|
Plagegeister aller Art und deren Bekämpfung: Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.06.2013, 07:55 | #1 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? Hallo, seit gestern nachmittag habe ich Probleme mit meinem Laptop. Zuvor funktionierte alles ganz normal, nach dem ich ihn auf der Arbeit heruntergefahren habe und zu Hause wieder angeschaltet hab, wurde keine Webseite mehr geladen, Fehlermeldung: Chrome konnte keine Verbindung zu....herstellen. Nachdem ich an einem anderen PC im Netz gesucht habe, was das Problem sein könnte, bin ich mir nun nicht mehr sicher, ob ich mir nicht irgendetwas eingefangen hab. Ich hatte Avast laufen, bin aber dann drauf gekommen, dass sich Webseiten wieder laden, wenn ich ihn abschalte. Ich hatte mir Malwarebytes runtergeladen und installiert, aber der ist jedesmal abgestürzt. Dann hab ich versucht Avast erstmal zu deinstallieren, dagegen hatte er sich gestern erstmal gewehrt, das hat aber jetzt nach einem Neustart geklappt. CCleaner hab ich auch laufen lassen. Inzwischen hab ich Avira installiert und Malwarebytes hat es tatsächlich jetzt geschafft mal durchzulaufen und jetzt gerade folgendes gefunden: PUP.InstallBrain Wie soll ich weiter vorgehen? Will jetzt nichts (mehr) falsch machen.... |
12.06.2013, 09:53 | #2 |
/// Malware-holic | Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? hi,
__________________1. alle Malwarebytes Logs mit Funden posten: http://www.trojaner-board.de/125889-...en-posten.html 2. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
12.06.2013, 10:15 | #3 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? okay, hier erstmal das log von Malwarebytes
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.12.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 [Administrator] 12.06.2013 08:37:13 mbam-log-2013-06-12 (08-37-13).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211928 Laufzeit: 10 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
12.06.2013, 10:44 | #4 |
/// Malware-holic | Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? ja, aber hier auch, alle Fundmeldungen posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2013, 10:54 | #5 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? so, hier mal der Bericht von Avira: Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 12. Juni 2013 09:09 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : SABINE-VAIO Versionsinformationen: BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00 AVSCAN.EXE : 13.6.0.1262 636984 Bytes 15.04.2013 18:23:10 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 07.12.2012 07:39:19 LUKE.DLL : 13.6.0.1262 65080 Bytes 15.04.2013 18:31:37 AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 15.04.2013 18:23:21 AVREG.DLL : 13.6.0.1262 247864 Bytes 15.04.2013 18:22:59 avlode.dll : 13.6.2.1262 432184 Bytes 15.04.2013 18:22:38 avlode.rdf : 13.0.0.38 15231 Bytes 22.03.2013 10:51:36 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:00:13 VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 09:00:13 VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 09:00:13 VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 09:00:13 VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 09:00:13 VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 09:00:13 VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 09:00:13 VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 09:00:13 VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 09:00:13 VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 09:00:13 VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 09:00:13 VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 09:00:13 VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 09:00:13 VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 09:00:13 VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 12:02:18 VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 09:17:03 VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 09:17:03 VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 08:19:36 VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 14:06:38 VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 11:30:42 VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 11:30:42 VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 11:30:42 VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 14:13:50 VBASE023.VDF : 7.11.73.59 204288 Bytes 18.04.2013 11:13:10 VBASE024.VDF : 7.11.73.60 2048 Bytes 18.04.2013 11:13:10 VBASE025.VDF : 7.11.73.61 2048 Bytes 18.04.2013 11:13:10 VBASE026.VDF : 7.11.73.62 2048 Bytes 18.04.2013 11:13:10 VBASE027.VDF : 7.11.73.63 2048 Bytes 18.04.2013 11:13:10 VBASE028.VDF : 7.11.73.64 2048 Bytes 18.04.2013 11:13:10 VBASE029.VDF : 7.11.73.65 2048 Bytes 18.04.2013 11:13:10 VBASE030.VDF : 7.11.73.66 2048 Bytes 18.04.2013 11:13:10 VBASE031.VDF : 7.11.73.102 38912 Bytes 18.04.2013 11:13:10 Engineversion : 8.2.12.28 AEVDF.DLL : 8.1.2.10 102772 Bytes 29.11.2012 10:25:33 AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 14:06:52 AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 14:54:32 AESBX.DLL : 8.2.5.12 606578 Bytes 29.11.2012 10:25:33 AERDL.DLL : 8.2.0.88 643444 Bytes 25.01.2013 08:24:59 AEPACK.DLL : 8.3.2.6 827767 Bytes 28.03.2013 12:20:31 AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 13:58:35 AEHEUR.DLL : 8.1.4.286 5845369 Bytes 11.04.2013 14:06:52 AEHELP.DLL : 8.1.25.2 258423 Bytes 29.11.2012 10:25:30 AEGEN.DLL : 8.1.7.2 442741 Bytes 26.03.2013 14:54:32 AEEXP.DLL : 8.4.0.20 192886 Bytes 15.04.2013 11:30:56 AEEMU.DLL : 8.1.3.2 393587 Bytes 29.11.2012 10:25:29 AECORE.DLL : 8.1.31.2 201080 Bytes 25.02.2013 14:47:15 AEBB.DLL : 8.1.1.4 53619 Bytes 29.11.2012 10:25:29 AVWINLL.DLL : 13.6.0.480 26480 Bytes 25.01.2013 08:25:06 AVPREF.DLL : 13.6.0.480 51056 Bytes 25.01.2013 08:25:03 AVREP.DLL : 13.6.0.480 178544 Bytes 25.01.2013 08:25:03 AVARKT.DLL : 13.6.0.1262 258104 Bytes 15.04.2013 18:21:18 AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 15.04.2013 18:22:27 SQLITE3.DLL : 3.7.0.1 397704 Bytes 25.01.2013 08:25:19 AVSMTP.DLL : 13.6.0.480 62832 Bytes 25.01.2013 08:25:04 NETNT.DLL : 13.6.0.480 16240 Bytes 25.01.2013 08:25:15 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 07.12.2012 07:39:21 RCTEXT.DLL : 13.6.0.976 69344 Bytes 08.03.2013 13:58:59 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: c:\program files (x86)\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Mittwoch, 12. Juni 2013 09:09 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '156' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnagent.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'WLANExt.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'NvXDSync.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '97' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '208' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'Ath_CoexAgent.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'adminservice.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'RIconMan.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgr.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'VCFw.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'VcmIAlzMgr.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'VAIO Gate.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'cAudioFilterAgent64.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'BtvStack.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'AthBtTray.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'Apoint.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'wmdc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '99' Modul(e) wurden durchsucht Durchsuche Prozess 'NokiaSuite.exe' - '194' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'SpfService64.exe' - '41' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '96' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'VSNService.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'VSNClient.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'ApMsgFwd.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'ISBMgr.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'PMBVolumeWatcher.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnui.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '113' Modul(e) wurden durchsucht Durchsuche Prozess 'Apvfb.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'Apntex.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'ServiceLayer.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'NclUSBSrv64.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '119' Modul(e) wurden durchsucht Durchsuche Prozess 'NclMSBTSrvEx.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'VAIOUpdt.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'VUAgent.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '103' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'iviRegMgr.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'VCPerfService.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'listener.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'SOHDs.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'SOHCImp.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'uCamMonitor.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSystemTray.exe' - '123' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '100' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '126' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'prevhost.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'WINWORD.EXE' - '118' Modul(e) wurden durchsucht Durchsuche Prozess 'splwow64.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'POWERPNT.EXE' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSystemTray.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'chrome.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'AcroRd32.exe' - '97' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSystemTray.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSystemTray.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '71' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2800' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' [0] Archivtyp: RSRC --> C:\Users\Sabine\AppData\Roaming\Dropbox\bin\Dropbox.exe [1] Archivtyp: RSRC --> C:\Program Files (x86)\PC Connectivity Solution\WUDFUpdate_01009.dll [2] Archivtyp: RSRC --> C:\Users\Sabine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\2356a449-5f356537 [3] Archivtyp: ZIP --> VrJrzI.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.NS [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> UWhfAU.class [FUND] Enthält Erkennungsmuster des Exploits EXP/2012-1723.ES [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> asrVnO.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.NT [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> cEWCR.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.NV [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> ewpxAUl.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.KY [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> FpoRyv.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.NW [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> Ila.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.NX [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> kWXXT.class [FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.O [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> lVFVd.class [FUND] Enthält Erkennungsmuster des Exploits EXP/4681.AG [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> OWAmOvNRW.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.NU [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden --> TpOQkVyWc.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.MT [WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden C:\Users\Sabine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\2356a449-5f356537 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.MT Beginne mit der Desinfektion: C:\Users\Sabine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\2356a449-5f356537 [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.MT [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58c6e6a6.qua' verschoben! Ende des Suchlaufs: Mittwoch, 12. Juni 2013 11:50 Benötigte Zeit: 2:40:07 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 28884 Verzeichnisse wurden überprüft 551847 Dateien wurden geprüft 12 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 551835 Dateien ohne Befall 4695 Archive wurden durchsucht 11 Warnungen 1 Hinweise 806055 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden so, hier nun OTL Bericht: Code:
ATTFilter OTL logfile created on: 12.06.2013 12:09:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sabine\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 53,80% Memory free 7,96 Gb Paging File | 5,62 Gb Available in Paging File | 70,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,06 Gb Total Space | 471,05 Gb Free Space | 80,93% Space Free | Partition Type: NTFS Drive E: | 3,80 Gb Total Space | 3,79 Gb Free Space | 99,92% Space Free | Partition Type: FAT32 Computer Name: SABINE-VAIO | User Name: Sabine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.12 11:19:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sabine\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sabine\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.04.04 11:22:39 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.21 18:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.12.19 10:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2012.10.12 15:02:44 | 000,054,760 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2012.08.17 10:38:52 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.08.17 10:38:24 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.08.06 14:27:08 | 000,062,464 | ---- | M] () -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.04.24 08:02:08 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe PRC - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe PRC - [2011.02.15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.05.16 12:46:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.16 12:46:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.16 12:45:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.01.10 13:08:32 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll MOD - [2013.01.10 13:08:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll MOD - [2013.01.10 12:56:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 12:55:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 12:55:19 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 12:55:11 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 12:54:58 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.12.21 18:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll MOD - [2012.12.21 18:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll MOD - [2012.12.21 18:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.12.21 18:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.12.21 18:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.12.21 18:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.12.21 18:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.12.21 18:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.12.21 18:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.12.21 18:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.12.21 18:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.12.21 18:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.12.21 18:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.12.21 18:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.12.21 18:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll MOD - [2012.12.21 18:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll MOD - [2012.12.21 18:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll MOD - [2012.12.21 18:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll MOD - [2012.12.21 18:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.12.21 16:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.12.21 16:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll MOD - [2012.12.21 16:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.06 14:27:08 | 000,062,464 | ---- | M] () -- C:\Programme\Sony\VAIO Care\listener.exe MOD - [2011.09.06 15:14:42 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.08.06 14:27:08 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2013.06.11 22:19:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.25 16:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.25 16:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012.11.29 10:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.10.12 15:02:44 | 000,054,760 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.08.17 10:38:24 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.03.30 13:27:14 | 000,237,328 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe -- (McComponentHostServiceSony) SRV - [2011.08.12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2011.07.19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService) SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.04.29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.04.24 08:02:08 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.03.29 08:13:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.06 16:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.26 16:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.26 16:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.11.09 