 | ---- | C] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf [2013.03.02 22:29:57 | 000,113,872 | ---- | C] () -- C:\Users\***\Desktop\statistik im text.pdf [2013.02.25 19:50:53 | 000,036,931 | ---- | C] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf [2013.02.25 18:47:45 | 007,918,036 | ---- | C] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf [2013.02.23 09:19:29 | 012,474,944 | ---- | C] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf [2012.09.23 17:13:04 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.16 08:53:28 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.06 17:54:08 | 000,000,041 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan [2011.05.08 21:08:00 | 000,005,264 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.04.05 21:41:20 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.29 22:22:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 13:32:33 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,87% Memory free
7,71 Gb Paging File | 5,96 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,29 Gb Total Space | 365,08 Gb Free Space | 80,72% Space Free | Partition Type: NTFS
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C57163B-5F2F-43BB-8458-C0BA9DCE612A}" = lport=445 | protocol=6 | dir=in | app=system |
"{13003616-553B-4D83-9565-2875E741596C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5185D5FF-EA84-4ABC-98EC-C9F7D040AAB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5583077A-66D0-4648-9C18-CEF8F72E653E}" = lport=138 | protocol=17 | dir=in | app=system |
"{59746162-EDEA-42FC-B5BB-A2D1B534CF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6613FF3F-19E3-4258-9091-409695B96DC8}" = lport=137 | protocol=17 | dir=in | app=system |
"{68ED5855-7F29-422B-8A98-C85335690D61}" = lport=10243 | protocol=6 | dir=in | app=system |
"{727EEC4C-DA92-4E67-8562-4D03F051DC8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F9A1B7C-AF6C-41CB-B4DF-C43FA918D545}" = rport=138 | protocol=17 | dir=out | app=system |
"{8E2DEA7A-2FCF-45F5-855D-2A003237F688}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B837533-FB98-4A30-B1BD-8F90D9AFC7F7}" = rport=445 | protocol=6 | dir=out | app=system |
"{A042F7F4-A360-4D33-9478-811F1022D30E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A22095BB-B1CF-412D-9675-45E8359E700F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4DA65B9-87C8-4AFA-906E-979A6A3C9B12}" = rport=137 | protocol=17 | dir=out | app=system |
"{A60A6F0E-7F62-4AF1-92F3-B065688DAAA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFAD6D2A-F151-4FA4-BE10-201AD95F52C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B6ADB83D-B14C-4515-9C73-D9F1FF5B9328}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B92DBD7D-B35F-4C91-A42B-E585E5812A7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0339EE6-EB1C-463C-BD7A-A48BEE004E83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C577AF0C-C835-4208-A256-CB25FFF5BEAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5FD4150-E3CA-499B-95D9-56D7CD8921F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C9912A56-EE10-4848-A98A-F9DFD1160B0F}" = lport=139 | protocol=6 | dir=in | app=system |
"{EF5A756B-C8F0-430C-8409-78063C771F07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F13E3F99-B71C-4FF4-9C52-ACC0AA806F9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAC6EB77-4258-4749-BB05-6B464AAB0B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD1B919-8351-4F13-9666-B24A4C48D81A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10C57118-DEFB-4D65-A2DE-D8BE280B29E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12C2E9CF-77A3-459C-8C10-D279A80775C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2432F66B-2838-4295-92C6-674F6E379284}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2609F2F3-4E75-4D82-B111-4D1796049279}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29FDFE04-3D4E-45A4-A01F-F0E99ACF707F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2D1111E4-28CF-46FB-83AD-F696AB5F8967}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35888EE2-381A-47F4-9BD9-418C8230FB54}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3776A326-283E-4268-A545-2208E8CD8A30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{452221AF-70F1-4216-80C2-EBD82E9CDE77}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4A801EF0-3A18-4FB5-A818-072678066BB8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{5104AF8D-4EB3-4A67-A448-03D1FE84B1A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54C1E70F-7F5B-4A05-AAC4-3A6C3D953A59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{59DA9F60-43F8-4AD8-9BBD-20DD5833BA73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E7BBECD-EECE-4AF0-A642-D1868F7FCA5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61815BB3-8697-4D67-BDFC-3088F2A17FF2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{65011983-B5BC-4D77-9B68-51315AD64027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{699234E4-D765-4A78-B289-8B990F7C0191}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D3AC6D7-DB32-4E47-95F1-A878779F4C37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71C6A8F6-1334-42EC-A769-F5C79DE260FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{75695691-51F7-4C7E-B6A7-16BCB31D3D44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7F78F448-A522-4C73-989F-8343AA559710}" = protocol=6 | dir=out | app=system |
