Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Firewall und Windows Update Fehlermeldung 0x80070424 (https://www.trojaner-board.de/116246-windows-firewall-windows-update-fehlermeldung-0x80070424.html)

Annschie 01.06.2012 23:56
Windows Firewall und Windows Update Fehlermeldung 0x80070424
 
Hey Leute!

Ich bin sehr verzweifelt und hoffe auf euere Hilfe :wtf:

In der Systemsteuerung finde ich eine deaktivierte Firewall vor, wenn ich diese einschalten will, bekomme ich den Fehlercode 0x80070424, die Windows Updates funktionieren auch nicht - da steht: "Mit Windows Updates kann derzeit nicht nach Updates gesucht werden, da der Dienst nicht ausgeführt wird. Möglicherweise müssen sie den Computer neu starten." Nach unzähligen Neustart-Versuchen tritt das gleiche Problem auf.

Das habe ich bisher versucht:
Probleme erkennen und beheben - erfolglos
Vollständigen Virenscann - kein Fund
Systemwiederherstellung - schlägt fehl
MicrosoftFixit- selber Fehlercode wie bei den Windows Updates

Hier mein mbam Log:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.01.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna :: ANNA-VAIO [Administrator]

Schutz: Deaktiviert

02.06.2012 00:33:25
mbam-log-2012-06-02 (00-33-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204111
Laufzeit: 3 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
c:\windows\syshost.exe (Trojan.Downloader) -> Löschen bei Neustart.
c:\users\anna\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.

(Ende)


Ich bitte um Hilfe! :heulen:

Keiner da, der mir helfen könnte? ;(

cosinus 03.06.2012 15:28
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Annschie 03.06.2012 19:51
Vielen Dank für die Antwort!

Hier nun mein Malwarebytes-Log:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Anna :: ANNA-VAIO [Administrator]

Schutz: Deaktiviert

03.06.2012 19:54:48
mbam-log-2012-06-03 (19-54-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333277
Laufzeit: 43 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
c:\windows\syshost.exe (Trojan.Downloader) -> Löschen bei Neustart.
c:\users\anna\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\localservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Löschen bei Neustart.

(Ende)
Hier der Eset Online Scanner Log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50138e3f6a7c564389e04fcf6f45df3d
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 06:03:04
# local_time=2012-06-03 08:03:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 1041222 90376429 0 0
# compatibility_mode=8192 67108863 100 0 216 216 0 0
# scanned=5365
# found=0
# cleaned=0
# scan_time=26
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50138e3f6a7c564389e04fcf6f45df3d
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 06:04:47
# local_time=2012-06-03 08:04:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 66 94 1041330 90376537 0 0
# compatibility_mode=8192 67108863 100 0 324 324 0 0
# scanned=7261
# found=0
# cleaned=0
# scan_time=17
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=50138e3f6a7c564389e04fcf6f45df3d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-03 06:46:52
# local_time=2012-06-03 08:46:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 66 94 1041387 90376594 0 0
# compatibility_mode=8192 67108863 100 0 381 381 0 0
# scanned=104413
# found=4
# cleaned=0
# scan_time=2489
C:\Users\Anna\AppData\Local\{02bfc888-64ea-37ed-3762-28cbf0f1a9fc}\n        Win64/Sirefef.W trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Anna\AppData\Roaming\AusLogics\Rescue\Sony Maintenance\120601222610088.rsc        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{02bfc888-64ea-37ed-3762-28cbf0f1a9fc}\n        Win64/Sirefef.W trojan (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\{02bfc888-64ea-37ed-3762-28cbf0f1a9fc}\U\80000000.@        Win64/Sirefef.AE trojan (unable to clean)        00000000000000000000000000000000        I
Vielen Dank für die Hilfe im Voraus!

cosinus 03.06.2012 21:02
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Annschie 03.06.2012 22:18
Zitat:
1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
Der normale Modus von Windows ging vorher uneingeschränkt, so wie jetzt auch. Kann leider immer noch nicht die Windows Firewall einschalten und die Windows Updates durchführen. :schmoll:

Zitat:
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
Nein, alles ist soweit da, nur der "Autostart-Ordner" ist leer.

cosinus 04.06.2012 10:28
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Annschie 04.06.2012 16:26
Hier der OTL.Txt-Log:

Code:
OTL logfile created on: 04.06.2012 17:10:10 - Run 1
OTL by OldTimer - Version 3.2.46.0    Folder = C:\Users\Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,96% Memory free
7,90 Gb Paging File | 6,69 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 401,58 Gb Free Space | 88,89% Space Free | Partition Type: NTFS
 
Computer Name: ANNA-VAIO | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.04 17:07:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
PRC - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.03.05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.11.27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 16:36:09 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c30b231f838269283ee449bbc98b202\IAStorUtil.ni.dll
MOD - [2012.05.12 16:36:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012.05.12 14:06:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 14:06:02 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.12 14:05:54 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.12 14:05:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 14:05:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 14:05:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 14:05:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 14:05:16 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.08.08 16:30:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2012.05.23 09:59:57 | 000,077,784 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys -- (f03f375b4aa00e1d)
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,159,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\regsvc.dll -- (RemoteRegistry)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.05.08 18:38:13 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.07 22:30:29 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.07.19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.04.29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.04.29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.03.29 08:13:25 | 002,361,344 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.02.01 13:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.01 13:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.11.27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.05.23 09:59:57 | 000,077,784 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys -- (f03f375b4aa00e1d)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.20 17:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.06.21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.04.29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.04.29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.04.29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.04.29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.04.29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.04.29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.04.29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.04.29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.04.29 17:19:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011.03.29 11:00:53 | 000,317,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.03.29 10:55:05 | 012,273,408 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.29 08:51:30 | 000,425,064 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.29 08:15:05 | 000,335,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.03.29 05:57:20 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.22 17:27:05 | 000,437,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\..\SearchScopes\{4859911F-E81C-470A-A9F7-32E29DAD2149}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\..\SearchScopes\{58BBACF5-F773-4C1E-B1C8-4EE9A56ED1D3}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1062293257-463985827-3690587801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.07 22:30:29 | 000,000,000 | ---D | M]
 