16:33:30 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012.11.09 16:33:30 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.11.09 16:33:30 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.10.17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.17 10:30:22 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.08.17 10:29:24 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.07.28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.20 17:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.06.21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.04.29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.04.29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.04.29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.04.29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.04.29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.04.29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.04.29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.04.29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.04.29 17:19:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.03.29 08:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.29 08:15:05 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011.03.29 05:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2007.04.17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{43BC01C1-13FB-4588-B33D-A73B9ACCE8B0}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{B9BB60E4-803E-4D51-B46D-165E3ADB6371}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.7.0.3 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={396DB6CB-268F-11E2-8828-78843CF86237}&src=2&crg=3.1010000.10025&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={396DB6CB-268F-11E2-8828-78843CF86237}&src=2&crg=3.1010000.10025&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.23 14:21:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 20:04:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.30 10:05:46 | 000,000,000 | ---D | M] [2012.01.18 20:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Extensions [2013.06.11 16:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\mcv1w1a9.default\extensions [2013.06.11 16:49:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\mcv1w1a9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.26 16:08:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\mcv1w1a9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.19 18:43:33 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Sabine\AppData\Roaming\mozilla\Firefox\Profiles\mcv1w1a9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.08.23 15:57:51 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\extensions\ciuvo-extension@icq.de.xpi [2012.09.25 20:20:28 | 000,054,396 | ---- | M] () (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\extensions\pricepeep@getpricepeep.com.xpi [2012.12.01 20:08:48 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.11 16:49:20 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.11.03 15:12:17 | 000,000,950 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin-1.xml [2012.07.13 16:21:12 | 000,000,950 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin-2.xml [2012.07.28 14:37:23 | 000,000,950 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin-3.xml [2012.08.04 15:52:50 | 000,000,950 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin-4.xml [2012.09.05 10:30:53 | 000,000,950 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin-5.xml [2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin.gif [2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin.src [2012.06.27 10:16:49 | 000,001,056 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\icqplugin.xml [2012.11.04 16:52:25 | 000,003,915 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\mozilla\firefox\profiles\mcv1w1a9.default\searchplugins\sweetim.xml [2012.12.01 20:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 17:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions [2012.11.02 17:18:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.01.23 14:21:40 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.11.29 10:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:home CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: WOT = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\ CHR - Extension: YouTube = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Zotero Connector = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc\3.0.8.1_0\ CHR - Extension: AdBlock = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: avast! Online Security = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Arovax AntiSpyware] C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe (Arovax) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKCU..\Run: [DIMUpdate wird heruntergeladen...1338924290338] "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\PHOTO-PAINT\DIM.exe" "c:\programdata\corel\downloads\540240626_410003\1338924290338\dim_params.xml" -Launch=3 -uibase="c:\users\sabine\appdata\roaming\corel\messages\540240626_410003\de\messagecache1\workflow" File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sabine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8553E4F-EC0A-4E94-918C-DCB010C78FBE}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b87ad871-36e5-11e2-9ee1-78843cf86237}\Shell - "" = AutoRun O33 - MountPoints2\{b87ad871-36e5-11e2-9ee1-78843cf86237}\Shell\AutoRun\command - "" = E:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.12 11:19:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sabine\Desktop\OTL.exe [2013.06.12 08:30:01 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\Avira [2013.06.12 08:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.12 08:24:16 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.06.12 08:24:16 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.06.12 08:24:16 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.06.12 08:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.12 08:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.11 23:05:09 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\xp-AntiSpy [2013.06.11 23:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy [2013.06.11 22:50:47 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\PerformerSoft [2013.06.11 22:50:46 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2013.06.11 22:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013.06.11 22:50:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Performer [2013.06.11 22:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Arovax [2013.06.11 22:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arovax AntiSpyware [2013.06.11 22:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arovax AntiSpyware [2013.06.11 22:49:55 | 003,599,329 | ---- | C] (Arovax Software) -- C:\Users\Sabine\Desktop\aas_2.1_setup_153.exe [2013.06.11 22:37:11 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\Malwarebytes [2013.06.11 22:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.11 22:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.11 22:36:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.06.11 22:36:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.11 19:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.06.11 19:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.06.11 19:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.06.11 17:13:08 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Local\Programs [2013.06.08 21:09:08 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.05.20 12:25:45 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Desktop\Ausmalbilder [2013.05.15 14:13:06 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\IsolatedStorage [2013.05.15 14:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2013.05.15 14:12:53 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Local\_ [2013.05.13 16:46:16 | 000,000,000 | ---D | C] -- C:\Users\Sabine\My Downloads [2013.05.13 16:45:18 | 000,000,000 | ---D | C] -- C:\Users\Sabine\AppData\Roaming\FreeTorrentViewer [2013.05.13 16:45:00 | 000,000,000 | ---D | C] -- C:\Users\Sabine\Local Settings [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.12 12:13:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.12 11:20:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.12 11:19:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sabine\Desktop\OTL.exe [2013.06.12 11:13:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.12 08:41:48 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 08:41:48 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.12 08:33:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.12 08:33:49 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2013.06.12 08:24:39 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.12 08:22:34 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013.06.12 08:22:34 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.06.11 23:05:10 | 000,001,917 | ---- | M] () -- C:\Users\Sabine\Desktop\xp-AntiSpy.lnk [2013.06.11 23:04:57 | 000,427,218 | ---- | M] () -- C:\Users\Sabine\Desktop\xp-AntiSpy_setup-deutsch_3.98-2.exe [2013.06.11 22:50:44 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\PC Performer.lnk [2013.06.11 22:50:24 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Arovax AntiSpyware.lnk [2013.06.11 22:50:05 | 003,599,329 | ---- | M] (Arovax Software) -- C:\Users\Sabine\Desktop\aas_2.1_setup_153.exe [2013.06.11 22:37:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.11 19:51:16 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.11 19:51:16 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.11 19:51:16 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.11 19:51:16 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.11 19:51:16 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.10 18:02:05 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sabine.job [2013.06.09 09:56:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.06.08 22:39:01 | 000,001,502 | ---- | M] () -- C:\Users\Sabine\Desktop\Registry backup.reg [2013.06.01 11:51:25 | 000,001,053 | ---- | M] () -- C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.01 11:51:14 | 000,001,023 | ---- | M] () -- C:\Users\Sabine\Desktop\Dropbox.lnk [2013.05.16 12:40:27 | 000,423,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.12 08:24:39 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.06.11 23:05:10 | 000,001,917 | ---- | C] () -- C:\Users\Sabine\Desktop\xp-AntiSpy.lnk [2013.06.11 23:04:54 | 000,427,218 | ---- | C] () -- C:\Users\Sabine\Desktop\xp-AntiSpy_setup-deutsch_3.98-2.exe [2013.06.11 22:50:54 | 000,000,278 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.06.11 22:50:53 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\PC Performer_UPDATES.job [2013.06.11 22:50:44 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\PC Performer.lnk [2013.06.11 22:50:24 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Arovax AntiSpyware.lnk [2013.06.11 22:37:03 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 15:09:10 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2013.02.06 11:48:19 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2013.02.06 11:48:00 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\hpcc3130.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.12 09:30:25 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Dropbox [2013.05.13 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\FreeTorrentViewer [2012.11.04 18:42:24 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\GinyasBrowserCompanion [2012.11.04 16:52:30 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\ICQ [2012.05.25 18:51:48 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\ICQ Search [2013.04.22 18:53:24 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\iolo [2013.05.15 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\IsolatedStorage [2012.07.31 22:01:04 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Nokia [2013.01.29 20:07:54 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Notepad++ [2012.07.31 21:37:43 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\PC Suite [2013.06.11 22:50:47 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\PerformerSoft [2012.09.20 12:20:07 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\QuickScan [2013.01.02 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\RavensburgerTipToi [2011.12.24 21:36:17 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Windows Live Writer [2013.01.31 12:48:23 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Zotero ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.03.01 10:19:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.06.12 08:33:48 | 000,000,000 | ---D | M] -- C:\avast! sandbox [2011.09.06 05:48:51 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.12.24 20:16:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.02.06 11:47:29 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver [2011.09.06 05:31:06 | 000,000,000 | ---D | M] -- C:\Intel [2012.02.01 14:26:19 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.15 14:15:11 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.12 08:23:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.12 09:09:17 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.12.24 20:16:19 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.06 06:18:50 | 000,000,000 | -H-D | M] -- C:\SPLASH.000 [2011.09.06 06:18:29 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS [2013.06.12 12:12:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.06 06:23:10 | 000,000,000 | ---D | M] -- C:\temp [2013.02.10 15:09:42 | 000,000,000 | ---D | M] -- C:\Update [2011.12.24 21:16:03 | 000,000,000 | R--D | M] -- C:\Users [2011.12.24 21:50:15 | 000,000,000 | ---D | M] -- C:\VAIO Entertainment [2011.09.06 06:23:21 | 000,000,000 | ---D | M] -- C:\VAIO Sample Contents [2013.06.12 08:36:45 | 000,000,000 | ---D | M] -- C:\Windows [2012.12.18 10:13:56 | 000,000,000 | ---D | M] -- C:\Wow [2011.09.06 05:48:54 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.11 19:30:28 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.11.04 18:58:06 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.11.04 18:58:07 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.02.25 15:46:44 | 000,000,454 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Sabine.job [2013.06.11 22:50:53 | 000,000,286 | ---- | C] () -- C:\Windows\Tasks\PC Performer_UPDATES.job [2013.06.11 22:50:54 | 000,000,278 | ---- | C] () -- C:\Windows\Tasks\PC Performer_DEFAULT.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.07.13 03:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.07.13 03:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.07.13 03:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.07.13 03:21:47 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.07.13 03:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.07.13 03:21:47 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys [2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_5b314ccea0aa569d\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.12 12:26:26 | 003,145,728 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat [2013.06.12 12:26:26 | 000,262,144 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat.LOG1 [2011.12.24 21:16:09 | 000,000,000 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat.LOG2 [2011.12.24 23:46:33 | 000,065,536 | -HS- | M] () -- C:\Users\Sabine\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.12.24 23:46:33 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.12.24 23:46:33 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.05.24 00:15:36 | 000,065,536 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{7a7e6ac9-c3d3-11e2-a8ba-78843cf86237}.TM.blf [2013.05.24 00:15:36 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{7a7e6ac9-c3d3-11e2-a8ba-78843cf86237}.TMContainer00000000000000000001.regtrans-ms [2013.05.24 00:15:36 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{7a7e6ac9-c3d3-11e2-a8ba-78843cf86237}.TMContainer00000000000000000002.regtrans-ms [2012.09.30 22:43:18 | 000,065,536 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{8cb5d579-0ac8-11e2-b2c0-8d853a3bb30c}.TM.blf [2012.09.30 22:43:18 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{8cb5d579-0ac8-11e2-b2c0-8d853a3bb30c}.TMContainer00000000000000000001.regtrans-ms [2012.09.30 22:43:18 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{8cb5d579-0ac8-11e2-b2c0-8d853a3bb30c}.TMContainer00000000000000000002.regtrans-ms [2013.06.08 22:21:37 | 000,065,536 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{a48e2328-d077-11e2-a6ef-78843cf86237}.TM.blf [2013.06.08 22:21:37 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{a48e2328-d077-11e2-a6ef-78843cf86237}.TMContainer00000000000000000001.regtrans-ms [2013.06.08 22:21:37 | 000,524,288 | -HS- | M] () -- C:\Users\Sabine\ntuser.dat{a48e2328-d077-11e2-a6ef-78843cf86237}.TMContainer00000000000000000002.regtrans-ms [2011.12.24 21:16:09 | 000,000,020 | -HS- | M] () -- C:\Users\Sabine\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
12.06.2013, 11:42 | #6 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? und Extra.txt Code:
ATTFilter OTL Extras logfile created on: 12.06.2013 12:09:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sabine\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 53,80% Memory free 7,96 Gb Paging File | 5,62 Gb Available in Paging File | 70,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,06 Gb Total Space | 471,05 Gb Free Space | 80,93% Space Free | Partition Type: NTFS Drive E: | 3,80 Gb Total Space | 3,79 Gb Free Space | 99,92% Space Free | Partition Type: FAT32 Computer Name: SABINE-VAIO | User Name: Sabine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04682D6E-9194-4FDA-9CED-C87C0F7CCF19}" = lport=445 | protocol=6 | dir=in | app=system | "{16F0596C-472A-44F1-987D-991CB4C5704A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1C3B0A23-9AEF-4F7D-B939-0347EEE5A7DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1E32D978-D26B-4F08-A7C5-278195962C59}" = lport=139 | protocol=6 | dir=in | app=system | "{2534EA55-25B3-4193-9C43-F2611A43FA43}" = rport=139 | protocol=6 | dir=out | app=system | "{2910F519-DBD6-4310-A4EF-D33CFD18D322}" = rport=445 | protocol=6 | dir=out | app=system | "{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{335906CC-594E-44F2-9036-EEA7D2A62C3D}" = lport=138 | protocol=17 | dir=in | app=system | "{3B903B89-2F76-4226-A92A-4CDDB14353E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3E990AC8-F0A0-4DB6-8A25-2C7412221E6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4571A56D-5D3A-4256-91F9-9CA0956747F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{481822C5-645F-46F9-A79B-4A03FFE03646}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A6A4CDF-93A9-4EE0-9127-CC484F30B757}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5C17FFA3-4F2F-4955-859B-1FD905AF82EE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{64171365-47CF-4EBE-8E65-073B65939F5A}" = rport=10243 | protocol=6 | dir=out | app=system | "{67ACA84A-233B-43BE-B917-9683D48B289E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6E4E76A3-0AF6-4F82-B220-E6888E4B70D6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{6E87BCC5-FBEC-4D14-B6A6-5635ABB28B92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{77798BD3-F205-44F0-AB19-C3B0808CD1AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7A53A647-F6B1-40F9-83DF-DADA96AB26A5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7E868C80-0B91-4196-B086-56519816D5E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{82580085-E221-4DC3-9CEA-6CAB85CE0A17}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{82A2796D-2DCD-486A-B09F-474BFB794F66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8A54D234-7EED-43F0-8A4F-F06AECFEAF06}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{99FB0A36-851C-4CFB-BA09-183C2EC6305D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9A47ADE1-740D-45BA-BFEE-1ED9A037E5BE}" = lport=2869 | protocol=6 | dir=in | app=system | "{9A6DB67B-ED5B-4FF4-992A-D4902920EC73}" = rport=138 | protocol=17 | dir=out | app=system | "{A02684E4-A2DD-47D2-B635-889CC94A752F}" = rport=137 | protocol=17 | dir=out | app=system | "{A0C04190-186E-40CE-B66E-BC025A1E0036}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe | "{A62E850F-E341-44E2-B58E-217C422DC8C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B647D308-7B96-4994-BD1B-49533AD41B4B}" = lport=137 | protocol=17 | dir=in | app=system | "{C25578EE-244F-4F45-9BAD-995588A14324}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D087F2A3-E773-4838-A5FD-920B035CBF62}" = lport=10243 | protocol=6 | dir=in | app=system | "{E1524197-B757-4C26-90F1-F44FD8476602}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{E59CBEA6-6DF0-4DC3-B4F3-08907F3DAE79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{EECE1108-CC19-4DEB-8271-62647E9ED74C}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AB2AD7-43CD-48EC-BE59-152BBF6C1BD0}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{04472324-8E70-47CC-8F98-AB09F1FEC774}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{0B85A101-48F9-488F-A859-A6447EE50004}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0DFBEBC6-101A-43DF-9679-54C92486F48A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{123CFC11-786E-4009-B3C9-8546ACE88458}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{14F0C115-A5D8-4582-AE6D-9C7D747A03F6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1FFA75DF-FA66-4953-8B80-07FF1CB89A5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{211B1048-A1D1-4CD8-8159-E294095B7E12}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{275BF839-24E2-4322-A6F3-209642CC89D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2957A0A7-B7CC-484E-B714-6909BBE54A4E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{2BD54C05-69AA-4E91-A386-97A8D17A12A7}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe | "{2D0F0A68-C183-436C-99BC-E9B06169B216}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{31698AA8-8C2C-4895-B605-8885EC75F4FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{370B4999-494F-4B0E-9FC9-1975ED33675A}" = dir=in | app=c:\users\sabine\appdata\local\microsoft\skydrive\skydrive.exe | "{3E1AE3DE-5B4E-4436-B4B0-6788CC1184AC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{3F8A9F7A-9DD2-448D-A367-72B41079CA9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4074E7B4-6CBC-4B1E-A5A6-04665762A117}" = protocol=17 | dir=in | app=c:\users\sabine\appdata\roaming\dropbox\bin\dropbox.exe | "{44706F2A-543E-400F-B59E-11BAF966DE88}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{521CB336-8FED-4664-8260-21D17AF3981E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{545D28AF-5F6D-418A-869C-F90450ADF7DA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{57EA5446-A278-416E-8DA9-5E7216E36471}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{59B81B48-D1C7-4AA2-BCCD-57D467CC1788}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe | "{60260034-B243-44EA-A4A3-AB26CE525987}" = protocol=6 | dir=in | app=c:\users\sabine\appdata\roaming\dropbox\bin\dropbox.exe | "{69D23672-828B-4C4A-AE7A-E499F17AC5DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6DE7209F-3ACE-4826-A354-271C2122FCF5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7084F836-0347-4324-B032-098AA1DC745B}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{75225A1B-61FE-4B48-9E06-11DA85033CAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7540E8A2-A39C-43E0-9BA7-30C50F119DEA}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7607F973-0BDC-4DEC-9459-E22A35E7EB76}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{838A3C19-78EB-48F5-B83F-C13A311F5948}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{898B8231-8552-4E9D-9F0D-22E94CB88411}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{8A5A7ED2-6373-41D0-AC88-9733DBA77415}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9EF564B1-EBEC-4657-9147-2187349EE3B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9FBC7748-AEA6-4224-B7A7-631C0A70C4F3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{AB4892DA-C13C-4521-8968-E930ED53C3E5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B10F69BD-6C2D-44B3-9A62-C70AD611C430}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{B3C76FEC-D662-47A1-ACEB-DA5834DED091}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C18D8F0C-9DAE-431D-8F26-466D40DDA613}" = protocol=6 | dir=out | app=system | "{C5FC26D6-4F80-42CF-AF2C-949B2FF3E08E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C88C0057-5B13-434E-B005-1B4601669E34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{C9C0C8F5-7379-422E-8FFB-D2C6553FFA9B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{CB06E252-368B-4804-8107-168BFBA91E02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{DA150018-CEAD-417C-886C-BD21E55BD827}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DB2DE0D9-372D-42A1-8444-A5E4EAF4A916}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DCE2A952-C6D2-453C-89CE-393D7DBEA360}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | "{E52BBD90-5192-400F-8997-A871BEE19A87}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{E53430C4-3E47-4E41-A134-C9DFF1FF38C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7BD1861-FA50-4422-B4EC-8BDE67240054}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | "{F067753A-E306-4E4F-8E4C-438741474237}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{F4D9338A-9A0A-4320-8FB0-33F8B980768D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{F63C0FB0-C211-4FFF-AC0F-77A14FD8C20C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FBAA8F1C-EFD3-410B-9A3C-09B41022FC59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{FF0E7364-BE0B-4B34-B80C-5F9C09B73EB7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{2A157CAE-4044-4CEA-8BEC-8BD116ACE237}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{8B036BA8-5B36-49B5-AF88-6A2D161B9D21}C:\users\sabine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sabine\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{AE7A5BDF-EF56-41DB-8F87-1E4A6B475BBE}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{AF33B544-EF43-4E58-A9BB-BE8CD8CB0E46}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{D698731A-B55E-4F9F-AEC0-F81EF0A1C193}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | "UDP Query User{0CB05E65-D14F-411F-8F4D-87E2DB822612}C:\users\sabine\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sabine\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{3811CD56-881F-4CBE-82F5-4D2058F32ED7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{8CDE4B91-1496-47E1-984A-60C33A79C4F5}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{B4274E35-2013-4F84-9D01-DC748809FD97}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{FFAE85F8-0F25-4CD1-B644-F95D3B9C213D}C:\program files (x86)\freetorrentviewer\freetorrentviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freetorrentviewer\freetorrentviewer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery "{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit) "{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64 "{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.31 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.31 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}" = VAIO Care "{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64 "{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "{FD868C71-6CCF-42E2-B90D-0504AB0036FE}" = 64 Bit HP CIO Components Installer "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00476F3E-3C4D-4E02-B8BB-125350157EB9}" = Windows Live Mail "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger "{03426ED9-9D9C-4F71-B293-BBE6493367A2}" = Windows Live Mail "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{03E2EED4-368D-49EA-B1AC-8B615E37E16D}" = Windows Live Messenger "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{046885A1-B4AE-4459-A0D1-8C93706698D6}" = "{048C8498-C20B-4AF7-9978-7A79E567D74C}" = Photo Common "{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker "{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer "{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3 "{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard "{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail "{0B783100-6F04-4E2F-B83D-0A9B4EEDE47A}" = Windows Live Writer Resources "{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer "{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common "{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common "{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack "{1026DF85-1C0F-4839-888E-EB9D5B73CF46}" = Windows Live Writer "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{115356B4-8E81-43DB-BB2A-19E5ED95FBAF}" = Фотоколекція "{15F32CAE-4504-4F33-89F8-182FF38CA036}" = Windows Live Family Safety "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{182D3167-FE80-4DF6-96C2-84AC0ABA20D8}" = Windows Live Writer Resources "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger "{1A79A578-4277-48AF-98A6-F9E48CF1B6D8}" = Windows Live Writer "{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive "{1D6F9A9A-DCF3-45A7-9B14-46DDA778313F}" = Windows Liven sähköposti "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{207E9B4C-48A9-47CE-BBC8-ACF0B2006351}" = Windows Live Mail "{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{241F87F6-CEA4-4493-B4EE-0973C6088FEC}" = Windows Live Family Safety "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{254F7574-53A7-43D1-BC4D-B1E894AEE175}" = Windows Live Writer "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{262E7632-72F9-4CBE-9461-937F24106EF2}" = Windows Live Essentials "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in "{28B2947F-FC0B-4450-80E3-6DF698E824A6}" = Windows Liven peruspaketti "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker "{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker "{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия) "{2B919309-7052-45A4-B1C8-5B4894E8648B}" = Windows Live Writer "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{31846283-C955-4CE1-9297-8670BD0C9A7E}" = Windows Live Messenger "{32AA7594-09A9-437F-9541-5F760509B752}" = Фотогалерия "{330BBA5F-4A63-4545-900F-8446F205BA52}" = Windows Live Writer Resources "{34C5AD54-3CCD-4935-AB8D-8527058B96F7}" = Windows Live UX Platform Language Pack "{35CB7C2D-B421-46FC-89CF-3B630628876F}" = Windows Live Writer Resources "{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker "{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger "{37FDD121-C443-4FD3-A213-2449B397C068}" = Windows Live Messenger "{381AAE35-6FB5-437E-8DD9-9C5C733943ED}" = Windows Live Family Safety "{38911305-6616-4D26-91DB-AD83B1F2DCF0}" = Windows Live Mail "{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement "{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86 "{3A9ECD64-DE00-4779-A89E-C878513B2B37}" = Windows Live Writer Resources "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F459DA9-0D88-452E-97A4-5B69C8C8C6B5}" = Windows Live Family Safety "{3FD0036E-236A-4EDD-894D-4374BEE64464}" = Windows Live UX Platform Language Pack "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{42B6C7E0-0DAE-488D-8DAF-838898102F19}" = Windows Live Writer "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos "{46A648D2-C097-41A3-A517-E709F045B6CD}" = Movie Maker "{49B666FA-917B-48D7-B81D-E7F829CFC713}" = Windows Live Family Safety "{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials "{49F8A207-E3A3-4DAF-A0CC-9A787F1D8424}" = Windows Live Family Safety "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack "{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E55905B-849D-4633-9267-3EC77E24221A}" = Poczta usługi Windows Live "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common "{50849B2C-097E-47A5-A076-6F11A939E093}" = Windows Live Mail "{51449A7F-4820-4757-9236-87A3BE7B6F27}" = Windows Live Writer "{51EF51B6-0D9F-4977-8F9D-A1E15017D2B7}" = Windows Live Mail "{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents "{55268806-FC27-4CA2-9CCA-1269FD4831FE}" = Windows Live Writer "{56232E3D-7EA9-45E0-A371-26CD80510AF7}" = Windows Live UX Platform Language Pack "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack "{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen "{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3 "{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2 "{6209125A-46C5-4099-96DC-72FD55B07C1C}" = Windows Live Writer Resources "{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker "{62CC9AF4-EDD9-43C8-9856-FFD60362CFA9}" = Windows Live Messenger "{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide "{66DB6D91-BF91-480B-933D-7CB8B1E64D74}" = Windows Live Messenger "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution "{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6DA675F3-B549-4BDE-90FA-BEF8C3B87F00}" = Windows Live Mail "{6EED9925-813E-4E4A-ABAA-9A8744C49510}" = Cisco AnyConnect Secure Mobility Client "{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver "{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{70BF63A5-DE6A-417C-AB93-5E31D0DA994E}" = Windows Live Writer "{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{7211F448-F865-4D37-B905-24D84E6C3E5E}" = Windows Live Writer Resources "{72DFDA9F-C07B-40B6-BA5C-C4C04AFF883D}" = Windows Live Family Safety "{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer "{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur "{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common "{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii "{7607440C-FDCA-4210-9CD9-13D8F0DDAD0C}" = Windows Live Writer Resources "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{76E62ACD-1536-4AC7-9A2E-B7DB4F2ACE5E}" = Windows Live Family Safety "{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer "{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials "{7A83618D-879A-4258-8B5E-5AD8B5F3EDD0}" = Windows Live Writer "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation "{7E41F42B-7ED8-4E15-A492-B93B287C027F}" = Windows Live Writer Resources "{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker "{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack "{8146445E-B14D-4CBA-AB9A-728CF166DAC9}" = Windows Live Messenger "{8176B9CA-F037-49C0-BD77-661B1DDCA6F3}" = Movie Maker "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = "{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in "{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger "{8502F597-4852-48BB-99E5-824AC4C057F0}" = Windows Live Family Safety "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = "{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials "{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail "{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger "{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86 "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{902C4E0E-89CE-43B9-BCC0-F3A91E987F99}" = Windows Live Writer "{9038E0C6-9CB9-4380-8FA3-B6B30FA304CF}" = Основи