"{7FF1CECF-82D7-4886-B781-81FDB7DDAEE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{88EF47C0-AA63-4DB8-A20D-2191014F3EE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E8F95C6-D7D9-4074-B1DE-DF83ABEBF250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98CB5CAC-DEFB-4243-9221-C5DCED6F7BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A3D7C341-FA02-47E2-8567-3DA1E7276A9F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B4E8F4A0-5981-4B97-BD12-86940F071033}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B81EB3B0-46D3-4E17-BE20-D6130C587E49}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BD7BD756-462E-4F1F-80FA-5652EEAD7C61}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D358106E-0FC2-4542-B122-09001DD5211D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFBF3223-21CE-4ADB-B5B6-C694AD1A7A31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E674EF7F-67D7-46F5-BCFB-0257397AB64F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E986BC44-1E9C-4FF7-AFC6-F3A5E77650C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F21AEC34-D175-478A-8615-F6D0C9C4A6FC}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2F7DFB21-184B-4959-B23A-18070B3D3B45}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"TCP Query User{38EE2315-0374-40CD-9162-F65E7515E93F}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3EDB9376-6479-4D1A-8235-009E55011B9A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{60B68C0C-356D-4735-83B2-74C62DCD312D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{627DE985-DA09-4547-9184-12E1B8B99D92}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe |
"TCP Query User{7F62A073-9A3F-4CD8-9F82-F4DB5BB65D0F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{D72A20BD-E1D9-4AF6-84FD-C8E41B6D8252}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"TCP Query User{FCC016DB-4334-4042-9E36-D8593C26DAF3}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"UDP Query User{04AA899B-87CB-4A90-855F-15289511D72B}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{0868BA7E-6B33-4822-8417-C5C5936069BA}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe |
"UDP Query User{16F4CC8D-822D-4F17-B57E-EE0BC1FCCCC0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{301515C5-6124-45AA-BD2C-1E627671592A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
"UDP Query User{88BB1EC1-0A05-4D72-B19B-D2F752B9A43B}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"UDP Query User{B0D8D767-4E06-4394-9736-9DCC4CDFD2E5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B7746CDA-611B-4E1F-97AB-1632087A03FD}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe |
"UDP Query User{D546018A-D0D8-44C4-822E-9EFE48DD20FB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A43014F4-44F8-4539-8F87-C8471CB810B1}" = Cisco AnyConnect Secure Mobility Client
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B87F4F22-611D-403C-A2A0-55426DE07509}" = pdfforge Toolbar v6.1
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.3.2
"KaloMa_is1" = KaloMa 5.00beta20100607
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"McAfee Security Scan" = McAfee Security Scan Plus
"MozBackup" = MozBackup 1.5
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PremElem80" = Adobe Premiere Elements 8.0
"RealPlayer 12.0" = RealPlayer
"splashtop" = VAIO Quick Web Access
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO screensaver" = VAIO screensaver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.8
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19.03.2013 08:29:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CVerifyServerName::VerifyCertName File: .\Certificates\VerifyServerName.cpp
Line:
150 Certificate name verification has failed. Server Name: 132.176.101.101 Common Name(s):
webvpn.fernuni-hagen.de
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: COpenSSLCertUtils::VerifyCertName File: .\Certificates\OpenSSLCertUtils.cpp
Line:
1310 Invoked Function: CVerifyServerName::VerifyCertName Return Code: -31391725 (0xFE210013)
Description:
CERTIFICATE_ERROR_VERIFY_NAME_FAILED
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391725
(0xFE210013) Description: CERTIFICATE_ERROR_VERIFY_NAME_FAILED server name: 132.176.101.101
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 19.03.2013 08:30:24 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 19.03.2013 08:30:26 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1336 NULL object. Cannot establish a connection at this time.
Error - 19.03.2013 08:34:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 19.03.2013 08:34:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 19.03.2013 08:34:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
[ OSession Events ]
Error - 02.03.2013 05:44:41 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 56203
seconds with 7620 seconds of active time. This session ended with a crash.
Error - 02.03.2013 14:05:06 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30004
seconds with 5760 seconds of active time. This session ended with a crash.
< End of report >
|
|
| Themen zu AntiVir meldet TR/Rogue.kdv.901925 |
| antivir, antivir meldet, benötige, beseitigen, dringend, escan, festplatte, gefährliche, gefährlichen, hoffe, liebe, lieben, löschen, melde, meldet, platte, rechner, troja, trojaner, virus, wirklich |
Linear-Darstellung