[2012.01.03 00:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Extensions
[2012.05.12 14:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\l24z5ouk.default\extensions
[2012.05.12 14:52:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\l24z5ouk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.15 15:08:05 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Anna\AppData\Roaming\mozilla\Firefox\Profiles\l24z5ouk.default\extensions\firefox@ghostery.com
[2012.01.03 00:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.07 22:30:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6500FF66-A527-483E-BAEE-E230BB665EE8}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEFBB5C8-6FE5-4302-8842-C771B9ABBC85}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AthBtTray - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
MsConfig:64bit - StartUpReg: AtherosBtStack - hkey= - key= - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Regedit32 - hkey= - key= -  File not found
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.04 17:07:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2012.06.03 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9A22221E-468D-4A9D-A618-DD1AB47AA39A}
[2012.06.03 23:28:44 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{AE0C592C-97A1-4DA4-B0E9-8C7E89644EC3}
[2012.06.03 19:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.03 19:58:59 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
[2012.06.02 14:20:49 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.02 14:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.02 14:20:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.02 13:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.06.02 13:51:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\AVS4YOU
[2012.06.02 13:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.06.02 13:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2012.06.02 13:43:54 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Smart PC Solutions
[2012.06.02 13:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.06.02 13:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.06.02 13:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012.06.02 02:17:29 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{3E04E05B-043E-4441-AAE5-344D7FB66F81}
[2012.06.02 02:17:19 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{873CA99C-E35D-4F5F-85BA-25E0D7C47FF5}
[2012.06.02 01:27:22 | 000,035,680 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.06.02 01:27:22 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.06.02 01:25:34 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.02 01:25:34 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.02 01:25:33 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.02 01:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.02 01:25:22 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\TuneUp Software
[2012.06.02 01:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.02 01:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.02 01:24:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.02 01:24:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.02 00:24:09 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2012.06.02 00:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.01 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012.06.01 23:15:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012.06.01 21:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.01 21:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2012.06.01 21:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012.06.01 21:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012.05.31 21:36:18 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{807CE93D-2A48-424F-9DF6-8F554FD9397C}
[2012.05.31 21:36:08 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{5BD95D86-3D0E-4163-B1C7-C3CACB02ADF5}
[2012.05.29 23:23:31 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E8442317-00D1-4D34-A9D1-AFEAC5A12CDC}
[2012.05.29 23:23:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{D4229B59-CECA-4CC1-B2B9-0795CBC11F33}
[2012.05.29 10:43:59 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9AD0810B-6A45-4BE6-8591-CE0FE6320AAB}
[2012.05.29 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{4E58D0F8-81FC-4403-84C9-1862C2C371C8}
[2012.05.28 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{645E7876-EE81-4B15-A109-331FB5A08D6F}
[2012.05.28 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{911E613A-97DA-429D-8C00-95E0F4ED34D1}
[2012.05.23 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\Sony Corporation
[2012.05.23 09:41:11 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{20C85C4D-2D40-4992-8752-9EB2FB6F6857}
[2012.05.23 09:41:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{DC398492-59A2-41B9-811E-4DF6CBC35404}
[2012.05.22 10:57:58 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{094CC0D1-805B-4575-A51C-8276CC5B0095}
[2012.05.22 10:57:47 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{29953339-59F6-4308-8426-07767B431FA9}
[2012.05.21 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E913854D-A092-42D9-8078-E0ACED462930}
[2012.05.21 22:10:24 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{09757486-B952-4A1B-AC93-D5C1F1ECD10E}
[2012.05.20 22:18:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F1A92B24-4895-4ABD-8AFA-C075078BDE20}
[2012.05.20 22:18:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{83BE3C82-83EF-4326-98EF-B47741DC27BB}
[2012.05.16 10:43:46 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{8028927F-1490-404D-99CF-EFD65D5D4699}
[2012.05.16 10:43:35 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C9D7A26A-0493-4D70-B4C5-C89C3E50CEF2}
[2012.05.15 17:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.15 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.15 17:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.14 22:06:33 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{038743A0-6D2E-4EDE-9C32-4E5BF5E802CC}
[2012.05.14 22:06:22 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{9725C3A0-2553-4067-AF6F-23B99D807B94}
[2012.05.13 17:03:32 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E59CB28A-F625-4888-9F87-A539774B0FB1}
[2012.05.13 17:03:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{F78A59A9-A05A-40D8-90BA-287A852D9095}
[2012.05.12 17:48:46 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{FEA190D7-19B2-4DDB-A676-AD9A49D4353F}
[2012.05.12 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{3512DA5E-AF83-4A09-AC5A-9273D81FBAB3}
[2012.05.12 14:52:10 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.12 14:52:06 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\SysWow64\QtCore4.dll
[2012.05.12 14:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.05.12 14:51:53 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012.05.12 14:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012.05.12 14:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.05.12 14:51:01 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoft
[2012.05.10 14:15:50 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{EB9392E8-F445-42C0-846E-38A0BB541070}
[2012.05.10 14:15:38 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{C3F224D4-3B8B-421A-9358-388468F48B53}
[2012.05.08 18:38:30 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{15182D3E-A864-493E-B0A9-2C84117DCFF0}
[2012.05.08 18:38:20 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{049E5FE0-461D-4647-9BB4-ADDEA8363F9A}
[2012.05.07 22:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.07 22:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.07 22:30:21 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{E1D75517-40C9-46A7-BC1B-92D477E4AC50}
[2012.05.07 22:30:10 | 000,000,000 | ---D | C] -- C:\Users\Anna\AppData\Local\{07C1CB56-C350-4905-BAE7-178994CD859E}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.04 17:11:20 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 17:11:20 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.04 17:07:36 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Anna\Desktop\OTL.exe
[2012.06.04 17:04:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.04 17:03:48 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.03 23:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 19:59:01 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Anna\Desktop\esetsmartinstaller_enu.exe
[2012.06.02 14:20:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 14:18:41 | 000,443,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.02 01:25:30 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.02 01:25:30 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.02 00:03:54 | 000,690,049 | ---- | M] () -- C:\Users\Anna\AppData\Local\census.cache
[2012.06.02 00:03:45 | 000,096,627 | ---- | M] () -- C:\Users\Anna\AppData\Local\ars.cache
[2012.06.01 23:54:45 | 000,000,036 | ---- | M] () -- C:\Users\Anna\AppData\Local\housecall.guid.cache
[2012.06.01 23:15:26 | 000,037,888 | ---- | M] () -- C:\Users\Anna\bkhu79m9pe.exe
[2012.06.01 23:15:26 | 000,036,352 | ---- | M] () -- C:\Users\Anna\ewwy7owwge.exe
[2012.06.01 21:54:45 | 000,227,530 | ---- | M] () -- C:\test.xml
[2012.06.01 21:42:54 | 000,002,697 | ---- | M] () -- C:\Users\Anna\Desktop\Microsoft Office Word 2007.lnk
[2012.06.01 21:37:44 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 21:37:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 21:37:44 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 21:37:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.30 11:17:41 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.29 13:09:54 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.05.29 13:09:50 | 000,035,680 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.05.29 13:09:50 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.05.29 13:09:50 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.05.23 09:59:57 | 000,077,784 | ---- | M] () -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys
[2012.05.12 14:52:07 | 000,001,239 | ---- | M] () -- C:\Users\Anna\Desktop\DVDVideoSoft Free Studio.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.02 14:20:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.02 01:25:30 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.06.02 01:25:30 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.06.02 01:25:30 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.06.02 00:03:54 | 000,690,049 | ---- | C] () -- C:\Users\Anna\AppData\Local\census.cache
[2012.06.02 00:03:45 | 000,096,627 | ---- | C] () -- C:\Users\Anna\AppData\Local\ars.cache
[2012.06.01 23:54:45 | 000,000,036 | ---- | C] () -- C:\Users\Anna\AppData\Local\housecall.guid.cache
[2012.06.01 21:42:54 | 000,002,697 | ---- | C] () -- C:\Users\Anna\Desktop\Microsoft Office Word 2007.lnk
[2012.05.31 11:16:04 | 000,036,352 | ---- | C] () -- C:\Users\Anna\ewwy7owwge.exe
[2012.05.29 21:21:12 | 000,037,888 | ---- | C] () -- C:\Users\Anna\bkhu79m9pe.exe
[2012.05.23 09:59:57 | 000,077,784 | ---- | C] () -- C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys
[2012.05.12 14:52:07 | 000,001,239 | ---- | C] () -- C:\Users\Anna\Desktop\DVDVideoSoft Free Studio.lnk
[2012.05.10 12:05:48 | 005,559,664 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 12:05:47 | 003,146,240 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012.05.10 12:05:13 | 000,075,120 | ---- | C] () -- C:\Windows\SysNative\drivers\partmgr.sys
[2012.05.10 12:05:00 | 001,918,320 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2012.03.13 00:16:59 | 000,000,537 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.11 17:05:48 | 000,000,017 | ---- | C] () -- C:\Users\Anna\AppData\Local\resmon.resmoncfg
[2012.01.15 13:50:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.30 03:46:48 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.30 03:46:47 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.03.30 03:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.02.11 01:03:27 | 001,591,930 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.01.15 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AusLogics
[2012.05.12 18:29:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoft
[2012.05.12 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.02 13:45:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Smart PC Solutions
[2012.06.01 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SoftGrid Client
[2012.01.05 01:02:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TP
[2012.06.02 01:25:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TuneUp Software
[2012.03.29 22:08:01 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.05 00:30:12 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Adobe
[2012.01.02 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\ArcSoft
[2012.01.14 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Atheros
[2012.01.15 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AusLogics
[2012.06.02 13:51:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\AVS4YOU
[2012.05.12 18:29:06 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoft
[2012.05.12 14:52:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.02 20:06:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Identities
[2012.01.02 20:07:01 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Intel Corporation
[2011.08.08 07:07:35 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Macromedia
[2012.06.02 00:24:09 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Malwarebytes
[2011.07.13 04:58:01 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Media Center Programs
[2012.06.01 21:43:08 | 000,000,000 | --SD | M] -- C:\Users\Anna\AppData\Roaming\Microsoft
[2012.01.03 00:16:42 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Mozilla
[2012.01.31 17:50:03 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Skype
[2012.01.15 13:49:59 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\skypePM
[2012.06.02 13:45:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Smart PC Solutions
[2012.06.01 21:37:21 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\SoftGrid Client
[2012.02.03 21:16:31 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Sony Corporation
[2012.01.05 01:02:04 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TP
[2012.06.02 01:25:22 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
[2011.08.08 07:07:33 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Anna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
[2011.02.22 17:27:05 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_5b314ccea0aa569d\iaStor.sys
[2011.02.22 17:27:05 | 000,437,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
Hier der Extra.Txt - Log:

Code:
OTL Extras logfile created on: 04.06.2012 17:10:10 - Run 1
OTL by OldTimer - Version 3.2.46.0    Folder = C:\Users\Anna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 72,96% Memory free
7,90 Gb Paging File | 6,69 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,78 Gb Total Space | 401,58 Gb Free Space | 88,89% Space Free | Partition Type: NTFS
 
Computer Name: ANNA-VAIO | User Name: Anna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_USERS\S-1-5-21-1062293257-463985827-3690587801-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{017E65B1-7484-461A-B16F-7C931166083B}" = Die Sims - Hot Date
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{45191C61-3D04-4D03-B78A-592DF13264CC}" = Windows Live Messenger
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.7.508
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free Disc Burner_is1" = Free Disc Burner version 3.0.9.508
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Security Task Manager" = Security Task Manager 1.8d
"splashtop" = VAIO Quick Web Access
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VAIO Help and Support" =
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.05.2012 05:59:08 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 12.05.2012 08:05:10 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 12.05.2012 08:46:44 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 13.05.2012 11:03:43 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 13.05.2012 11:15:06 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 14.05.2012 12:17:21 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 14.05.2012 13:02:23 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 14.05.2012 15:37:15 | Computer Name = Anna-VAIO | Source = WinMgmt | ID = 10
Description =
 