Windows Live "{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}" = Fotogaléria "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95D78710-DEE9-4577-9FC6-35BE431898DC}" = Windows Live Family Safety "{96361BC7-B7C8-4594-AD89-813C371F4246}" = Windows Live Writer Resources "{9636FF74-65AF-4714-90A4-08982C368100}" = Windows Live Family Safety "{968B8056-7631-4204-9BFB-CF7E0965C31F}" = Windows Live Messenger "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common "{9939B8FF-7D2D-4258-B5B9-B6BA8DD59905}" = Windows Live Mail "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86 "{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials "{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86 "{9D3B7B6C-1493-441C-99B6-26A419354812}" = Windows Live Writer "{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}" = Movie Maker "{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet "{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker "{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker "{A17D2142-6D09-4C3D-AD24-FDF9EF3198C3}" = Windows Live Writer Resources "{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών "{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie "{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials "{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack "{A412D7BD-FD86-461D-B385-CD8062F34131}" = Windows Live Messenger "{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker "{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86 "{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources "{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common "{ABAF6F07-0D84-4700-948E-EC5042B9D978}" = Windows Live Mail "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials "{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger "{B474FC1C-4619-4C99-8ECE-382D71627CCA}" = Windows Live Family Safety "{B625668D-34AA-462D-AA32-44BFA70F08E7}" = Windows Live Messenger "{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger "{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BA068968-594F-40BE-8EE8-99119123C991}" = Windows Live UX Platform Language Pack "{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}" = Movie Maker "{BE5FFB4F-FA58-48DF-BDA9-E7AE79DA9C3E}" = Windows Live Family Safety "{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C0AA1615-49F8-4580-A329-63693C7C5127}" = Windows Live Family Safety "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2F1EBBF-9AC4-4E0B-A7F4-74C9C7AD4813}" = Galerie foto "{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}" = Valokuvavalikoima "{C346ACB1-BD21-402E-8F2D-E08E58AD1105}" = Windows Live Family Safety "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}" = Windows Live Essentials "{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer "{C67BC332-A59A-4D40-977F-664F60AB21D8}" = Photo Common "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch "{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics "{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common "{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4 "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{C9D08433-5FDD-43C6-8482-7AFA7D891D98}" = Windows Live UX Platform Language Pack "{CAEDA0C9-8B41-4D69-B4D6-5AC66AAF44FB}" = Photo Common "{CD239A50-AD95-4A72-9D5F-D4FBD4B89417}" = Movie Maker "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CE44687E-BC21-4B69-B0AE-6BDFD6B5C327}" = Windows Live Messenger "{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack "{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer "{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86 "{D1952E4A-9F67-4693-A06D-DA8E0FB2B00D}" = Windows Live Essentials "{D1F5A388-09C9-4998-A793-B15DCDEB3B42}" = Photo Common "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86 "{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources "{D824AFCC-3408-4FB2-A6C9-28C660700DD4}" = Photo Common "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DAD85607-2C8E-43D5-B068-4B218F1A7DB8}" = Windows Live Mail "{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi "{DFB0E1FE-B5DE-42D7-97A9-2A69FB530A73}" = Windows Live Messenger "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack "{E22E95E7-0A26-4AEC-A907-390C568C5BC1}" = Windows Live Messenger "{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri "{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár "{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail "{E800ADC4-F459-42F5-89A2-E754634B010A}" = Windows Live Writer Resources "{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common "{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F009AAA8-7735-4A95-A87D-09DF838282E3}" = Windows Live Family Safety "{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F29C9CFE-350A-42AC-A7C8-04154D5FE8A9}" = Windows Live Writer "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common "{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources "{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery "{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail "{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Arovax AntiSpyware" = Arovax AntiSpyware 2.1.153 "Avira AntiVir Desktop" = Avira Free Antivirus "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DivX Setup" = DivX-Setup "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in "InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide "InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nokia Suite" = Nokia Suite "Notepad++" = Notepad++ "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PC Performer_is1" = PC Performer "Ravensburger tiptoi" = Ravensburger tiptoi "Security Task Manager" = Security Task Manager 1.8g "splashtop" = VAIO Quick Web Access "VAIO Help and Support" = "VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.20 (32-Bit) "xp-AntiSpy" = xp-AntiSpy 3.98-2 "Zotero Standalone 4.0.8 (x86 en-US)" = Zotero Standalone 4.0.8 (x86 en-US) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.12.2012 06:58:05 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 01.01.2013 13:01:35 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 02.01.2013 04:39:56 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 02.01.2013 18:25:38 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 05:18:30 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 05.01.2013 09:08:53 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 06.01.2013 10:25:27 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 07.01.2013 06:16:15 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 08.01.2013 06:33:31 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 06:54:18 | Computer Name = Sabine-VAIO | Source = WinMgmt | ID = 10 Description = [ Cisco AnyConnect Secure Mobility Client Events ] Error - 12.06.2013 02:32:14 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 8285 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -32571377 (0xFE0F000F) Description: NETINTERFACE_ERROR_INTERFACE_NOT_AVAILABLE Error - 12.06.2013 02:32:14 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CMainThread::OnTimerExpired File: .\MainThread.cpp Line: 4556 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -32571377 (0xFE0F000F) Description: NETINTERFACE_ERROR_INTERFACE_NOT_AVAILABLE Error - 12.06.2013 02:32:15 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2660 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 12.06.2013 02:32:15 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2169 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 12.06.2013 02:34:09 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp Line: 633 Invoked Function: AddRoute Return Code: -33095642 (0xFE070026) Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_ALREADY_EXISTS the interface appears to be available Error - 12.06.2013 02:34:09 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp Line: 617 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available Error - 12.06.2013 02:34:09 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp Line: 617 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available Error - 12.06.2013 02:34:16 | Computer Name = Sabine-VAIO | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 12.06.2013 02:35:04 | Computer Name = Sabine-VAIO | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 12.06.2013 02:35:06 | Computer Name = Sabine-VAIO | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1127 NULL object. Cannot establish a connection at this time. [ OSession Events ] Error - 13.08.2012 09:27:36 | Computer Name = Sabine-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21561 seconds with 13860 seconds of active time. This session ended with a crash. Error - 16.08.2012 14:31:10 | Computer Name = Sabine-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12254 seconds with 8340 seconds of active time. This session ended with a crash. Error - 16.08.2012 15:06:34 | Computer Name = Sabine-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2107 seconds with 1800 seconds of active time. This session ended with a crash. Error - 22.04.2013 07:43:12 | Computer Name = Sabine-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1693 seconds with 120 seconds of active time. This session ended with a crash. Error - 03.06.2013 10:01:05 | Computer Name = Sabine-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14057 seconds with 540 seconds of active time. This session ended with a crash. Error - 03.06.2013 15:24:40 | Computer Name = Sabine-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3128 seconds with 2400 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.06.2013 23:12:08 | Computer Name = Sabine-VAIO | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 11.06.2013 23:12:15 | Computer Name = Sabine-VAIO | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 12.06.2013 01:27:59 | Computer Name = Sabine-VAIO | Source = DCOM | ID = 10010 Description = Error - 12.06.2013 01:28:09 | Computer Name = Sabine-VAIO | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 12.06.2013 02:20:56 | Computer Name = Sabine-VAIO | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 12.06.2013 02:21:33 | Computer Name = Sabine-VAIO | Source = DCOM | ID = 10010 Description = Error - 12.06.2013 02:21:36 | Computer Name = Sabine-VAIO | Source = Service Control Manager | ID = 7031 Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error - 12.06.2013 02:22:34 | Computer Name = Sabine-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst avast! Firewall erreicht. Error - 12.06.2013 02:22:34 | Computer Name = Sabine-VAIO | Source = Service Control Manager | ID = 7000 Description = Der Dienst "avast! Firewall" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 12.06.2013 04:35:31 | Computer Name = Sabine-VAIO | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. < End of report > |
12.06.2013, 14:07 | #7 |
/// Malware-holic | Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2013, 14:20 | #8 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? Hi, hier das Ergebnis: Code:
ATTFilter 15:12:41.0928 3004 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:12:42.0368 3004 ============================================================ 15:12:42.0368 3004 Current date / time: 2013/06/12 15:12:42.0368 15:12:42.0368 3004 SystemInfo: 15:12:42.0368 3004 15:12:42.0368 3004 OS Version: 6.1.7601 ServicePack: 1.0 15:12:42.0368 3004 Product type: Workstation 15:12:42.0368 3004 ComputerName: SABINE-VAIO 15:12:42.0369 3004 UserName: Sabine 15:12:42.0369 3004 Windows directory: C:\Windows 15:12:42.0369 3004 System windows directory: C:\Windows 15:12:42.0369 3004 Running under WOW64 15:12:42.0369 3004 Processor architecture: Intel x64 15:12:42.0369 3004 Number of processors: 4 15:12:42.0369 3004 Page size: 0x1000 15:12:42.0369 3004 Boot type: Normal boot 15:12:42.0369 3004 ============================================================ 15:12:43.0277 3004 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:12:43.0285 3004 Drive \Device\Harddisk1\DR1 - Size: 0xF3630000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1F0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:12:43.0288 3004 ============================================================ 15:12:43.0288 3004 \Device\Harddisk0\DR0: 15:12:43.0288 3004 MBR partitions: 15:12:43.0288 3004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C06800, BlocksNum 0x32000 15:12:43.0288 3004 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C38800, BlocksNum 0x48C1FAB0 15:12:43.0288 3004 \Device\Harddisk1\DR1: 15:12:43.0289 3004 MBR partitions: 15:12:43.0289 3004 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x38, BlocksNum 0x79B148 15:12:43.0289 3004 ============================================================ 15:12:43.0312 3004 C: <-> \Device\Harddisk0\DR0\Partition2 15:12:43.0313 3004 ============================================================ 15:12:43.0313 3004 Initialize success 15:12:43.0313 3004 ============================================================ 15:16:01.0677 8628 ============================================================ 15:16:01.0677 8628 Scan started 15:16:01.0677 8628 Mode: Manual; SigCheck; TDLFS; 15:16:01.0677 8628 ============================================================ 15:16:02.0270 8628 ================ Scan system memory ======================== 15:16:02.0270 8628 System memory - ok 15:16:02.0271 8628 ================ Scan services ============================= 15:16:02.0505 8628 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 15:16:02.0840 8628 1394ohci - ok 15:16:02.0936 8628 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 15:16:03.0051 8628 ACDaemon - ok 15:16:03.0099 8628 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:16:03.0156 8628 ACPI - ok 15:16:03.0173 8628 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 15:16:03.0261 8628 AcpiPmi - ok 15:16:03.0329 8628 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys 15:16:03.0370 8628 acsock - ok 15:16:03.0443 8628 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:16:03.0482 8628 AdobeARMservice - ok 15:16:03.0606 8628 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:16:03.0658 8628 AdobeFlashPlayerUpdateSvc - ok 15:16:03.0726 8628 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:16:03.0786 8628 adp94xx - ok 15:16:03.0826 8628 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:16:03.0878 8628 adpahci - ok 15:16:03.0900 8628 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:16:03.0946 8628 adpu320 - ok 15:16:03.0985 8628 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:16:04.0298 8628 AeLookupSvc - ok 15:16:04.0340 8628 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 15:16:04.0434 8628 AFD - ok 15:16:04.0491 8628 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:16:04.0528 8628 agp440 - ok 15:16:04.0576 8628 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 15:16:04.0645 8628 ALG - ok 15:16:04.0678 8628 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 15:16:04.0712 8628 aliide - ok 15:16:04.0733 8628 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 15:16:04.0766 8628 amdide - ok 15:16:04.0800 8628 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:16:04.0850 8628 AmdK8 - ok 15:16:04.0869 8628 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 15:16:04.0924 8628 AmdPPM - ok 15:16:05.0010 8628 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:16:05.0050 8628 amdsata - ok 15:16:05.0083 8628 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 15:16:05.0129 8628 amdsbs - ok 15:16:05.0160 8628 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:16:05.0196 8628 amdxata - ok 15:16:05.0373 8628 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:16:05.0413 8628 AntiVirSchedulerService - ok 15:16:05.0491 8628 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:16:05.0516 8628 AntiVirService - ok 15:16:05.0573 8628 [ 12BFA9EC4B03CC16BB7D19BAA308AEF2 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys 15:16:05.0624 8628 ApfiltrService - ok 15:16:05.0666 8628 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 15:16:05.0923 8628 AppID - ok 15:16:05.0969 8628 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:16:06.0086 8628 AppIDSvc - ok 15:16:06.0140 8628 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 15:16:06.0213 8628 Appinfo - ok 15:16:06.0263 8628 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 15:16:06.0302 8628 arc - ok 15:16:06.0336 8628 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:16:06.0376 8628 arcsas - ok 15:16:06.0398 8628 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys 15:16:06.0425 8628 ArcSoftKsUFilter - ok 15:16:06.0518 8628 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 15:16:06.0554 8628 aspnet_state - ok 15:16:06.0587 8628 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:16:06.0696 8628 AsyncMac - ok 15:16:06.0744 8628 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 15:16:06.0777 8628 atapi - ok 15:16:06.0813 8628 [ 50F257E19554421B6891E3F998EDCA90 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys 15:16:06.0877 8628 AthBTPort - ok 15:16:06.0929 8628 [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU C:\Windows\System32\Drivers\AthDfu.sys 15:16:06.0997 8628 ATHDFU - ok 15:16:07.0099 8628 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe 15:16:07.0152 8628 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning 15:16:07.0152 8628 Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1) 15:16:07.0174 8628 [ EBC3119394C9074A9CD87578A435050D ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 15:16:07.0202 8628 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning 15:16:07.0202 8628 AtherosSvc - detected UnsignedFile.Multi.Generic (1) 15:16:07.0323 8628 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys 15:16:07.0504 8628 athr - ok 15:16:07.0602 8628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:16:07.0751 8628 AudioEndpointBuilder - ok 15:16:07.0770 8628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 15:16:07.0877 8628 AudioSrv - ok 15:16:07.0962 8628 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:16:08.0004 8628 avgntflt - ok 15:16:08.0042 8628 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:16:08.0084 8628 avipbb - ok 15:16:08.0102 8628 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:16:08.0136 8628 avkmgr - ok 15:16:08.0175 8628 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:16:08.0287 8628 AxInstSV - ok 15:16:08.0340 8628 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 15:16:08.0419 8628 b06bdrv - ok 15:16:08.0476 8628 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 15:16:08.0534 8628 b57nd60a - ok 15:16:08.0580 8628 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 15:16:08.0650 8628 BDESVC - ok 15:16:08.0686 8628 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 15:16:08.0814 8628 Beep - ok 15:16:08.0879 8628 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 15:16:09.0029 8628 BFE - ok 15:16:09.0093 8628 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 15:16:09.0247 8628 BITS - ok 15:16:09.0287 8628 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:16:09.0339 8628 blbdrive - ok 15:16:09.0373 8628 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:16:09.0454 8628 bowser - ok 15:16:09.0499 8628 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 15:16:09.0562 8628 BrFiltLo - ok 15:16:09.0592 8628 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 15:16:09.0633 8628 BrFiltUp - ok 15:16:09.0702 8628 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 15:16:09.0782 8628 Browser - ok 15:16:09.0836 8628 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 15:16:09.0923 8628 Brserid - ok 15:16:09.0985 8628 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 15:16:10.0057 8628 BrSerWdm - ok 15:16:10.0110 8628 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 15:16:10.0168 8628 BrUsbMdm - ok 15:16:10.0201 8628 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 15:16:10.0245 8628 BrUsbSer - ok 15:16:10.0297 8628 [ B3BCD755FA9A359D10208CC9F09847CC ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys 15:16:10.0378 8628 BTATH_A2DP - ok 15:16:10.0404 8628 [ 9BBBA9D6DBDEFC8A6542BC7A6EBAF710 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys 15:16:10.0460 8628 btath_avdt - ok 15:16:10.0496 8628 [ D838DD1BCB328EFCFAD7A52DE9E3CAFD ] BTATH_BUS C:\Windows\system32\drivers\btath_bus.sys 15:16:10.0555 8628 BTATH_BUS - ok 15:16:10.0593 8628 [ A441B800E04CF8443FAF519207563ABB ] BTATH_HCRP C:\Windows\system32\drivers\btath_hcrp.sys 15:16:10.0677 8628 BTATH_HCRP - ok 15:16:10.0716 8628 [ B16F8429A35BBA2A8EF9DB2E08675B97 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys 15:16:10.0778 8628 BTATH_LWFLT - ok 15:16:10.0815 8628 [ C24231C6BDFE21735930084A22089AAB ] BTATH_RCP C:\Windows\system32\drivers\btath_rcp.sys 15:16:10.0890 8628 BTATH_RCP - ok 15:16:10.0937 8628 [ 3632FA4C6B3CE9EC827690DEAC266D8C ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 15:16:11.0019 8628 BtFilter - ok 15:16:11.0066 8628 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 15:16:11.0129 8628 BthEnum - ok 15:16:11.0159 8628 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:16:11.0208 8628 BTHMODEM - ok 15:16:11.0243 8628 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 15:16:11.0307 8628 BthPan - ok 15:16:11.0359 8628 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 15:16:11.0435 8628 BTHPORT - ok 15:16:11.0481 8628 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 15:16:11.0586 8628 bthserv - ok 15:16:11.0622 8628 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 15:16:11.0672 8628 BTHUSB - ok 15:16:11.0707 8628 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:16:11.0824 8628 cdfs - ok 15:16:11.0860 8628 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:16:11.0915 8628 cdrom - ok 15:16:11.0952 8628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 15:16:12.0066 8628 CertPropSvc - ok 15:16:12.0098 8628 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 15:16:12.0144 8628 circlass - ok 15:16:12.0175 8628 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 15:16:12.0230 8628 CLFS - ok 15:16:12.0287 8628 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:16:12.0325 8628 clr_optimization_v2.0.50727_32 - ok 15:16:12.0359 8628 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:16:12.0396 8628 clr_optimization_v2.0.50727_64 - ok 15:16:12.0446 8628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:16:12.0486 8628 clr_optimization_v4.0.30319_32 - ok 15:16:12.0505 8628 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:16:12.0546 8628 clr_optimization_v4.0.30319_64 - ok 15:16:12.0588 8628 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 15:16:12.0642 8628 CmBatt - ok 15:16:12.0674 8628 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:16:12.0706 8628 cmdide - ok 15:16:12.0759 8628 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 15:16:12.0840 8628 CNG - ok 15:16:12.0931 8628 [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 15:16:13.0050 8628 CnxtHdAudService - ok 15:16:13.0095 8628 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 15:16:13.0128 8628 Compbatt - ok 15:16:13.0163 8628 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 15:16:13.0221 8628 CompositeBus - ok 15:16:13.0243 8628 COMSysApp - ok 15:16:13.0277 8628 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:16:13.0312 8628 crcdisk - ok 15:16:13.0354 8628 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:16:13.0438 8628 CryptSvc - ok 15:16:13.0561 8628 [ 75E3C4BB1ED032310EDCF5691A452B4B ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe 15:16:13.0608 8628 DCDhcpService ( UnsignedFile.Multi.Generic ) - warning 15:16:13.0608 8628 DCDhcpService - detected UnsignedFile.Multi.Generic (1) 15:16:13.0670 8628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:16:13.0794 8628 DcomLaunch - ok 15:16:13.0834 8628 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 15:16:13.0967 8628 defragsvc - ok 15:16:14.0001 8628 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:16:14.0118 8628 DfsC - ok 15:16:14.0173 8628 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 15:16:14.0257 8628 Dhcp - ok 15:16:14.0286 8628 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 15:16:14.0401 8628 discache - ok 15:16:14.0444 8628 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 15:16:14.0483 8628 Disk - ok 15:16:14.0518 8628 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:16:14.0587 8628 Dnscache - ok 15:16:14.0612 8628 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:16:14.0733 8628 dot3svc - ok 15:16:14.0756 8628 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 15:16:14.0864 8628 DPS - ok 15:16:14.0900 8628 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:16:14.0949 8628 drmkaud - ok 15:16:15.0005 8628 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:16:15.0089 8628 DXGKrnl - ok 15:16:15.0125 8628 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys 15:16:15.0192 8628 e1yexpress - ok 15:16:15.0237 8628 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 15:16:15.0353 8628 EapHost - ok 15:16:15.0461 8628 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 15:16:15.0620 8628 ebdrv - ok 15:16:15.0651 8628 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 15:16:15.0716 8628 EFS - ok 15:16:15.0778 8628 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:16:15.0893 8628 ehRecvr - ok 15:16:15.0910 8628 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 15:16:15.0957 8628 ehSched - ok 15:16:16.0017 8628 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:16:16.0078 8628 elxstor - ok 15:16:16.0096 8628 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:16:16.0146 8628 ErrDev - ok 15:16:16.0212 8628 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 15:16:16.0337 8628 EventSystem - ok 15:16:16.0386 8628 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 15:16:16.0493 8628 exfat - ok 15:16:16.0505 8628 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:16:16.0625 8628 fastfat - ok 15:16:16.0687 8628 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 15:16:16.0772 8628 Fax - ok 15:16:16.0814 8628 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 15:16:16.0863 8628 fdc - ok 15:16:16.0905 8628 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 15:16:17.0005 8628 fdPHost - ok 15:16:17.0020 8628 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 15:16:17.0132 8628 FDResPub - ok 15:16:17.0164 8628 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:16:17.0201 8628 FileInfo - ok 15:16:17.0220 8628 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:16:17.0333 8628 Filetrace - ok 15:16:17.0357 8628 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 15:16:17.0409 8628 flpydisk - ok 15:16:17.0448 8628 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:16:17.0502 8628 FltMgr - ok 15:16:17.0572 8628 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 15:16:17.0680 8628 FontCache - ok 15:16:17.0720 8628 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:16:17.0753 8628 FontCache3.0.0.0 - ok 15:16:17.0776 8628 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:16:17.0814 8628 FsDepends - ok 15:16:17.0837 8628 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 15:16:17.0881 8628 fssfltr - ok 15:16:17.0986 8628 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 15:16:18.0114 8628 fsssvc - ok 15:16:18.0151 8628 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:16:18.0185 8628 Fs_Rec - ok 15:16:18.0226 8628 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:16:18.0289 8628 fvevol - ok 15:16:18.0328 8628 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:16:18.0365 8628 gagp30kx - ok 15:16:18.0430 8628 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 15:16:18.0564 8628 gpsvc - ok 15:16:18.0634 8628 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:16:18.0660 8628 gupdate - ok 15:16:18.0679 8628 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:16:18.0703 8628 gupdatem - ok 15:16:18.0737 8628 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 15:16:18.0800 8628 hcw85cir - ok 15:16:18.0831 8628 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:16:18.0906 8628 HdAudAddService - ok 15:16:18.0936 8628 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 15:16:19.0000 8628 HDAudBus - ok 15:16:19.0036 8628 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 15:16:19.0085 8628 HidBatt - ok 15:16:19.0120 8628 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:16:19.0182 8628 HidBth - ok 15:16:19.0206 8628 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 15:16:19.0252 8628 HidIr - ok 15:16:19.0286 8628 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 15:16:19.0401 8628 hidserv - ok 15:16:19.0438 8628 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:16:19.0475 8628 HidUsb - ok 15:16:19.0503 8628 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:16:19.0621 8628 hkmsvc - ok 15:16:19.0661 8628 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:16:19.0751 8628 HomeGroupListener - ok 15:16:19.0779 8628 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:16:19.0848 8628 HomeGroupProvider - ok 15:16:19.0882 8628 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:16:19.0921 8628 HpSAMD - ok 15:16:19.0958 8628 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:16:20.0101 8628 HTTP - ok 15:16:20.0131 8628 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:16:20.0164 8628 hwpolicy - ok 15:16:20.0190 8628 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:16:20.0234 8628 i8042prt - ok 15:16:20.0263 8628 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\drivers\iaStor.sys 15:16:20.0301 8628 iaStor - ok 15:16:20.0399 8628 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 15:16:20.0427 8628 IAStorDataMgrSvc - ok 15:16:20.0475 8628 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:16:20.0526 8628 iaStorV - ok 15:16:20.0657 8628 [ 6F3909A3D40CC9F4B28E03B027F918D8 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 15:16:20.0791 8628 IconMan_R ( UnsignedFile.Multi.Generic ) - warning 15:16:20.0791 8628 IconMan_R - detected UnsignedFile.Multi.Generic (1) 15:16:20.0854 8628 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:16:20.0950 8628 idsvc - ok 15:16:20.0983 8628 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:16:21.0020 8628 iirsp - ok 15:16:21.0068 8628 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 15:16:21.0214 8628 IKEEXT - ok 15:16:21.0243 8628 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 15:16:21.0277 8628 intelide - ok 15:16:21.0316 8628 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 15:16:21.0376 8628 intelppm - ok 15:16:21.0422 8628 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:16:21.0544 8628 IPBusEnum - ok 15:16:21.0578 8628 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:16:21.0681 8628 IpFilterDriver - ok 15:16:21.0727 8628 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:16:21.0812 8628 iphlpsvc - ok 15:16:21.0843 8628 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 15:16:21.0898 8628 IPMIDRV - ok 15:16:21.0934 8628 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:16:22.0057 8628 IPNAT - ok 15:16:22.0080 8628 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:16:22.0146 8628 IRENUM - ok 15:16:22.0181 8628 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:16:22.0214 8628 isapnp - ok 15:16:22.0258 8628 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 15:16:22.0309 8628 iScsiPrt - ok 15:16:22.0354 8628 [ F415A88162D23977B5EDAE4F0410E903 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 15:16:22.0393 8628 IviRegMgr - ok 15:16:22.0425 8628 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 15:16:22.0462 8628 kbdclass - ok 15:16:22.0482 8628 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 15:16:22.0533 8628 kbdhid - ok 15:16:22.0563 8628 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 15:16:22.0594 8628 KeyIso - ok 15:16:22.0631 8628 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:16:22.0673 8628 KSecDD - ok 15:16:22.0712 8628 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:16:22.0756 8628 KSecPkg - ok 15:16:22.0792 8628 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:16:22.0903 8628 ksthunk - ok 15:16:22.0947 8628 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 15:16:23.0070 8628 KtmRm - ok 15:16:23.0121 8628 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 15:16:23.0255 8628 LanmanServer - ok 15:16:23.0281 8628 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:16:23.0402 8628 LanmanWorkstation - ok 15:16:23.0445 8628 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:16:23.0562 8628 lltdio - ok 15:16:23.0598 8628 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:16:23.0723 8628 lltdsvc - ok 15:16:23.0747 8628 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:16:23.0860 8628 lmhosts - ok 15:16:23.0916 8628 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:16:23.0969 8628 LMS - ok 15:16:24.0001 8628 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:16:24.0040 8628 LSI_FC - ok 15:16:24.0063 8628 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:16:24.0103 8628 LSI_SAS - ok 15:16:24.0118 8628 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 15:16:24.0156 8628 LSI_SAS2 - ok 15:16:24.0176 8628 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:16:24.0216 8628 LSI_SCSI - ok 15:16:24.0263 8628 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 15:16:24.0386 8628 luafv - ok 15:16:24.0432 8628 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 15:16:24.0466 8628 MBAMProtector - ok 15:16:24.0555 8628 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:16:24.0615 8628 MBAMScheduler - ok 15:16:24.0670 8628 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:16:24.0743 8628 MBAMService - ok 15:16:24.0834 8628 [ 85B847819DAB74EFC23D5D3A8AC15A11 ] McComponentHostServiceSony C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe 15:16:24.0885 8628 McComponentHostServiceSony - ok 15:16:24.0921 8628 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:16:24.0979 8628 Mcx2Svc - ok 15:16:25.0018 8628 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 15:16:25.0053 8628 megasas - ok 15:16:25.0091 8628 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 15:16:25.0144 8628 MegaSR - ok 15:16:25.0182 8628 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys 15:16:25.0211 8628 MEIx64 - ok 15:16:25.0251 8628 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 15:16:25.0368 8628 MMCSS - ok 15:16:25.0386 8628 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 15:16:25.0493 8628 Modem - ok 15:16:25.0517 8628 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:16:25.0580 8628 monitor - ok 15:16:25.0628 8628 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:16:25.0666 8628 mouclass - ok 15:16:25.0697 8628 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:16:25.0742 8628 mouhid - ok 15:16:25.0763 8628 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:16:25.0804 8628 mountmgr - ok 15:16:25.0865 8628 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:16:25.0904 8628 MozillaMaintenance - ok 15:16:25.0941 