Error - 14.05.2012 15:46:23 | Computer Name = Anna-VAIO | Source = CVHSVC | ID = 100
Description =
 
Error - 14.05.2012 15:48:44 | Computer Name = Anna-VAIO | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ System Events ]
Error - 01.06.2012 17:17:04 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
Error - 01.06.2012 17:21:29 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.06.2012 17:24:01 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.06.2012 17:33:05 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
Error - 01.06.2012 17:33:05 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 01.06.2012 17:48:18 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7003
Description = Der Dienst "McAfee Personal Firewall Service" ist von folgendem Dienst
 abhängig: MpsSvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 01.06.2012 18:14:35 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%-2147024891
 
Error - 01.06.2012 18:14:35 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 01.06.2012 18:24:39 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht
gestartet:  %%31
 
Error - 01.06.2012 18:24:39 | Computer Name = Anna-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde:  %%31
 
 
< End of report >

cosinus 04.06.2012 20:18
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys
C:\Users\Anna\bkhu79m9pe.exe
C:\Users\Anna\ewwy7owwge.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Annschie 04.06.2012 22:03
Hier das Logfile:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
File move failed. C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys scheduled to be moved on reboot.
C:\Users\Anna\bkhu79m9pe.exe moved successfully.
C:\Users\Anna\ewwy7owwge.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Anna
->Temp folder emptied: 94882257 bytes
->Temporary Internet Files folder emptied: 2958751 bytes
->Java cache emptied: 26926936 bytes
->FireFox cache emptied: 49786914 bytes
->Flash cache emptied: 61941 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 886180670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64905251 bytes
RecycleBin emptied: 678410 bytes
 
Total Files Cleaned = 1.074,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Anna
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.0 log created on 06042012_225419

Files\Folders moved on Reboot...
File\Folder C:\Windows\SysNative\drivers\f03f375b4aa00e1d.sys not found!
C:\Users\Anna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLVPN0BA\aachen[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TLVPN0BA\groupon-de[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFWDYCQA\xd_arbiter[1].htm not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFWDYCQA\xd_arbiter[2].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFWDYCQA\xd_arbiter[3].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8KEKMTR9\payment35d21a99[1].htm not found!

Registry entries deleted on Reboot...

cosinus 05.06.2012 09:41
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Annschie 05.06.2012 17:58
Hab's hoch geladen, hoffe, dass ich alles richtig gemacht habe!

Lieben Dank nochmal für die Mühe.

cosinus 05.06.2012 19:45
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Annschie 05.06.2012 21:07
Hier der Log des TDSS-Killer:

Code:
21:57:48.0062 3504        TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
21:57:48.0171 3504        ============================================================
21:57:48.0171 3504        Current date / time: 2012/06/05 21:57:48.0171
21:57:48.0171 3504        SystemInfo:
21:57:48.0171 3504       
21:57:48.0171 3504        OS Version: 6.1.7601 ServicePack: 1.0
21:57:48.0171 3504        Product type: Workstation
21:57:48.0171 3504        ComputerName: ANNA-VAIO
21:57:48.0171 3504        UserName: Anna
21:57:48.0171 3504        Windows directory: C:\Windows
21:57:48.0171 3504        System windows directory: C:\Windows
21:57:48.0171 3504        Running under WOW64
21:57:48.0171 3504        Processor architecture: Intel x64
21:57:48.0171 3504        Number of processors: 4
21:57:48.0171 3504        Page size: 0x1000
21:57:48.0171 3504        Boot type: Normal boot
21:57:48.0171 3504        ============================================================
21:58:00.0230 3504        !crdlk
21:58:00.0432 3504        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
21:58:00.0495 3504        ============================================================
21:58:00.0495 3504        \Device\Harddisk0\DR0:
21:58:00.0526 3504        MBR partitions:
21:58:00.0542 3504        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1BC4000, BlocksNum 0x32000
21:58:00.0542 3504        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BF6000, BlocksNum 0x38790030
21:58:00.0542 3504        ============================================================
21:58:00.0635 3504        C: <-> \Device\Harddisk0\DR0\Partition1
21:58:00.0635 3504        ============================================================
21:58:00.0635 3504        Initialize success
21:58:00.0635 3504        ============================================================
21:59:39.0742 0264        ============================================================
21:59:39.0742 0264        Scan started
21:59:39.0742 0264        Mode: Manual; SigCheck; TDLFS;
21:59:39.0742 0264        ============================================================
21:59:40.0694 0264        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:59:40.0881 0264        1394ohci - ok
21:59:41.0037 0264        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:59:41.0084 0264        ACDaemon - ok
21:59:41.0177 0264        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:59:41.0224 0264        ACPI - ok
21:59:41.0287 0264        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:59:41.0365 0264        AcpiPmi - ok
21:59:41.0458 0264        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:59:41.0474 0264        AdobeARMservice - ok
21:59:41.0661 0264        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:59:41.0692 0264        AdobeFlashPlayerUpdateSvc - ok
21:59:41.0801 0264        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:59:41.0864 0264        adp94xx - ok
21:59:41.0942 0264        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:59:41.0989 0264        adpahci - ok
21:59:42.0067 0264        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:59:42.0113 0264        adpu320 - ok
21:59:42.0238 0264        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:59:42.0379 0264        AeLookupSvc - ok
21:59:42.0535 0264        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:59:42.0597 0264        AFD - ok
21:59:42.0691 0264        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:59:42.0706 0264        agp440 - ok
21:59:42.0800 0264        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:59:42.0847 0264        ALG - ok
21:59:42.0940 0264        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:59:42.0956 0264        aliide - ok
21:59:43.0034 0264        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:59:43.0065 0264        amdide - ok
21:59:43.0237 0264        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:59:43.0299 0264        AmdK8 - ok
21:59:43.0377 0264        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:59:43.0424 0264        AmdPPM - ok
21:59:43.0517 0264        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:59:43.0549 0264        amdsata - ok
21:59:43.0642 0264        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:59:43.0673 0264        amdsbs - ok
21:59:43.0751 0264        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:59:43.0783 0264        amdxata - ok
21:59:43.0876 0264        ApfiltrService  (12bfa9ec4b03cc16bb7d19baa308aef2) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:59:43.0923 0264        ApfiltrService - ok
21:59:44.0001 0264        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:59:44.0095 0264        AppID - ok
21:59:44.0188 0264        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:59:44.0266 0264        AppIDSvc - ok
21:59:44.0360 0264        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:59:44.0438 0264        Appinfo - ok
21:59:44.0516 0264        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:59:44.0547 0264        arc - ok
21:59:44.0641 0264        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:59:44.0672 0264        arcsas - ok
21:59:44.0765 0264        ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:59:44.0781 0264        ArcSoftKsUFilter - ok
21:59:45.0046 0264        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:59:45.0062 0264        aspnet_state - ok
21:59:45.0218 0264        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:45.0311 0264        AsyncMac - ok
21:59:45.0436 0264        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:59:45.0467 0264        atapi - ok
21:59:45.0577 0264        AthBTPort      (50f257e19554421b6891e3f998edca90) C:\Windows\system32\DRIVERS\btath_flt.sys
21:59:45.0592 0264        AthBTPort - ok
21:59:45.0701 0264        ATHDFU          (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
21:59:45.0717 0264        ATHDFU - ok
21:59:45.0857 0264        Atheros Bt&Wlan Coex Agent (650f111d5cda64c10ae4b9d1ba9d4fff) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:59:45.0889 0264        Atheros Bt&Wlan Coex Agent - ok
21:59:45.0982 0264        AtherosSvc      (ebc3119394c9074a9cd87578a435050d) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:59:45.0998 0264        AtherosSvc - ok
21:59:46.0247 0264        athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
21:59:46.0325 0264        athr - ok
21:59:46.0559 0264        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:59:46.0684 0264        AudioEndpointBuilder - ok
21:59:46.0840 0264        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:59:46.0918 0264        AudioSrv - ok
21:59:47.0027 0264        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:59:47.0137 0264        AxInstSV - ok
21:59:47.0308 0264        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:59:47.0371 0264        b06bdrv - ok
21:59:47.0527 0264        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:47.0589 0264        b57nd60a - ok
21:59:47.0839 0264        BBSvc          (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:59:47.0870 0264        BBSvc - ok
21:59:48.0026 0264        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:59:48.0073 0264        BDESVC - ok
21:59:48.0182 0264        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:59:48.0275 0264        Beep - ok
21:59:48.0447 0264        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:59:48.0556 0264        BFE - ok
21:59:48.0790 0264        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:59:48.0915 0264        BITS - ok
21:59:49.0055 0264        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:59:49.0102 0264        blbdrive - ok
21:59:49.0289 0264        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:59:49.0336 0264        bowser - ok
21:59:49.0430 0264        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:59:49.0477 0264        BrFiltLo - ok
21:59:49.0586 0264        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:59:49.0617 0264        BrFiltUp - ok
21:59:49.0757 0264        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:59:49.0867 0264        Browser - ok
21:59:49.0991 0264        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:59:50.0069 0264        Brserid - ok
21:59:50.0179 0264        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:50.0225 0264        BrSerWdm - ok
21:59:50.0303 0264        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:50.0335 0264        BrUsbMdm - ok
21:59:50.0428 0264        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:50.0475 0264        BrUsbSer - ok
21:59:50.0615 0264        BTATH_A2DP      (b3bcd755fa9a359d10208cc9f09847cc) C:\Windows\system32\drivers\btath_a2dp.sys
21:59:50.0647 0264        BTATH_A2DP - ok
21:59:50.0756 0264        btath_avdt      (9bbba9d6dbdefc8a6542bc7a6ebaf710) C:\Windows\system32\drivers\btath_avdt.sys
21:59:50.0787 0264        btath_avdt - ok
21:59:50.0912 0264        BTATH_BUS      (d838dd1bcb328efcfad7a52de9e3cafd) C:\Windows\system32\drivers\btath_bus.sys
21:59:50.0927 0264        BTATH_BUS - ok
21:59:51.0068 0264        BTATH_HCRP      (a441b800e04cf8443faf519207563abb) C:\Windows\system32\drivers\btath_hcrp.sys
21:59:51.0083 0264        BTATH_HCRP - ok
21:59:51.0286 0264        BTATH_LWFLT    (b16f8429a35bba2a8ef9db2e08675b97) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:59:51.0302 0264        BTATH_LWFLT - ok
21:59:51.0473 0264        BTATH_RCP      (c24231c6bdfe21735930084a22089aab) C:\Windows\system32\drivers\btath_rcp.sys
21:59:51.0520 0264        BTATH_RCP - ok
21:59:51.0770 0264        BtFilter        (3632fa4c6b3ce9ec827690deac266d8c) C:\Windows\system32\DRIVERS\btfilter.sys
21:59:51.0785 0264        BtFilter - ok
21:59:51.0926 0264        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:59:52.0004 0264        BthEnum - ok
21:59:52.0144 0264        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:59:52.0191 0264        BTHMODEM - ok
21:59:52.0331 0264        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:59:52.0378 0264        BthPan - ok
21:59:52.0534 0264        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:59:52.0581 0264        BTHPORT - ok
21:59:52.0768 0264        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:59:52.0862 0264        bthserv - ok
21:59:52.0987 0264        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:59:53.0018 0264        BTHUSB - ok
21:59:53.0158 0264        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:59:53.0236 0264        cdfs - ok
21:59:53.0377 0264        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:59:53.0408 0264        cdrom - ok
21:59:53.0579 0264        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:59:53.0673 0264        CertPropSvc - ok
21:59:53.0813 0264        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:59:53.0860 0264        circlass - ok
21:59:54.0032 0264        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:59:54.0079 0264        CLFS - ok
21:59:54.0297 0264        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:54.0313 0264        clr_optimization_v2.0.50727_32 - ok
21:59:54.0484 0264        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:54.0515 0264        clr_optimization_v2.0.50727_64 - ok
21:59:54.0687 0264        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:54.0703 0264        clr_optimization_v4.0.30319_32 - ok
21:59:54.0905 0264        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:54.0921 0264        clr_optimization_v4.0.30319_64 - ok
21:59:55.0061 0264        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:59:55.0093 0264        CmBatt - ok
21:59:55.0249 0264        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:59:55.0295 0264        cmdide - ok
21:59:55.0436 0264        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:59:55.0483 0264        CNG - ok
21:59:55.0701 0264        CnxtHdAudService (1f394df3714ed4280047810790e6df69) C:\Windows\system32\drivers\CHDRT64.sys
21:59:55.0748 0264        CnxtHdAudService - ok
21:59:55.0966 0264        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:59:55.0982 0264        Compbatt - ok
21:59:56.0122 0264        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:59:56.0169 0264        CompositeBus - ok
21:59:56.0309 0264        COMSysApp - ok
21:59:56.0465 0264        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:59:56.0481 0264        crcdisk - ok
21:59:56.0777 0264        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:59:56.0887 0264        CryptSvc - ok
21:59:57.0121 0264        DCDhcpService  (75e3c4bb1ed032310edcf5691a452b4b) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
21:59:57.0136 0264        DCDhcpService - ok
21:59:57.0511 0264        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:59:57.0620 0264        DcomLaunch - ok
21:59:57.0791 0264        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:59:57.0901 0264        defragsvc - ok
21:59:58.0057 0264        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:59:58.0135 0264        DfsC - ok
21:59:58.0322 0264        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:59:58.0415 0264        Dhcp - ok
21:59:58.0571 0264        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:59:58.0649 0264        discache - ok
21:59:58.0805 0264        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:59:58.0837 0264        Disk - ok
21:59:59.0039 0264        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:59:59.0071 0264        Dnscache - ok
21:59:59.0258 0264        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:59:59.0367 0264        dot3svc - ok
21:59:59.0539 0264        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:59:59.0632 0264        DPS - ok
21:59:59.0788 0264        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:59:59.0819 0264        drmkaud - ok
22:00:00.0038 0264        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:00:00.0085 0264        DXGKrnl - ok
22:00:00.0256 0264        e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
22:00:00.0319 0264        e1yexpress - ok
22:00:00.0506 0264        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:00:00.0599 0264        EapHost - ok
22:00:00.0943 0264        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:00:01.0083 0264        ebdrv - ok
22:00:01.0364 0264        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:00:01.0411 0264        EFS - ok
22:00:01.0707 0264        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:00:01.0769 0264        ehRecvr - ok
22:00:01.0941 0264        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:00:01.0972 0264        ehSched - ok
22:00:02.0222 0264        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:00:02.0269 0264        elxstor - ok
22:00:02.0487 0264        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:00:02.0487 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\errdev.sys. md5: 34a3c54752046e79a126e15c51db409b
22:00:02.0643 0264        ErrDev ( LockedFile.Multi.Generic ) - warning
22:00:02.0643 0264        ErrDev - detected LockedFile.Multi.Generic (1)
22:00:03.0220 0264        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:00:03.0329 0264        EventSystem - ok
22:00:03.0595 0264        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:00:03.0595 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: a510c654ec00c1e9bdd91eeb3a59823b
22:00:03.0735 0264        exfat ( LockedFile.Multi.Generic ) - warning
22:00:03.0735 0264        exfat - detected LockedFile.Multi.Generic (1)
22:00:03.0860 0264        Suspicious service (NoAccess): f03f375b4aa00e1d
22:00:03.0907 0264        f03f375b4aa00e1d (751c8fd5645972d95c43b9c01e52ec0b) C:\Windows\System32\Drivers\f03f375b4aa00e1d.sys
22:00:03.0907 0264        Suspicious file (NoAccess): C:\Windows\System32\Drivers\f03f375b4aa00e1d.sys. md5: 751c8fd5645972d95c43b9c01e52ec0b
22:00:04.0047 0264        f03f375b4aa00e1d ( LockedService.Multi.Generic ) - warning
22:00:04.0047 0264        f03f375b4aa00e1d - detected LockedService.Multi.Generic (1)
22:00:04.0234 0264        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:00:04.0250 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0adc83218b66a6db380c330836f3e36d
22:00:04.0375 0264        fastfat ( LockedFile.Multi.Generic ) - warning
22:00:04.0375 0264        fastfat - detected LockedFile.Multi.Generic (1)
22:00:04.0609 0264        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:00:04.0671 0264        Fax - ok
22:00:04.0858 0264        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:00:04.0858 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\fdc.sys. md5: d765d19cd8ef61f650c384f62fac00ab
22:00:05.0030 0264        fdc ( LockedFile.Multi.Generic ) - warning
22:00:05.0030 0264        fdc - detected LockedFile.Multi.Generic (1)
22:00:05.0233 0264        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:00:05.0295 0264        fdPHost - ok
22:00:05.0482 0264        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:00:05.0545 0264        FDResPub - ok
22:00:05.0747 0264        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:00:05.0747 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661be46b5f5f3fd454e2c3095b930
22:00:05.0888 0264        FileInfo ( LockedFile.Multi.Generic ) - warning
22:00:05.0888 0264        FileInfo - detected LockedFile.Multi.Generic (1)
22:00:06.0075 0264        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:00:06.0075 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\filetrace.sys. md5: 5f671ab5bc87eea04ec38a6cd5962a47
22:00:06.0215 0264        Filetrace ( LockedFile.Multi.Generic ) - warning
22:00:06.0215 0264        Filetrace - detected LockedFile.Multi.Generic (1)
22:00:06.0403 0264        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:00:06.0403 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\flpydisk.sys. md5: c172a0f53008eaeb8ea33fe10e177af5
22:00:06.0543 0264        flpydisk ( LockedFile.Multi.Generic ) - warning
22:00:06.0543 0264        flpydisk - detected LockedFile.Multi.Generic (1)
22:00:06.0746 0264        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:00:06.0746 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: da6b67270fd9db3697b20fce94950741
22:00:06.0886 0264        FltMgr ( LockedFile.Multi.Generic ) - warning
22:00:06.0886 0264        FltMgr - detected LockedFile.Multi.Generic (1)
22:00:07.0151 0264        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:00:07.0229 0264        FontCache - ok
22:00:07.0463 0264        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:07.0479 0264        FontCache3.0.0.0 - ok
22:00:07.0775 0264        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:00:07.0775 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: d43703496149971890703b4b1b723eac
22:00:07.0947 0264        FsDepends ( LockedFile.Multi.Generic ) - warning
22:00:07.0947 0264        FsDepends - detected LockedFile.Multi.Generic (1)
22:00:08.0150 0264        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:00:08.0150 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6bd9295cc032dd3077c671fccf579a7b
22:00:08.0306 0264        Fs_Rec ( LockedFile.Multi.Generic ) - warning
22:00:08.0306 0264        Fs_Rec - detected LockedFile.Multi.Generic (1)
22:00:08.0509 0264        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:00:08.0509 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1f7b25b858fa27015169fe95e54108ed
22:00:08.0665 0264        fvevol ( LockedFile.Multi.Generic ) - warning
22:00:08.0665 0264        fvevol - detected LockedFile.Multi.Generic (1)
22:00:08.0836 0264        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:00:08.0836 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\gagp30kx.sys. md5: 8c778d335c9d272cfd3298ab02abe3b6
22:00:08.0977 0264        gagp30kx ( LockedFile.Multi.Generic ) - warning
22:00:08.0977 0264        gagp30kx - detected LockedFile.Multi.Generic (1)
22:00:09.0226 0264        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:00:09.0335 0264        gpsvc - ok
22:00:09.0523 0264        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:00:09.0523 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: f2523ef6460fc42405b12248338ab2f0
22:00:09.0679 0264        hcw85cir ( LockedFile.Multi.Generic ) - warning
22:00:09.0679 0264        hcw85cir - detected LockedFile.Multi.Generic (1)
22:00:09.0881 0264        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:00:09.0881 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761c778e33cd22498059b91e7373a
22:00:10.0037 0264        HdAudAddService ( LockedFile.Multi.Generic ) - warning
22:00:10.0037 0264        HdAudAddService - detected LockedFile.Multi.Generic (1)
22:00:10.0225 0264        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:00:10.0225 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97bfed39b6b79eb12cddbfeed51f56bb
22:00:10.0365 0264        HDAudBus ( LockedFile.Multi.Generic ) - warning
22:00:10.0381 0264        HDAudBus - detected LockedFile.Multi.Generic (1)
22:00:10.0552 0264        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:00:10.0552 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\HidBatt.sys. md5: 78e86380454a7b10a5eb255dc44a355f
22:00:10.0708 0264        HidBatt ( LockedFile.Multi.Generic ) - warning
22:00:10.0708 0264        HidBatt - detected LockedFile.Multi.Generic (1)
22:00:10.0895 0264        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:00:10.0895 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\hidbth.sys. md5: 7fd2a313f7afe5c4dab14798c48dd104
22:00:11.0067 0264        HidBth ( LockedFile.Multi.Generic ) - warning
22:00:11.0067 0264        HidBth - detected LockedFile.Multi.Generic (1)
22:00:11.0254 0264        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:00:11.0254 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\hidir.sys. md5: 0a77d29f311b88cfae3b13f9c1a73825
22:00:11.0410 0264        HidIr ( LockedFile.Multi.Generic ) - warning
22:00:11.0410 0264        HidIr - detected LockedFile.Multi.Generic (1)
22:00:11.0629 0264        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:00:11.0707 0264        hidserv - ok
22:00:11.0925 0264        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:00:11.0925 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090a7e2b61cd582b612b6df70536
22:00:12.0065 0264        HidUsb ( LockedFile.Multi.Generic ) - warning
22:00:12.0065 0264        HidUsb - detected LockedFile.Multi.Generic (1)
22:00:12.0253 0264        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:00:12.0331 0264        hkmsvc - ok
22:00:12.0565 0264        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:00:12.0611 0264        HomeGroupListener - ok
22:00:12.0845 0264        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:00:12.0908 0264        HomeGroupProvider - ok
22:00:13.0111 0264        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:00:13.0111 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39d2abcd392f3d8a6dce7b60ae7b8efc
22:00:13.0298 0264        HpSAMD ( LockedFile.Multi.Generic ) - warning
22:00:13.0298 0264        HpSAMD - detected LockedFile.Multi.Generic (1)