8628 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 15:16:25.0986 8628 mpio - ok 15:16:26.0000 8628 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:16:26.0111 8628 mpsdrv - ok 15:16:26.0156 8628 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:16:26.0291 8628 MpsSvc - ok 15:16:26.0309 8628 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:16:26.0386 8628 MRxDAV - ok 15:16:26.0417 8628 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:16:26.0478 8628 mrxsmb - ok 15:16:26.0504 8628 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:16:26.0552 8628 mrxsmb10 - ok 15:16:26.0586 8628 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:16:26.0649 8628 mrxsmb20 - ok 15:16:26.0685 8628 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 15:16:26.0713 8628 msahci - ok 15:16:26.0748 8628 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:16:26.0789 8628 msdsm - ok 15:16:26.0807 8628 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 15:16:26.0869 8628 MSDTC - ok 15:16:26.0902 8628 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:16:27.0013 8628 Msfs - ok 15:16:27.0029 8628 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:16:27.0124 8628 mshidkmdf - ok 15:16:27.0162 8628 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:16:27.0195 8628 msisadrv - ok 15:16:27.0226 8628 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:16:27.0349 8628 MSiSCSI - ok 15:16:27.0356 8628 msiserver - ok 15:16:27.0399 8628 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:16:27.0511 8628 MSKSSRV - ok 15:16:27.0531 8628 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:16:27.0623 8628 MSPCLOCK - ok 15:16:27.0646 8628 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:16:27.0735 8628 MSPQM - ok 15:16:27.0767 8628 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:16:27.0810 8628 MsRPC - ok 15:16:27.0843 8628 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 15:16:27.0872 8628 mssmbios - ok 15:16:27.0907 8628 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:16:27.0996 8628 MSTEE - ok 15:16:28.0020 8628 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 15:16:28.0049 8628 MTConfig - ok 15:16:28.0067 8628 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 15:16:28.0098 8628 Mup - ok 15:16:28.0132 8628 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 15:16:28.0245 8628 napagent - ok 15:16:28.0294 8628 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:16:28.0366 8628 NativeWifiP - ok 15:16:28.0432 8628 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:16:28.0512 8628 NDIS - ok 15:16:28.0554 8628 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:16:28.0634 8628 NdisCap - ok 15:16:28.0659 8628 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:16:28.0739 8628 NdisTapi - ok 15:16:28.0768 8628 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:16:28.0864 8628 Ndisuio - ok 15:16:28.0882 8628 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:16:28.0983 8628 NdisWan - ok 15:16:29.0007 8628 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:16:29.0094 8628 NDProxy - ok 15:16:29.0146 8628 [ 76C4D5C98A808D8C8E0C46280036FAF8 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 15:16:29.0175 8628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:16:29.0176 8628 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:16:29.0204 8628 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:16:29.0297 8628 NetBIOS - ok 15:16:29.0327 8628 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:16:29.0417 8628 NetBT - ok 15:16:29.0439 8628 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 15:16:29.0465 8628 Netlogon - ok 15:16:29.0509 8628 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 15:16:29.0641 8628 Netman - ok 15:16:29.0678 8628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:16:29.0723 8628 NetMsmqActivator - ok 15:16:29.0733 8628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:16:29.0759 8628 NetPipeActivator - ok 15:16:29.0788 8628 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 15:16:29.0940 8628 netprofm - ok 15:16:29.0949 8628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:16:29.0977 8628 NetTcpActivator - ok 15:16:29.0985 8628 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:16:30.0012 8628 NetTcpPortSharing - ok 15:16:30.0058 8628 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:16:30.0095 8628 nfrd960 - ok 15:16:30.0149 8628 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:16:30.0203 8628 NlaSvc - ok 15:16:30.0239 8628 [ 4903177FC90E77ABEB19021451E9475E ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys 15:16:30.0337 8628 nmwcd - ok 15:16:30.0378 8628 [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys 15:16:30.0465 8628 nmwcdc - ok 15:16:30.0496 8628 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:16:30.0595 8628 Npfs - ok 15:16:30.0619 8628 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 15:16:30.0720 8628 nsi - ok 15:16:30.0733 8628 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:16:30.0846 8628 nsiproxy - ok 15:16:30.0928 8628 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:16:31.0050 8628 Ntfs - ok 15:16:31.0080 8628 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 15:16:31.0183 8628 Null - ok 15:16:31.0231 8628 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 15:16:31.0276 8628 NVHDA - ok 15:16:31.0666 8628 [ 08D56435647BE1102C186F8F4819374D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:16:32.0370 8628 nvlddmkm - ok 15:16:32.0433 8628 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:16:32.0467 8628 nvraid - ok 15:16:32.0489 8628 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:16:32.0522 8628 nvstor - ok 15:16:32.0567 8628 [ 98542102645308E9F5ADC61EBBBBFCFC ] NVSvc C:\Windows\system32\nvvsvc.exe 15:16:32.0662 8628 NVSvc - ok 15:16:32.0687 8628 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:16:32.0730 8628 nv_agp - ok 15:16:32.0812 8628 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:16:32.0877 8628 odserv - ok 15:16:32.0900 8628 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 15:16:32.0956 8628 ohci1394 - ok 15:16:33.0021 8628 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:16:33.0067 8628 ose - ok 15:16:33.0105 8628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:16:33.0165 8628 p2pimsvc - ok 15:16:33.0198 8628 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 15:16:33.0256 8628 p2psvc - ok 15:16:33.0276 8628 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 15:16:33.0318 8628 Parport - ok 15:16:33.0359 8628 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:16:33.0397 8628 partmgr - ok 15:16:33.0438 8628 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:16:33.0521 8628 PcaSvc - ok 15:16:33.0575 8628 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 15:16:33.0643 8628 pccsmcfd - ok 15:16:33.0684 8628 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 15:16:33.0732 8628 pci - ok 15:16:33.0756 8628 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 15:16:33.0789 8628 pciide - ok 15:16:33.0808 8628 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:16:33.0857 8628 pcmcia - ok 15:16:33.0879 8628 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 15:16:33.0915 8628 pcw - ok 15:16:33.0948 8628 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:16:34.0084 8628 PEAUTH - ok 15:16:34.0179 8628 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:16:34.0221 8628 PerfHost - ok 15:16:34.0297 8628 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 15:16:34.0466 8628 pla - ok 15:16:34.0517 8628 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:16:34.0585 8628 PlugPlay - ok 15:16:34.0650 8628 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe 15:16:34.0705 8628 PMBDeviceInfoProvider - ok 15:16:34.0749 8628 [ D1A4DBB8A29F7FFC78378F47F9EA6B91 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 15:16:34.0790 8628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:16:34.0790 8628 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:16:34.0818 8628 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:16:34.0875 8628 PNRPAutoReg - ok 15:16:34.0905 8628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:16:34.0943 8628 PNRPsvc - ok 15:16:34.0979 8628 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:16:35.0121 8628 PolicyAgent - ok 15:16:35.0166 8628 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 15:16:35.0288 8628 Power - ok 15:16:35.0332 8628 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:16:35.0447 8628 PptpMiniport - ok 15:16:35.0477 8628 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 15:16:35.0529 8628 Processor - ok 15:16:35.0575 8628 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 15:16:35.0652 8628 ProfSvc - ok 15:16:35.0673 8628 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 15:16:35.0704 8628 ProtectedStorage - ok 15:16:35.0735 8628 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:16:35.0851 8628 Psched - ok 15:16:35.0906 8628 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 15:16:35.0947 8628 PSI_SVC_2 - ok 15:16:36.0014 8628 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:16:36.0120 8628 ql2300 - ok 15:16:36.0148 8628 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:16:36.0191 8628 ql40xx - ok 15:16:36.0232 8628 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 15:16:36.0300 8628 QWAVE - ok 15:16:36.0316 8628 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:16:36.0384 8628 QWAVEdrv - ok 15:16:36.0444 8628 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 15:16:36.0488 8628 RapiMgr - ok 15:16:36.0505 8628 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:16:36.0620 8628 RasAcd - ok 15:16:36.0657 8628 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:16:36.0758 8628 RasAgileVpn - ok 15:16:36.0788 8628 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 15:16:36.0904 8628 RasAuto - ok 15:16:36.0928 8628 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:16:37.0034 8628 Rasl2tp - ok 15:16:37.0067 8628 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 15:16:37.0185 8628 RasMan - ok 15:16:37.0210 8628 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:16:37.0334 8628 RasPppoe - ok 15:16:37.0357 8628 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:16:37.0474 8628 RasSstp - ok 15:16:37.0505 8628 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:16:37.0636 8628 rdbss - ok 15:16:37.0661 8628 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 15:16:37.0706 8628 rdpbus - ok 15:16:37.0737 8628 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:16:37.0832 8628 RDPCDD - ok 15:16:37.0853 8628 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:16:37.0966 8628 RDPENCDD - ok 15:16:37.0977 8628 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 15:16:38.0075 8628 RDPREFMP - ok 15:16:38.0136 8628 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 15:16:38.0204 8628 RdpVideoMiniport - ok 15:16:38.0240 8628 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:16:38.0311 8628 RDPWD - ok 15:16:38.0353 8628 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:16:38.0401 8628 rdyboost - ok 15:16:38.0432 8628 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys 15:16:38.0460 8628 regi - ok 15:16:38.0496 8628 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:16:38.0620 8628 RemoteAccess - ok 15:16:38.0668 8628 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:16:38.0790 8628 RemoteRegistry - ok 15:16:38.0829 8628 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 15:16:38.0898 8628 RFCOMM - ok 15:16:38.0933 8628 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:16:39.0058 8628 RpcEptMapper - ok 15:16:39.0093 8628 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 15:16:39.0144 8628 RpcLocator - ok 15:16:39.0180 8628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 15:16:39.0285 8628 RpcSs - ok 15:16:39.0331 8628 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 15:16:39.0377 8628 RSPCIESTOR - ok 15:16:39.0410 8628 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:16:39.0512 8628 rspndr - ok 15:16:39.0547 8628 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 15:16:39.0597 8628 RTL8167 - ok 15:16:39.0639 8628 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 15:16:39.0670 8628 SamSs - ok 15:16:39.0703 8628 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:16:39.0743 8628 sbp2port - ok 15:16:39.0775 8628 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:16:39.0885 8628 SCardSvr - ok 15:16:39.0902 8628 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:16:40.0013 8628 scfilter - ok 15:16:40.0063 8628 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 15:16:40.0236 8628 Schedule - ok 15:16:40.0263 8628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 15:16:40.0354 8628 SCPolicySvc - ok 15:16:40.0385 8628 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 15:16:40.0445 8628 sdbus - ok 15:16:40.0481 8628 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:16:40.0558 8628 SDRSVC - ok 15:16:40.0578 8628 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:16:40.0694 8628 secdrv - ok 15:16:40.0710 8628 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 15:16:40.0810 8628 seclogon - ok 15:16:40.0844 8628 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 15:16:40.0950 8628 SENS - ok 15:16:40.0992 8628 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:16:41.0064 8628 SensrSvc - ok 15:16:41.0118 8628 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 15:16:41.0171 8628 Serenum - ok 15:16:41.0194 8628 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 15:16:41.0254 8628 Serial - ok 15:16:41.0295 8628 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:16:41.0344 8628 sermouse - ok 15:16:41.0445 8628 [ 289E853881E688286AD24299FCC485D8 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 15:16:41.0527 8628 ServiceLayer - ok 15:16:41.0569 8628 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 15:16:41.0692 8628 SessionEnv - ok 15:16:41.0717 8628 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys 15:16:41.0780 8628 SFEP - ok 15:16:41.0817 8628 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:16:41.0873 8628 sffdisk - ok 15:16:41.0896 8628 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:16:41.0959 8628 sffp_mmc - ok 15:16:41.0977 8628 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:16:42.0040 8628 sffp_sd - ok 15:16:42.0068 8628 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:16:42.0103 8628 sfloppy - ok 15:16:42.0149 8628 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:16:42.0276 8628 SharedAccess - ok 15:16:42.0314 8628 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:16:42.0449 8628 ShellHWDetection - ok 15:16:42.0484 8628 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 15:16:42.0521 8628 SiSRaid2 - ok 15:16:42.0552 8628 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:16:42.0592 8628 SiSRaid4 - ok 15:16:42.0648 8628 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 15:16:42.0794 8628 SkypeUpdate - ok 15:16:42.0833 8628 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:16:42.0955 8628 Smb - ok 15:16:42.0996 8628 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:16:43.0038 8628 SNMPTRAP - ok 15:16:43.0102 8628 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe 15:16:43.0139 8628 SOHCImp - ok 15:16:43.0154 8628 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe 15:16:43.0188 8628 SOHDs - ok 15:16:43.0255 8628 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe 15:16:43.0306 8628 SpfService - ok 15:16:43.0327 8628 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 15:16:43.0363 8628 spldr - ok 15:16:43.0415 8628 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 15:16:43.0493 8628 Spooler - ok 15:16:43.0618 8628 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 15:16:43.0869 8628 sppsvc - ok 15:16:43.0892 8628 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 15:16:44.0000 8628 sppuinotify - ok 15:16:44.0041 8628 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 15:16:44.0122 8628 srv - ok 15:16:44.0162 8628 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:16:44.0239 8628 srv2 - ok 15:16:44.0273 8628 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:16:44.0316 8628 srvnet - ok 15:16:44.0358 8628 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:16:44.0474 8628 SSDPSRV - ok 15:16:44.0541 8628 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:16:44.0635 8628 SstpSvc - ok 15:16:44.0718 8628 [ 5C2EE5A4CA1E782A9A23C620DAF5F223 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 15:16:44.0777 8628 Stereo Service - ok 15:16:44.0799 8628 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 15:16:44.0828 8628 stexstor - ok 15:16:44.0864 8628 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 15:16:44.0945 8628 stisvc - ok 15:16:44.0983 8628 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 15:16:45.0010 8628 swenum - ok 15:16:45.0049 8628 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 15:16:45.0165 8628 swprv - ok 15:16:45.0224 8628 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 15:16:45.0325 8628 SysMain - ok 15:16:45.0348 8628 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:16:45.0407 8628 TabletInputService - ok 15:16:45.0431 8628 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:16:45.0524 8628 TapiSrv - ok 15:16:45.0540 8628 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 15:16:45.0624 8628 TBS - ok 15:16:45.0713 8628 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:16:45.0828 8628 Tcpip - ok 15:16:45.0874 8628 