22:00:13.0563 0264        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:00:13.0563 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: 0ea7de1acb728dd5a369fd742d6eee28
22:00:13.0735 0264        HTTP ( LockedFile.Multi.Generic ) - warning
22:00:13.0735 0264        HTTP - detected LockedFile.Multi.Generic (1)
22:00:13.0922 0264        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:00:13.0922 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: a5462bd6884960c9dc85ed49d34ff392
22:00:14.0093 0264        hwpolicy ( LockedFile.Multi.Generic ) - warning
22:00:14.0093 0264        hwpolicy - detected LockedFile.Multi.Generic (1)
22:00:14.0281 0264        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:00:14.0281 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: fa55c73d4affa7ee23ac4be53b4592d3
22:00:14.0437 0264        i8042prt ( LockedFile.Multi.Generic ) - warning
22:00:14.0437 0264        i8042prt - detected LockedFile.Multi.Generic (1)
22:00:14.0858 0264        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
22:00:14.0858 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStor.sys. md5: f7ce9be72edac499b713eca6dae5d26f
22:00:15.0029 0264        iaStor ( LockedFile.Multi.Generic ) - warning
22:00:15.0029 0264        iaStor - detected LockedFile.Multi.Generic (1)
22:00:15.0326 0264        IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:00:15.0341 0264        IAStorDataMgrSvc - ok
22:00:15.0653 0264        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:00:15.0653 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: aaaf44db3bd0b9d1fb6969b23ecc8366
22:00:15.0856 0264        iaStorV ( LockedFile.Multi.Generic ) - warning
22:00:15.0856 0264        iaStorV - detected LockedFile.Multi.Generic (1)
22:00:16.0215 0264        IconMan_R      (6f3909a3d40cc9f4b28e03b027f918d8) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
22:00:16.0309 0264        IconMan_R ( UnsignedFile.Multi.Generic ) - warning
22:00:16.0309 0264        IconMan_R - detected UnsignedFile.Multi.Generic (1)
22:00:16.0636 0264        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:16.0683 0264        idsvc - ok
22:00:17.0572 0264        igfx            (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:00:17.0572 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: efe5a0af39a8e179624117c521f1e012
22:00:17.0884 0264        igfx ( LockedFile.Multi.Generic ) - warning
22:00:17.0884 0264        igfx - detected LockedFile.Multi.Generic (1)
22:00:18.0227 0264        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:00:18.0227 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\iirsp.sys. md5: 5c18831c61933628f5bb0ea2675b9d21
22:00:18.0524 0264        iirsp ( LockedFile.Multi.Generic ) - warning
22:00:18.0524 0264        iirsp - detected LockedFile.Multi.Generic (1)
22:00:18.0836 0264        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:00:18.0961 0264        IKEEXT - ok
22:00:19.0398 0264        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:00:19.0398 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\IntcDAud.sys. md5: fc727061c0f47c8059e88e05d5c8e381
22:00:19.0600 0264        IntcDAud ( LockedFile.Multi.Generic ) - warning
22:00:19.0600 0264        IntcDAud - detected LockedFile.Multi.Generic (1)
22:00:19.0834 0264        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:00:19.0834 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\intelide.sys. md5: f00f20e70c6ec3aa366910083a0518aa
22:00:20.0006 0264        intelide ( LockedFile.Multi.Generic ) - warning
22:00:20.0006 0264        intelide - detected LockedFile.Multi.Generic (1)
22:00:20.0256 0264        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
22:00:20.0256 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\intelppm.sys. md5: ada036632c664caa754079041cf1f8c1
22:00:20.0396 0264        intelppm ( LockedFile.Multi.Generic ) - warning
22:00:20.0396 0264        intelppm - detected LockedFile.Multi.Generic (1)
22:00:20.0583 0264        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:00:20.0661 0264        IPBusEnum - ok
22:00:20.0864 0264        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:00:20.0880 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: c9f0e1bd74365a8771590e9008d22ab6
22:00:21.0082 0264        IpFilterDriver ( LockedFile.Multi.Generic ) - warning
22:00:21.0082 0264        IpFilterDriver - detected LockedFile.Multi.Generic (1)
22:00:21.0301 0264        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:00:21.0301 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0fc1aea580957aa8817b8f305d18ca3a
22:00:21.0472 0264        IPMIDRV ( LockedFile.Multi.Generic ) - warning
22:00:21.0472 0264        IPMIDRV - detected LockedFile.Multi.Generic (1)
22:00:21.0706 0264        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:00:21.0706 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: af9b39a7e7b6caa203b3862582e9f2d0
22:00:21.0862 0264        IPNAT ( LockedFile.Multi.Generic ) - warning
22:00:21.0862 0264        IPNAT - detected LockedFile.Multi.Generic (1)
22:00:22.0050 0264        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:00:22.0050 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3abf5e7213eb28966d55d58b515d5ce9
22:00:22.0221 0264        IRENUM ( LockedFile.Multi.Generic ) - warning
22:00:22.0221 0264        IRENUM - detected LockedFile.Multi.Generic (1)
22:00:22.0440 0264        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:00:22.0440 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\isapnp.sys. md5: 2f7b28dc3e1183e5eb418df55c204f38
22:00:22.0611 0264        isapnp ( LockedFile.Multi.Generic ) - warning
22:00:22.0611 0264        isapnp - detected LockedFile.Multi.Generic (1)
22:00:22.0861 0264        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:00:22.0861 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\msiscsi.sys. md5: d931d7309deb2317035b07c9f9e6b0bd
22:00:23.0064 0264        iScsiPrt ( LockedFile.Multi.Generic ) - warning
22:00:23.0064 0264        iScsiPrt - detected LockedFile.Multi.Generic (1)
22:00:23.0298 0264        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:00:23.0298 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdclass.sys. md5: bc02336f1cba7dcc7d1213bb588a68a5
22:00:23.0485 0264        kbdclass ( LockedFile.Multi.Generic ) - warning
22:00:23.0485 0264        kbdclass - detected LockedFile.Multi.Generic (1)
22:00:23.0703 0264        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:00:23.0703 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\kbdhid.sys. md5: 0705eff5b42a9db58548eec3b26bb484
22:00:23.0890 0264        kbdhid ( LockedFile.Multi.Generic ) - warning
22:00:23.0890 0264        kbdhid - detected LockedFile.Multi.Generic (1)
22:00:24.0140 0264        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:24.0171 0264        KeyIso - ok
22:00:24.0421 0264        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:00:24.0421 0264        Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: da1e991a61cfdd755a589e206b97644b
22:00:24.0608 0264        KSecDD ( LockedFile.Multi.Generic ) - warning
22:00:24.0608 0264        KSecDD - detected LockedFile.Multi.Generic (1)
22:00:24.0811 0264        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:00:24.0811 0264        Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 7e33198d956943a4f11a5474c1e9106f
22:00:24.0982 0264        KSecPkg ( LockedFile.Multi.Generic ) - warning
22:00:24.0982 0264        KSecPkg - detected LockedFile.Multi.Generic (1)
22:00:25.0232 0264        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:00:25.0232 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281e78cb31a43e969f06b57347c4
22:00:25.0435 0264        ksthunk ( LockedFile.Multi.Generic ) - warning
22:00:25.0435 0264        ksthunk - detected LockedFile.Multi.Generic (1)
22:00:25.0700 0264        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:00:25.0794 0264        KtmRm - ok
22:00:26.0090 0264        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:00:26.0184 0264        LanmanServer - ok
22:00:26.0449 0264        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:00:26.0527 0264        LanmanWorkstation - ok
22:00:26.0995 0264        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:00:26.0995 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831cf8ad2979a04c423779465827
22:00:27.0229 0264        lltdio ( LockedFile.Multi.Generic ) - warning
22:00:27.0229 0264        lltdio - detected LockedFile.Multi.Generic (1)
22:00:27.0556 0264        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:00:27.0681 0264        lltdsvc - ok
22:00:28.0009 0264        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:00:28.0102 0264        lmhosts - ok
22:00:28.0399 0264        LMS            (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:00:28.0430 0264        LMS - ok
22:00:29.0023 0264        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:00:29.0023 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_fc.sys. md5: 1a93e54eb0ece102495a51266dcdb6a6
22:00:29.0288 0264        LSI_FC ( LockedFile.Multi.Generic ) - warning
22:00:29.0288 0264        LSI_FC - detected LockedFile.Multi.Generic (1)
22:00:29.0553 0264        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:00:29.0553 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas.sys. md5: 1047184a9fdc8bdbff857175875ee810
22:00:29.0990 0264        LSI_SAS ( LockedFile.Multi.Generic ) - warning
22:00:29.0990 0264        LSI_SAS - detected LockedFile.Multi.Generic (1)
22:00:30.0411 0264        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:00:30.0411 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_sas2.sys. md5: 30f5c0de1ee8b5bc9306c1f0e4a75f93
22:00:30.0630 0264        LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
22:00:30.0630 0264        LSI_SAS2 - detected LockedFile.Multi.Generic (1)
22:00:30.0895 0264        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:00:30.0895 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\lsi_scsi.sys. md5: 0504eacaff0d3c8aed161c4b0d369d4a
22:00:31.0098 0264        LSI_SCSI ( LockedFile.Multi.Generic ) - warning
22:00:31.0098 0264        LSI_SCSI - detected LockedFile.Multi.Generic (1)
22:00:31.0347 0264        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:00:31.0347 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43d0f98e1d56ccddb0d5254cff7b356e
22:00:31.0581 0264        luafv ( LockedFile.Multi.Generic ) - warning
22:00:31.0581 0264        luafv - detected LockedFile.Multi.Generic (1)
22:00:31.0846 0264        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
22:00:31.0878 0264        MBAMProtector - ok
22:00:32.0236 0264        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:00:32.0299 0264        MBAMService - ok
22:00:32.0580 0264        McMPFSvc - ok
22:00:32.0860 0264        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:00:32.0907 0264        Mcx2Svc - ok
22:00:33.0235 0264        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:00:33.0235 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\megasas.sys. md5: a55805f747c6edb6a9080d7c633bd0f4
22:00:33.0484 0264        megasas ( LockedFile.Multi.Generic ) - warning
22:00:33.0484 0264        megasas - detected LockedFile.Multi.Generic (1)
22:00:33.0765 0264        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:00:33.0765 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\MegaSR.sys. md5: baf74ce0072480c3b6b7c13b2a94d6b3
22:00:33.0999 0264        MegaSR ( LockedFile.Multi.Generic ) - warning
22:00:33.0999 0264        MegaSR - detected LockedFile.Multi.Generic (1)
22:00:34.0249 0264        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
22:00:34.0249 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\HECIx64.sys. md5: a6518dcc42f7a6e999bb3bea8fd87567
22:00:34.0467 0264        MEIx64 ( LockedFile.Multi.Generic ) - warning
22:00:34.0467 0264        MEIx64 - detected LockedFile.Multi.Generic (1)
22:00:34.0810 0264        Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:00:34.0842 0264        Microsoft Office Groove Audit Service - ok
22:00:35.0169 0264        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:00:35.0263 0264        MMCSS - ok
22:00:35.0544 0264        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:00:35.0544 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800ba92f7010378b09f9ed9270f07137
22:00:35.0778 0264        Modem ( LockedFile.Multi.Generic ) - warning
22:00:35.0778 0264        Modem - detected LockedFile.Multi.Generic (1)
22:00:36.0043 0264        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:00:36.0043 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: b03d591dc7da45ece20b3b467e6aadaa
22:00:36.0261 0264        monitor ( LockedFile.Multi.Generic ) - warning
22:00:36.0261 0264        monitor - detected LockedFile.Multi.Generic (1)
22:00:36.0511 0264        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:00:36.0511 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7d27ea49f3c1f687d357e77a470aea99
22:00:36.0729 0264        mouclass ( LockedFile.Multi.Generic ) - warning
22:00:36.0729 0264        mouclass - detected LockedFile.Multi.Generic (1)
22:00:37.0026 0264        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:00:37.0026 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: d3bf052c40b0c4166d9fd86a4288c1e6
22:00:37.0291 0264        mouhid ( LockedFile.Multi.Generic ) - warning
22:00:37.0291 0264        mouhid - detected LockedFile.Multi.Generic (1)
22:00:37.0556 0264        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:00:37.0556 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 32e7a3d591d671a6df2db515a5cbe0fa
22:00:37.0790 0264        mountmgr ( LockedFile.Multi.Generic ) - warning
22:00:37.0790 0264        mountmgr - detected LockedFile.Multi.Generic (1)
22:00:38.0071 0264        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:00:38.0102 0264        MozillaMaintenance - ok
22:00:38.0383 0264        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:00:38.0383 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\mpio.sys. md5: a44b420d30bd56e145d6a2bc8768ec58
22:00:38.0617 0264        mpio ( LockedFile.Multi.Generic ) - warning
22:00:38.0617 0264        mpio - detected LockedFile.Multi.Generic (1)
22:00:38.0866 0264        mpotpyrk - ok
22:00:39.0241 0264        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:00:39.0241 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6c38c9e45ae0ea2fa5e551f2ed5e978f
22:00:39.0506 0264        mpsdrv ( LockedFile.Multi.Generic ) - warning
22:00:39.0506 0264        mpsdrv - detected LockedFile.Multi.Generic (1)
22:00:39.0771 0264        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:00:39.0771 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: dc722758b8261e1abafd31a3c0a66380
22:00:40.0005 0264        MRxDAV ( LockedFile.Multi.Generic ) - warning
22:00:40.0005 0264        MRxDAV - detected LockedFile.Multi.Generic (1)
22:00:40.0286 0264        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:00:40.0286 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: a5d9106a73dc88564c825d317cac68ac
22:00:40.0520 0264        mrxsmb ( LockedFile.Multi.Generic ) - warning
22:00:40.0520 0264        mrxsmb - detected LockedFile.Multi.Generic (1)
22:00:40.0801 0264        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:00:40.0816 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: d711b3c1d5f42c0c2415687be09fc163
22:00:41.0066 0264        mrxsmb10 ( LockedFile.Multi.Generic ) - warning
22:00:41.0066 0264        mrxsmb10 - detected LockedFile.Multi.Generic (1)
22:00:41.0362 0264        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:00:41.0362 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423e9d355c8d303e76b8cfbd8a5c30c
22:00:41.0581 0264        mrxsmb20 ( LockedFile.Multi.Generic ) - warning
22:00:41.0581 0264        mrxsmb20 - detected LockedFile.Multi.Generic (1)
22:00:41.0846 0264        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:00:41.0846 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\msahci.sys. md5: c25f0bafa182cbca2dd3c851c2e75796
22:00:42.0080 0264        msahci ( LockedFile.Multi.Generic ) - warning
22:00:42.0080 0264        msahci - detected LockedFile.Multi.Generic (1)
22:00:42.0345 0264        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:00:42.0345 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\msdsm.sys. md5: db801a638d011b9633829eb6f663c900
22:00:42.0579 0264        msdsm ( LockedFile.Multi.Generic ) - warning
22:00:42.0579 0264        msdsm - detected LockedFile.Multi.Generic (1)
22:00:42.0860 0264        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:00:42.0922 0264        MSDTC - ok
22:00:43.0796 0264        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:00:43.0796 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: aa3fb40e17ce1388fa1bedab50ea8f96
22:00:44.0046 0264        Msfs ( LockedFile.Multi.Generic ) - warning
22:00:44.0046 0264        Msfs - detected LockedFile.Multi.Generic (1)
22:00:44.0326 0264        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:00:44.0326 0264        Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: f9d215a46a8b9753f61767fa72a20326
22:00:44.0560 0264        mshidkmdf ( LockedFile.Multi.Generic ) - warning
22:00:44.0560 0264        mshidkmdf - detected LockedFile.Multi.Generic (1)
22:00:44.0826 0264        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:00:44.0826 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\msisadrv.sys. md5: d916874bbd4f8b07bfb7fa9b3ccae29d
22:00:45.0122 0264        msisadrv ( LockedFile.Multi.Generic ) - warning
22:00:45.0122 0264        msisadrv - detected LockedFile.Multi.Generic (1)
22:00:45.0450 0264        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:00:45.0559 0264        MSiSCSI - ok
22:00:45.0808 0264        msiserver - ok
22:00:46.0105 0264        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:00:46.0105 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49ccf2c4fea34ffad8b1b59d49439366
22:00:46.0386 0264        MSKSSRV ( LockedFile.Multi.Generic ) - warning
22:00:46.0386 0264        MSKSSRV - detected LockedFile.Multi.Generic (1)
22:00:46.0651 0264        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:00:46.0651 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: bdd71ace35a232104ddd349ee70e1ab3
22:00:46.0885 0264        MSPCLOCK ( LockedFile.Multi.Generic ) - warning
22:00:46.0885 0264        MSPCLOCK - detected LockedFile.Multi.Generic (1)
22:00:47.0197 0264        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:00:47.0197 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ed981241db27c3383d72092b618a1d0
22:00:47.0431 0264        MSPQM ( LockedFile.Multi.Generic ) - warning
22:00:47.0431 0264        MSPQM - detected LockedFile.Multi.Generic (1)
22:00:47.0758 0264        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:00:47.0758 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 759a9eeb0fa9ed79da1fb7d4ef78866d
22:00:47.0992 0264        MsRPC ( LockedFile.Multi.Generic ) - warning
22:00:47.0992 0264        MsRPC - detected LockedFile.Multi.Generic (1)
22:00:48.0538 0264        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:00:48.0538 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\mssmbios.sys. md5: 0eed230e37515a0eaee3c2e1bc97b288
22:00:48.0772 0264        mssmbios ( LockedFile.Multi.Generic ) - warning
22:00:48.0772 0264        mssmbios - detected LockedFile.Multi.Generic (1)
22:00:49.0162 0264        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:00:49.0162 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2e66f9ecb30b4221a318c92ac2250779
22:00:49.0662 0264        MSTEE ( LockedFile.Multi.Generic ) - warning
22:00:49.0662 0264        MSTEE - detected LockedFile.Multi.Generic (1)
22:00:50.0005 0264        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:00:50.0005 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\MTConfig.sys. md5: 7ea404308934e675bffde8edf0757bcd
22:00:50.0239 0264        MTConfig ( LockedFile.Multi.Generic ) - warning
22:00:50.0239 0264        MTConfig - detected LockedFile.Multi.Generic (1)
22:00:50.0535 0264        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:00:50.0535 0264        Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: f9a18612fd3526fe473c1bda678d61c8
22:00:50.0785 0264        Mup ( LockedFile.Multi.Generic ) - warning
22:00:50.0785 0264        Mup - detected LockedFile.Multi.Generic (1)
22:00:51.0159 0264        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:00:51.0268 0264        napagent - ok
22:00:51.0612 0264        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:00:51.0612 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1ea3749c4114db3e3161156ffffa6b33
22:00:51.0892 0264        NativeWifiP ( LockedFile.Multi.Generic ) - warning
22:00:51.0892 0264        NativeWifiP - detected LockedFile.Multi.Generic (1)
22:00:52.0251 0264        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:00:52.0251 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: 79b47fd40d9a817e932f9d26fac0a81c
22:00:52.0516 0264        NDIS ( LockedFile.Multi.Generic ) - warning
22:00:52.0516 0264        NDIS - detected LockedFile.Multi.Generic (1)
22:00:52.0797 0264        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:00:52.0797 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9f9a1f53aad7da4d6fef5bb73ab811ac
22:00:53.0094 0264        NdisCap ( LockedFile.Multi.Generic ) - warning
22:00:53.0094 0264        NdisCap - detected LockedFile.Multi.Generic (1)
22:00:53.0374 0264        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:00:53.0374 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639c932d9fef22b31268fe25a1b6e5
22:00:53.0608 0264        NdisTapi ( LockedFile.Multi.Generic ) - warning
22:00:53.0608 0264        NdisTapi - detected LockedFile.Multi.Generic (1)
22:00:53.0889 0264        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:00:53.0889 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185f9fb2cc61e573e676aa5402356
22:00:54.0139 0264        Ndisuio ( LockedFile.Multi.Generic ) - warning
22:00:54.0139 0264        Ndisuio - detected LockedFile.Multi.Generic (1)
22:00:54.0451 0264        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:00:54.0451 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53f7305169863f0a2bddc49e116c2e11
22:00:54.0716 0264        NdisWan ( LockedFile.Multi.Generic ) - warning
22:00:54.0716 0264        NdisWan - detected LockedFile.Multi.Generic (1)
22:00:55.0012 0264        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:00:55.0012 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 015c0d8e0e0421b4cfd48cffe2825879
22:00:55.0262 0264        NDProxy ( LockedFile.Multi.Generic ) - warning
22:00:55.0262 0264        NDProxy - detected LockedFile.Multi.Generic (1)
22:00:55.0558 0264        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:00:55.0558 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743d9f5d2b1048062b14b1d84501c4
22:00:55.0824 0264        NetBIOS ( LockedFile.Multi.Generic ) - warning
22:00:55.0824 0264        NetBIOS - detected LockedFile.Multi.Generic (1)
22:00:56.0151 0264        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:00:56.0151 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594d1089c523423b32a4229263f068