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:16:45.0956 8628 TCPIP6 - ok 15:16:46.0016 8628 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:16:46.0047 8628 tcpipreg - ok 15:16:46.0082 8628 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:16:46.0133 8628 TDPIPE - ok 15:16:46.0161 8628 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:16:46.0195 8628 TDTCP - ok 15:16:46.0225 8628 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:16:46.0344 8628 tdx - ok 15:16:46.0375 8628 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 15:16:46.0413 8628 TermDD - ok 15:16:46.0450 8628 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 15:16:46.0578 8628 TermService - ok 15:16:46.0603 8628 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 15:16:46.0661 8628 Themes - ok 15:16:46.0696 8628 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 15:16:46.0793 8628 THREADORDER - ok 15:16:46.0812 8628 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 15:16:46.0933 8628 TrkWks - ok 15:16:46.0993 8628 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:16:47.0092 8628 TrustedInstaller - ok 15:16:47.0112 8628 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:16:47.0226 8628 tssecsrv - ok 15:16:47.0257 8628 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:16:47.0329 8628 TsUsbFlt - ok 15:16:47.0365 8628 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 15:16:47.0417 8628 TsUsbGD - ok 15:16:47.0465 8628 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:16:47.0581 8628 tunnel - ok 15:16:47.0611 8628 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:16:47.0648 8628 uagp35 - ok 15:16:47.0699 8628 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe 15:16:47.0748 8628 uCamMonitor - ok 15:16:47.0770 8628 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:16:47.0889 8628 udfs - ok 15:16:47.0928 8628 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:16:47.0985 8628 UI0Detect - ok 15:16:48.0016 8628 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:16:48.0054 8628 uliagpkx - ok 15:16:48.0092 8628 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:16:48.0142 8628 umbus - ok 15:16:48.0169 8628 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 15:16:48.0220 8628 UmPass - ok 15:16:48.0380 8628 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 15:16:48.0543 8628 UNS - ok 15:16:48.0606 8628 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 15:16:48.0740 8628 upnphost - ok 15:16:48.0778 8628 [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 15:16:48.0843 8628 upperdev - ok 15:16:48.0869 8628 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:16:48.0943 8628 usbccgp - ok 15:16:48.0969 8628 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:16:49.0021 8628 usbcir - ok 15:16:49.0042 8628 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 15:16:49.0088 8628 usbehci - ok 15:16:49.0126 8628 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys 15:16:49.0193 8628 usbhub - ok 15:16:49.0224 8628 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:16:49.0269 8628 usbohci - ok 15:16:49.0307 8628 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:16:49.0369 8628 usbprint - ok 15:16:49.0406 8628 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 15:16:49.0457 8628 usbscan - ok 15:16:49.0508 8628 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys 15:16:49.0545 8628 usbser - ok 15:16:49.0590 8628 [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys 15:16:49.0665 8628 UsbserFilt - ok 15:16:49.0702 8628 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:16:49.0757 8628 USBSTOR - ok 15:16:49.0776 8628 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 15:16:49.0822 8628 usbuhci - ok 15:16:49.0854 8628 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:16:49.0917 8628 usbvideo - ok 15:16:49.0956 8628 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 15:16:50.0075 8628 UxSms - ok 15:16:50.0141 8628 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe 15:16:50.0177 8628 VAIO Event Service - ok 15:16:50.0196 8628 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 15:16:50.0227 8628 VaultSvc - ok 15:16:50.0289 8628 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe 15:16:50.0370 8628 VCFw - ok 15:16:50.0450 8628 [ F19275655B42086C884ABCDAE2C659AE ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe 15:16:50.0537 8628 VcmIAlzMgr - ok 15:16:50.0581 8628 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe 15:16:50.0653 8628 VcmINSMgr - ok 15:16:50.0674 8628 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe 15:16:50.0716 8628 VcmXmlIfHelper - ok 15:16:50.0775 8628 [ 8F0840FF3A11D6B3F767AD6C79AC2A40 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe 15:16:50.0810 8628 VCService - ok 15:16:50.0842 8628 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:16:50.0877 8628 vdrvroot - ok 15:16:50.0925 8628 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 15:16:51.0065 8628 vds - ok 15:16:51.0099 8628 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:16:51.0142 8628 vga - ok 15:16:51.0160 8628 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 15:16:51.0273 8628 VgaSave - ok 15:16:51.0298 8628 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 15:16:51.0347 8628 vhdmp - ok 15:16:51.0369 8628 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 15:16:51.0403 8628 viaide - ok 15:16:51.0433 8628 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:16:51.0472 8628 volmgr - ok 15:16:51.0495 8628 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:16:51.0550 8628 volmgrx - ok 15:16:51.0584 8628 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:16:51.0637 8628 volsnap - ok 15:16:51.0711 8628 [ FADF60FF9C5E9B4C985E0EEB66170798 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 15:16:51.0776 8628 vpnagent - ok 15:16:51.0791 8628 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 15:16:51.0824 8628 vpnva - ok 15:16:51.0864 8628 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:16:51.0907 8628 vsmraid - ok 15:16:51.0979 8628 [ 03F6F618367CB16A2176B8DB4215D1F9 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe 15:16:52.0092 8628 VSNService - ok 15:16:52.0158 8628 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 15:16:52.0328 8628 VSS - ok 15:16:52.0435 8628 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe 15:16:52.0511 8628 VUAgent - ok 15:16:52.0526 8628 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 15:16:52.0588 8628 vwifibus - ok 15:16:52.0622 8628 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 15:16:52.0681 8628 vwififlt - ok 15:16:52.0728 8628 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 15:16:52.0791 8628 vwifimp - ok 15:16:52.0834 8628 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 15:16:52.0958 8628 W32Time - ok 15:16:52.0990 8628 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:16:53.0035 8628 WacomPen - ok 15:16:53.0080 8628 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 15:16:53.0191 8628 WANARP - ok 15:16:53.0198 8628 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:16:53.0290 8628 Wanarpv6 - ok 15:16:53.0358 8628 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 15:16:53.0484 8628 wbengine - ok 15:16:53.0506 8628 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:16:53.0569 8628 WbioSrvc - ok 15:16:53.0624 8628 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 15:16:53.0682 8628 WcesComm - ok 15:16:53.0706 8628 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:16:53.0783 8628 wcncsvc - ok 15:16:53.0817 8628 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:16:53.0890 8628 WcsPlugInService - ok 15:16:53.0925 8628 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 15:16:53.0960 8628 Wd - ok 15:16:54.0007 8628 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:16:54.0093 8628 Wdf01000 - ok 15:16:54.0124 8628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:16:54.0245 8628 WdiServiceHost - ok 15:16:54.0252 8628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:16:54.0300 8628 WdiSystemHost - ok 15:16:54.0334 8628 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 15:16:54.0412 8628 WebClient - ok 15:16:54.0441 8628 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:16:54.0566 8628 Wecsvc - ok 15:16:54.0587 8628 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:16:54.0694 8628 wercplsupport - ok 15:16:54.0722 8628 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 15:16:54.0831 8628 WerSvc - ok 15:16:54.0875 8628 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 15:16:54.0971 8628 WfpLwf - ok 15:16:55.0000 8628 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:16:55.0036 8628 WIMMount - ok 15:16:55.0051 8628 WinDefend - ok 15:16:55.0075 8628 WinHttpAutoProxySvc - ok 15:16:55.0125 8628 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:16:55.0254 8628 Winmgmt - ok 15:16:55.0342 8628 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 15:16:55.0519 8628 WinRM - ok 15:16:55.0586 8628 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:16:55.0634 8628 WinUsb - ok 15:16:55.0689 8628 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 15:16:55.0784 8628 Wlansvc - ok 15:16:55.0903 8628 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:16:56.0045 8628 wlidsvc - ok 15:16:56.0074 8628 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:16:56.0118 8628 WmiAcpi - ok 15:16:56.0155 8628 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:16:56.0222 8628 wmiApSrv - ok 15:16:56.0255 8628 WMPNetworkSvc - ok 15:16:56.0285 8628 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:16:56.0337 8628 WPCSvc - ok 15:16:56.0351 8628 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:16:56.0423 8628 WPDBusEnum - ok 15:16:56.0438 8628 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 15:16:56.0517 8628 wscsvc - ok 15:16:56.0523 8628 WSearch - ok 15:16:56.0635 8628 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 15:16:56.0802 8628 wuauserv - ok 15:16:56.0830 8628 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:16:56.0894 8628 WudfPf - ok 15:16:56.0927 8628 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:16:56.0987 8628 WUDFRd - ok 15:16:57.0021 8628 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:16:57.0083 8628 wudfsvc - ok 15:16:57.0118 8628 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 15:16:57.0204 8628 WwanSvc - ok 15:16:57.0254 8628 ================ Scan global =============================== 15:16:57.0279 8628 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 15:16:57.0324 8628 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:16:57.0339 8628 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 15:16:57.0377 8628 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 15:16:57.0411 8628 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 15:16:57.0420 8628 [Global] - ok 15:16:57.0421 8628 ================ Scan MBR ================================== 15:16:57.0435 8628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:16:58.0329 8628 \Device\Harddisk0\DR0 - ok 15:16:58.0335 8628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 15:16:58.0495 8628 \Device\Harddisk1\DR1 - ok 15:16:58.0497 8628 ================ Scan VBR ================================== 15:16:58.0528 8628 [ C41D70D3054607C2F0C3E9E3E076F3A3 ] \Device\Harddisk0\DR0\Partition1 15:16:58.0531 8628 \Device\Harddisk0\DR0\Partition1 - ok 15:16:58.0544 8628 [ 84D1982ADACA25232B77B37EAE63D6DB ] \Device\Harddisk0\DR0\Partition2 15:16:58.0547 8628 \Device\Harddisk0\DR0\Partition2 - ok 15:16:58.0555 8628 [ 5D5514715898B49C67AEB90DE886E527 ] \Device\Harddisk1\DR1\Partition1 15:16:58.0557 8628 \Device\Harddisk1\DR1\Partition1 - ok 15:16:58.0558 8628 ============================================================ 15:16:58.0558 8628 Scan finished 15:16:58.0558 8628 ============================================================ 15:16:58.0578 5160 Detected object count: 6 15:16:58.0578 5160 Actual detected object count: 6 15:17:21.0185 5160 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:21.0185 5160 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:21.0185 5160 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:21.0186 5160 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:21.0186 5160 DCDhcpService ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:21.0187 5160 DCDhcpService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:21.0188 5160 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:21.0188 5160 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:21.0191 5160 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:21.0191 5160 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:17:21.0192 5160 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 15:17:21.0192 5160 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
12.06.2013, 14:33 | #9 |
/// Malware-holic | Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2013, 15:03 | #10 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? hab Combofix gestartet, aber mein Laptop geht immer ziemlich schnell in den "Ruhemodus", sprich schwarzer Bildschirm, wenn ich den Cursor nicht bewege. ich nehme an, dass Combofix sich jetzt aufgehängt hat. Er steht bei Stufe 4 und es geht nicht weiter... |
12.06.2013, 15:10 | #11 |
/// Malware-holic | Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? lass es noch mal 20 min laufen, wenn das nnichts passiert starte es noch mal
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2013, 15:30 | #12 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? das Resultat Code:
ATTFilter ComboFix 13-06-08.02 - Sabine 12.06.2013 16:16:37.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4078.2130 [GMT 2:00] ausgeführt von:: c:\users\Sabine\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\xp-AntiSpy c:\program files (x86)\xp-AntiSpy\Uninstall.exe c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url c:\users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\mcv1w1a9.default\extensions\pricepeep@getpricepeep.com.xpi . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 )))))))))))))))))))))))))))))) . . 2013-06-12 14:23 . 2013-06-12 14:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-12 12:26 . 2013-06-12 12:26 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-06-12 06:30 . 2013-06-12 06:30 -------- d-----w- c:\users\Sabine\AppData\Roaming\Avira 2013-06-12 06:24 . 2013-03-06 14:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-06-12 06:24 . 2013-02-26 14:56 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-06-12 06:24 . 2013-02-26 14:56 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-06-12 06:23 . 2013-06-12 06:23 -------- d-----w- c:\programdata\Avira 2013-06-12 06:23 . 2013-06-12 06:23 -------- d-----w- c:\program files (x86)\Avira 2013-06-11 20:50 . 2013-06-11 20:50 -------- d-----w- c:\users\Sabine\AppData\Roaming\PerformerSoft 2013-06-11 20:50 . 2012-12-19 13:53 19632 ----a-w- c:\windows\system32\roboot64.exe 2013-06-11 20:50 . 2013-06-11 20:50 -------- d-----w- c:\program files (x86)\PC Performer 2013-06-11 20:50 . 2013-06-11 20:50 -------- d-----w- c:\programdata\Arovax 2013-06-11 20:50 . 2013-06-11 20:50 -------- d-----w- c:\program files (x86)\Arovax AntiSpyware 2013-06-11 20:37 . 2013-06-11 20:37 -------- d-----w- c:\users\Sabine\AppData\Roaming\Malwarebytes 2013-06-11 20:37 . 2013-06-11 20:37 -------- d-----w- c:\programdata\Malwarebytes 2013-06-11 20:36 . 2013-06-11 20:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-11 20:36 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-11 18:12 . 2013-06-12 13:48 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B442372B-7140-4F24-8D70-8D88C6FB91C4}\offreg.dll 2013-06-11 17:48 . 2013-06-11 19:54 -------- d-----w- c:\programdata\SecTaskMan 2013-06-11 17:48 . 2013-06-11 17:48 -------- d-----w- c:\program files (x86)\Security Task Manager 2013-06-11 15:13 . 2013-06-11 15:13 -------- d-----w- c:\users\Sabine\AppData\Local\Programs 2013-06-11 10:06 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B442372B-7140-4F24-8D70-8D88C6FB91C4}\mpengine.dll 2013-06-08 19:09 . 2013-06-08 19:09 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-05-16 09:07 . 2013-04-05 06:50 19231232 ----a-w- c:\windows\system32\mshtml.dll 2013-05-16 09:07 . 2013-04-05 06:50 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-05-16 06:45 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-16 06:45 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-16 06:45 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-16 06:45 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-16 06:45 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-16 06:45 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-16 06:45 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-16 06:45 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-16 06:45 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-16 06:44 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-16 06:44 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-16 06:44 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-15 12:13 . 2013-05-15 12:13 -------- d-----w- c:\users\Sabine\AppData\Roaming\IsolatedStorage 2013-05-15 12:13 . 2013-05-15 12:13 -------- d-----w- c:\programdata\IsolatedStorage 2013-05-15 12:12 . 2013-05-15 12:12 -------- d-----w- c:\users\Sabine\AppData\Local\_ 2013-05-13 14:46 . 2013-05-20 18:31 -------- d-----w- c:\users\Sabine\My Downloads 2013-05-13 14:45 . 2013-05-13 15:36 -------- d-----w- c:\users\Sabine\AppData\Roaming\FreeTorrentViewer . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-11 20:19 . 2012-05-02 11:28 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-11 20:19 . 2012-01-18 11:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-17 08:03 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-16 09:13 . 2012-01-18 16:58 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-09 08:58 . 2012-02-05 15:39 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-22 07:10 . 2013-04-22 07:10 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-04-22 07:10 . 2013-04-22 07:10 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-04-22 07:10 . 2013-04-22 07:10 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-04-22 07:10 . 2013-04-22 07:10 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-04-22 07:10 . 2013-04-22 07:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-04-22 07:10 . 2013-04-22 07:10 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-04-22 07:10 . 2013-04-22 07:10 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-04-22 07:10 . 2013-04-22 07:10 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-04-22 07:10 . 2013-04-22 07:10 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-04-22 07:10 . 2013-04-22 07:10 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-04-22 07:10 . 2013-04-22 07:10 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-04-22 07:10 . 2013-04-22 07:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-04-22 07:10 . 2013-04-22 07:10 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-04-22 07:10 . 2013-04-22 07:10 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-04-22 07:10 . 2013-04-22 07:10 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-04-22 07:10 . 2013-04-22 07:10 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-04-22 07:10 . 2013-04-22 07:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-04-22 07:10 . 2013-04-22 07:10 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-22 07:10 . 2013-04-22 07:10 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-04-22 07:10 . 2013-04-22 07:10 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-22 07:10 . 2013-04-22 07:10 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-22 07:10 . 2013-04-22 07:10 81408 ----a-w- c:\windows\system32\icardie.dll 2013-04-22 07:10 . 2013-04-22 07:10 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-04-22 07:10 . 2013-04-22 07:10 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-04-22 07:10 . 2013-04-22 07:10 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-04-22 07:10 . 2013-04-22 07:10 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-04-22 07:10 . 2013-04-22 07:10 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-04-22 07:10 . 2013-04-22 07:10 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-04-22 07:10 . 2013-04-22 07:10 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-22 07:10 . 2013-04-22 07:10 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-04-22 07:10 . 2013-04-22 07:10 441856 ----a-w- c:\windows\system32\html.iec 2013-04-22 07:10 . 2013-04-22 07:10 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-04-22 07:10 . 2013-04-22 07:10 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-22 07:10 . 2013-04-22 07:10 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-04-22 07:10 . 2013-04-22 07:10 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-04-22 07:10 . 2013-04-22 07:10 235008 ----a-w- c:\windows\system32\url.dll 2013-04-22 07:10 . 2013-04-22 07:10 216064 ----a-w- c:\windows\system32\msls31.dll 2013-04-22 07:10 . 2013-04-22 07:10 197120 ----a-w- c:\windows\system32\msrating.dll 2013-04-22 07:10 . 2013-04-22 07:10 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-22 07:10 . 2013-04-22 07:10 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-04-22 07:10 . 2013-04-22 07:10 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-22 07:10 . 2013-04-22 07:10 149504 ----a-w- c:\windows\system32\occache.dll 2013-04-22 07:10 . 2013-04-22 07:10 144896 ----a-w- c:\windows\system32\wextract.exe 2013-04-22 07:10 . 2013-04-22 07:10 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-04-22 07:10 . 2013-04-22 07:10 13824 ----a-w- c:\windows\system32\mshta.exe 2013-04-22 07:10 . 2013-04-22 07:10 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-04-22 07:10 . 2013-04-22 07:10 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-22 07:10 . 2013-04-22 07:10 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-04-22 07:10 . 2013-04-22 07:10 102912 ----a-w- c:\windows\system32\inseng.dll 2013-04-13 05:49 . 2013-05-16 06:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 06:45 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 06:45 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 06:45 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 06:45 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 06:45 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 06:56 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 03:35 . 2013-04-18 12:15 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-19 06:04 . 2013-04-10 15:21 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 15:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 15:21 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 15:21 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 15:21 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 15:21 112640 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-08 12:30 220632 ----a-w- c:\users\Sabine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-08 12:30 220632 ----a-w- c:\users\Sabine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-08 12:30 220632 ----a-w- c:\users\Sabine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\Sabine\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\Sabine\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 130736 ----a-w- c:\users\Sabine\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-08-22 5352288] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040] "Arovax AntiSpyware"="c:\program files (x86)\Arovax AntiSpyware\arovaxantispyware.exe" [2007-09-21 1966080] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-08-17 522232] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312] . c:\users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Sabine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x] S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x] S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x] S3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 23209725 *Deregistered* - 23209725 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 15:13 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 20:19] . 2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 16:58] . 2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-04 16:58] . 2013-06-12 c:\windows\Tasks\PC Performer_DEFAULT.job - c:\program files (x86)\PC Performer\PCPerformer.exe [2013-06-11 13:53] . 2013-06-12 c:\windows\Tasks\PC Performer_UPDATES.job - c:\program files (x86)\PC Performer\PCPerformer.exe [2013-06-11 13:53] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-08 12:30 244696 ----a-w- c:\users\Sabine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-08 12:30 244696 ----a-w- c:\users\Sabine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-08 12:30 244696 ----a-w- c:\users\Sabine\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Sabine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Sabine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Sabine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-04-04 22:12 164016 ----a-w- c:\users\Sabine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-03-29 518784] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.icq.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - vpnweb.cab FF - ProfilePath - c:\users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\mcv1w1a9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={396DB6CB-268F-11E2-8828-78843CF86237}&src=2&crg=3.1010000.10025&q= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-06-09 09:56; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF FF - ExtSQL: 2013-06-11 16:49; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\mcv1w1a9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: 2013-06-11 16:49; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\mcv1w1a9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} pref('extensions.shownSelectionUI',true); FF - user.js: extensions.autoDisableScopes - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Wow6432Node-HKCU-Run-DIMUpdate wird heruntergeladen...1338924290338 - c:\program files (x86)\Corel\CorelDRAW Graphics Suite X6\PHOTO-PAINT\DIM.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1617116259-3097247958-731268824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1617116259-3097247958-731268824-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-12 16:27:28 ComboFix-quarantined-files.txt 2013-06-12 14:27 . Vor Suchlauf: 16 Verzeichnis(se), 505.992.736.768 Bytes frei Nach Suchlauf: 22 Verzeichnis(se), 505.806.725.120 Bytes frei . - - End Of File - - FFC52A4E3EC3D32BB783B6D198104BAF D41D8CD98F00B204E9800998ECF8427E |
12.06.2013, 18:03 | #13 |
/// Malware-holic | Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.06.2013, 21:12 | #14 |
| Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? hi, hier die Liste Code:
ATTFilter Adobe AIR Adobe Systems Incorporated 23.04.2013 3.7.0.1530 Unnötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.06.2013 6,00MB 11.7.700.224 Unnötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.05.2013 6,00MB 11.7.700.202 Notwendig Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 30.05.2013 133MB 11.0.03 Notwendig Adobe Shockwave Player 12.0 Adobe Systems, Inc. 25.02.2013 12.0.0.112 Notwendig Alps Pointing-device for VAIO ALPS ELECTRIC CO., LTD. 06.09.2011 Notwendig ArcSoft Magic-i Visual Effects 2 ArcSoft 24.12.2011 69,5MB 2.0.1.142 Unnötig ArcSoft WebCam Companion 4 ArcSoft 24.12.2011 81,3MB 4.0.21.392 Unbekannt Arovax AntiSpyware 2.1.153 Arovax Software 11.06.2013 2.1.153 Notwendig Atheros WiFi Driver Installation Atheros 18.01.2012 3.0 Notwendig Avira Free Antivirus Avira 12.06.2013 130MB 13.0.0.3640 Notwendig Bluetooth Win7 Suite (64) Atheros Communications 06.09.2011 74,5MB 7.3.0.100 Notwendig CCleaner Piriform 22.08.2012 3.22 Notwendig Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 26.01.2013 3.0.10055 Nowendig Conexant HD Audio Conexant 06.09.2011 8.54.0.53 Notwendig Corel WinDVD Corel Inc. 06.09.2011 256MB 10.0.5.800 Unnötig DivX-Setup DivX, LLC 27.06.2012 2.6.1.9 Unnötig Dropbox Dropbox, Inc. 01.06.2013 2.0.22 Notwendig Google Chrome Google Inc. 04.11.2012 27.0.1453.110 Notwendig Google Drive Google, Inc. 06.05.2013 32,0MB 1.9.4536.8202 Notwendig Intel(R) Control Center Intel Corporation 06.09.2011 1.2.1.1007 Notwendig Intel(R) Management Engine Components Intel Corporation 06.09.2011 7.0.0.1144 Notwendig Intel(R) Rapid Storage Technology Intel Corporation 06.09.2011 10.0.0.1046 Notwendig Java 7 Update 21 Oracle 07.03.2013 129MB 7.0.210 Notwendig Java(TM) 6 Update 22 Oracle 06.09.2011 97,0MB 6.0.220 Notwendig Java(TM) 6 Update 22 (64-bit) Oracle 06.09.2011 90,6MB 6.0.220 Notwendig JavaFX 2.1.1 Oracle Corporation 25.06.2012 20,8MB 2.1.1 Notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 11.06.2013 19,2MB 1.75.0.1300 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8MB 4.0.30319 ?unnötig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.09.2011 2,93MB 4.0.30319 ?unnötig Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9MB 4.0.30319 ? unnötig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 06.09.2011 10,6MB 4.0.30319 ?unnötig Microsoft Office 2010 Microsoft Corporation 06.09.2011 6,31MB 14.0.4763.1000 Unnötig Microsoft Office File Validation Add-In Microsoft Corporation 06.02.2012 7,95MB 14.0.5130.5003 Unnötig Microsoft Office Home and Student 2007 Microsoft Corporation 03.03.2012 12.0.6612.1000 Notwendig Microsoft Office Live Add-in 1.5 Microsoft Corporation 20.06.2012 508KB 2.0.4024.1 Unbekannt Microsoft Silverlight Microsoft Corporation 13.03.2013 100MB 5.1.20125.0 ? Notwendig Microsoft SkyDrive Microsoft Corporation 08.11.2012 25,1MB 16.4.6013.0910 Notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.09.2011 1,69MB 3.1.0000 Unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 26.01.2012 298KB 8.0.61001 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 18.01.2012 788KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 26.01.2012 788KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 18.01.2012 596KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 05.02.2012 224KB 9.0.30729.4148 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 26.01.2012 600KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.06.2013 1,28MB 10.0.40219 Unbekannt Microsoft Visual Studio Tools for Applications 2.0 - ENU Microsoft Corporation 20.12.2012 211MB 9.0.30729 Unbekannt Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU Microsoft Corporation 18.12.2012 96,0MB 9.0.30729 Unbekannt Microsoft Visual Studio Tools for Applications 2.0 Runtime Microsoft Corporation 18.12.2012 158KB 9.0.30729 Unbekannt Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU Microsoft Corporation 18.12.2012 226KB 9.0.30729 Unbekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 01.12.2012 80,6MB 17.0.1 Notwendig Mozilla Maintenance Service Mozilla 01.12.2012 216KB 17.0.1 Notwendig MSXML 4.0 SP3 Parser Microsoft Corporation 06.09.2011 1,47MB 4.30.2100.0 Unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 12.07.2012 1,53MB 4.30.2114.0 Unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09.01.2013 1,54MB 4.30.2117.0 Unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 18.01.2012 1,53MB 4.30.2107.0 Unbekannt Nokia Connectivity Cable Driver Nokia 03.02.2013 3,96MB 7.1.101.0 Notwendig Nokia Suite Nokia 04.02.2013 3.7.22.0 Notwendig Notepad++ 29.01.2013 6.2.3 Notwendig NVIDIA 3D Vision Treiber 268.31 NVIDIA Corporation 18.01.2012 268.31 Notwendig NVIDIA Grafiktreiber 268.31 NVIDIA Corporation 18.01.2012 268.31 Notwendig NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 22.04.2013 1.3.18.0 Notwendig NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Corporation 18.01.2012 9.10.0514 Notwendig PC Connectivity Solution Nokia 03.02.2013 21,2MB 12.0.76.0 Notwendig PC Performer PerformerSoft LLC 11.06.2013 11,8MB 11.10 ? Notwendig PMB Sony Corporation 06.09.2011 282MB 5.5.02.12220 Unbekannt Ravensburger tiptoi 01.12.2012 Notwendig Realtek PCIE Card Reader Realtek Semiconductor Corp. 06.09.2011 6.1.7600.77 Notwendig Security Task Manager 1.8g Neuber Software 11.06.2013 1.8g Unnötig Skype™ 6.1 Skype Technologies S.A. 09.03.2013 21,1MB 6.1.129 Notwendig VAIO - Media Gallery Sony Corporation 06.09.2011 1.5.0.16020 Unnötig VAIO - PMB VAIO Edition Guide Sony Corporation 06.09.2011 72,3MB 1.6.00.06030 ? Unnötig VAIO - PMB VAIO Edition Plug-in Sony Corporation 06.09.2011 193MB 1.6.00.06140 ? Unnötig VAIO - Remote Play mit PlayStation®3 Sony Corporation 06.09.2011 1.1.0.15070 Unnötig VAIO - Remote-Tastatur Sony Corporation 06.09.2011 1.0.1.03020 Unbekannt VAIO Care Sony Corporation 10.02.2013 139MB 8.1.0.10120 ? VAIO Control Center Sony Corporation 06.09.2011 4.5.0.03040 ? VAIO Data Restore Tool Sony Corporation 06.09.2011 1.6.0.13140 ? VAIO Easy Connect Sony Corporation 14.03.2012 14,6MB 1.1.2.01120 ? VAIO Event Service Sony Corporation 06.09.2011 5.5.0.03040 ? VAIO Gate Sony Corporation 17.09.2012 2.4.2.02200 ? VAIO Gate Default Sony Corporation 06.09.2011 2.4.0.03240 ? VAIO Hero Screensaver - Summer 2011 Screensaver 24.12.2011 ? VAIO Improvement Sony Corporation 06.09.2011 1.0.0.14150 ? VAIO Improvement Validation Sony Corporation 06.09.2011 496KB 1.0.4.01190 ? VAIO Quick Web Access Sony Corporation 06.09.2011 334MB 1.4.5.3 ? VAIO Sample Contents Sony Corporation 06.09.2011 1.4.2.09010 ? VAIO Smart Network Sony Corporation 18.01.2012 3.8.0.08120 ? VAIO Update Sony Corporation 07.02.2013 6.1.1.10250 ? VAIO-Handbuch Sony Corporation 06.09.2011 2.0.0.02250 ? VAIO-Support für Übertragungen Sony Corporation 06.09.2011 1.4.0.14230 ? Windows Live Essentials Microsoft Corporation 06.09.2011 16.4.3505.0912 Notwendig Windows Media Player Firefox Plugin Microsoft Corp 19.01.2012 296KB 1.0.0.8 Notwendig Windows Mobile-Gerätecenter Microsoft Corporation 31.01.2012 27,4MB 6.1.6965.0 Unbekannt Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Nokia 04.02.2013 05/31/2012 7.1.2.0 ?Notwendig WinRAR 4.20 (32-Bit) win.rar GmbH 23.07.2012 4.20.0 Notwendig WinZip 16.5 WinZip Computing, S.L. 26.05.2012 70,5MB 16.5.10095 Notwendig xp-AntiSpy 3.98-2 Christian Taubenheim 11.06.2013 Notwendig Zotero Standalone 4.0.8 (x86 en-US) Zotero 07.05.2013 55,4MB 4.0.8 Notwendig |
12.06.2013, 21:19 | #15 |
/// Malware-holic | Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? deinstaliere: Adobe AIR deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: ArcSoft : alle Arovax kann man drauf verzichten orel DivX Java(TM) 6 PC Performer weg mit dem misst, erstens bringen solche "optimierungstools" nichts, 2. wird der hier noch als adware angeprangert Security Task Öffne CCleaner, analysieren, starten, pc neustarten Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Zuerst keine Webseite mehr geladen, dann Probleme mit Avast - hab ich mir was eingefangen? |
anderen, ccleaner, deinstallieren, eingefangen, exp/2012-1723.es, exp/4681.ag, exp/dldr.java.o, fehlermeldung, java/agent.mt, java/agent.ns, java/agent.nt, java/agent.nu, java/agent.nv, java/agent.nw, java/agent.nx, java/dldr.lamar.ky, keine verbindung, malwarebytes, nicht mehr, pup.installbrain, verbindung, webseiten |