22:00:56.0416 0264        NetBT ( LockedFile.Multi.Generic ) - warning
22:00:56.0416 0264        NetBT - detected LockedFile.Multi.Generic (1)
22:00:56.0744 0264        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:00:56.0775 0264        Netlogon - ok
22:00:57.0134 0264        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:00:57.0228 0264        Netman - ok
22:00:57.0586 0264        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:57.0618 0264        NetMsmqActivator - ok
22:00:58.0054 0264        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:58.0070 0264        NetPipeActivator - ok
22:00:58.0522 0264        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:00:58.0616 0264        netprofm - ok
22:00:58.0912 0264        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:58.0928 0264        NetTcpActivator - ok
22:00:59.0224 0264        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:00:59.0256 0264        NetTcpPortSharing - ok
22:00:59.0630 0264        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:00:59.0630 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\nfrd960.sys. md5: 77889813be4d166cdab78ddba990da92
22:01:00.0082 0264        nfrd960 ( LockedFile.Multi.Generic ) - warning
22:01:00.0082 0264        nfrd960 - detected LockedFile.Multi.Generic (1)
22:01:00.0472 0264        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:01:00.0550 0264        NlaSvc - ok
22:01:00.0894 0264        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:01:00.0894 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1e4c4ab5c9b8dd13179bbdc75a2a01f7
22:01:01.0237 0264        Npfs ( LockedFile.Multi.Generic ) - warning
22:01:01.0237 0264        Npfs - detected LockedFile.Multi.Generic (1)
22:01:01.0674 0264        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:01:01.0752 0264        nsi - ok
22:01:02.0110 0264        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:01:02.0110 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: e7f5ae18af4168178a642a9247c63001
22:01:02.0391 0264        nsiproxy ( LockedFile.Multi.Generic ) - warning
22:01:02.0391 0264        nsiproxy - detected LockedFile.Multi.Generic (1)
22:01:03.0109 0264        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:01:03.0109 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: a2f74975097f52a00745f9637451fdd8
22:01:03.0405 0264        Ntfs ( LockedFile.Multi.Generic ) - warning
22:01:03.0405 0264        Ntfs - detected LockedFile.Multi.Generic (1)
22:01:03.0811 0264        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:01:03.0811 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589f75fa8724ff3d16aed75c1
22:01:04.0341 0264        Null ( LockedFile.Multi.Generic ) - warning
22:01:04.0341 0264        Null - detected LockedFile.Multi.Generic (1)
22:01:05.0511 0264        nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:01:05.0511 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: dd81fbc57ab9134cddc5ce90880bfd80
22:01:05.0886 0264        nvlddmkm ( LockedFile.Multi.Generic ) - warning
22:01:05.0886 0264        nvlddmkm - detected LockedFile.Multi.Generic (1)
22:01:06.0369 0264        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:01:06.0369 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: 0a92cb65770442ed0dc44834632f66ad
22:01:06.0837 0264        nvraid ( LockedFile.Multi.Generic ) - warning
22:01:06.0837 0264        nvraid - detected LockedFile.Multi.Generic (1)
22:01:07.0243 0264        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:01:07.0243 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: dab0e87525c10052bf65f06152f37e4a
22:01:07.0524 0264        nvstor ( LockedFile.Multi.Generic ) - warning
22:01:07.0524 0264        nvstor - detected LockedFile.Multi.Generic (1)
22:01:07.0867 0264        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:01:07.0867 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\nv_agp.sys. md5: 270d7cd42d6e3979f6dd0146650f0e05
22:01:08.0148 0264        nv_agp ( LockedFile.Multi.Generic ) - warning
22:01:08.0148 0264        nv_agp - detected LockedFile.Multi.Generic (1)
22:01:08.0569 0264        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:01:08.0600 0264        odserv - ok
22:01:09.0146 0264        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:01:09.0146 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478e4b22ce21b41fa1bfc0b8b8a0
22:01:09.0676 0264        ohci1394 ( LockedFile.Multi.Generic ) - warning
22:01:09.0676 0264        ohci1394 - detected LockedFile.Multi.Generic (1)
22:01:10.0113 0264        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:01:10.0144 0264        ose - ok
22:01:10.0940 0264        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:01:10.0987 0264        p2pimsvc - ok
22:01:11.0361 0264        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:01:11.0408 0264        p2psvc - ok
22:01:11.0736 0264        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:01:11.0736 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\parport.sys. md5: 0086431c29c35be1dbc43f52cc273887
22:01:12.0282 0264        Parport ( LockedFile.Multi.Generic ) - warning
22:01:12.0282 0264        Parport - detected LockedFile.Multi.Generic (1)
22:01:12.0750 0264        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:01:12.0750 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: e9766131eeade40a27dc27d2d68fba9c
22:01:13.0093 0264        partmgr ( LockedFile.Multi.Generic ) - warning
22:01:13.0093 0264        partmgr - detected LockedFile.Multi.Generic (1)
22:01:13.0483 0264        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:01:13.0561 0264        PcaSvc - ok
22:01:13.0904 0264        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:01:13.0904 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\pci.sys. md5: 94575c0571d1462a0f70bde6bd6ee6b3
22:01:14.0278 0264        pci ( LockedFile.Multi.Generic ) - warning
22:01:14.0278 0264        pci - detected LockedFile.Multi.Generic (1)
22:01:14.0622 0264        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:01:14.0622 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\pciide.sys. md5: b5b8b5ef2e5cb34df8dcf8831e3534fa
22:01:14.0902 0264        pciide ( LockedFile.Multi.Generic ) - warning
22:01:14.0902 0264        pciide - detected LockedFile.Multi.Generic (1)
22:01:15.0261 0264        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:01:15.0261 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\pcmcia.sys. md5: b2e81d4e87ce48589f98cb8c05b01f2f
22:01:15.0558 0264        pcmcia ( LockedFile.Multi.Generic ) - warning
22:01:15.0558 0264        pcmcia - detected LockedFile.Multi.Generic (1)
22:01:15.0901 0264        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:01:15.0901 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: d6b9c2e1a11a3a4b26a182ffef18f603
22:01:16.0182 0264        pcw ( LockedFile.Multi.Generic ) - warning
22:01:16.0182 0264        pcw - detected LockedFile.Multi.Generic (1)
22:01:16.0540 0264        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:01:16.0540 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769c3356b3be5d1c732c97b9a80d6e
22:01:16.0837 0264        PEAUTH ( LockedFile.Multi.Generic ) - warning
22:01:16.0837 0264        PEAUTH - detected LockedFile.Multi.Generic (1)
22:01:17.0523 0264        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:01:17.0570 0264        PerfHost - ok
22:01:19.0161 0264        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:01:19.0302 0264        pla - ok
22:01:19.0676 0264        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:01:19.0754 0264        PlugPlay - ok
22:01:20.0160 0264        PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
22:01:20.0191 0264        PMBDeviceInfoProvider - ok
22:01:20.0768 0264        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:01:20.0799 0264        PNRPAutoReg - ok
22:01:21.0314 0264        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:01:21.0345 0264        PNRPsvc - ok
22:01:21.0798 0264        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:01:21.0891 0264        PolicyAgent - ok
22:01:22.0734 0264        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:01:22.0827 0264        Power - ok
22:01:23.0342 0264        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:01:23.0342 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: f92a2c41117a11a00be01ca01a7fcde9
22:01:23.0841 0264        PptpMiniport ( LockedFile.Multi.Generic ) - warning
22:01:23.0841 0264        PptpMiniport - detected LockedFile.Multi.Generic (1)
22:01:24.0403 0264        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:01:24.0403 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\processr.sys. md5: 0d922e23c041efb1c3fac2a6f943c9bf
22:01:24.0855 0264        Processor ( LockedFile.Multi.Generic ) - warning
22:01:24.0855 0264        Processor - detected LockedFile.Multi.Generic (1)
22:01:25.0370 0264        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:01:25.0464 0264        ProfSvc - ok
22:01:25.0869 0264        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:25.0900 0264        ProtectedStorage - ok
22:01:26.0306 0264        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:01:26.0306 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557cf5a2556bd58e26384169d72438d
22:01:26.0649 0264        Psched ( LockedFile.Multi.Generic ) - warning
22:01:26.0649 0264        Psched - detected LockedFile.Multi.Generic (1)
22:01:27.0086 0264        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:01:27.0086 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\ql2300.sys. md5: a53a15a11ebfd21077463ee2c7afeef0
22:01:27.0398 0264        ql2300 ( LockedFile.Multi.Generic ) - warning
22:01:27.0398 0264        ql2300 - detected LockedFile.Multi.Generic (1)
22:01:27.0850 0264        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:01:27.0850 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\ql40xx.sys. md5: 4f6d12b51de1aaeff7dc58c4d75423c8
22:01:28.0365 0264        ql40xx ( LockedFile.Multi.Generic ) - warning
22:01:28.0365 0264        ql40xx - detected LockedFile.Multi.Generic (1)
22:01:28.0833 0264        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:01:28.0880 0264        QWAVE - ok
22:01:29.0348 0264        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:01:29.0348 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707bb36430888d9ce9d705398adb6c
22:01:29.0832 0264        QWAVEdrv ( LockedFile.Multi.Generic ) - warning
22:01:29.0832 0264        QWAVEdrv - detected LockedFile.Multi.Generic (1)
22:01:30.0190 0264        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:01:30.0190 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5a0da8ad5762fa2d91678a8a01311704
22:01:30.0518 0264        RasAcd ( LockedFile.Multi.Generic ) - warning
22:01:30.0518 0264        RasAcd - detected LockedFile.Multi.Generic (1)
22:01:30.0877 0264        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:01:30.0877 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ecff9b22276b73f43a99a15a6094e90
22:01:31.0329 0264        RasAgileVpn ( LockedFile.Multi.Generic ) - warning
22:01:31.0329 0264        RasAgileVpn - detected LockedFile.Multi.Generic (1)
22:01:31.0766 0264        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:01:31.0860 0264        RasAuto - ok
22:01:32.0203 0264        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:01:32.0203 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800ae33e6f1c32fb1b97c490ca
22:01:32.0562 0264        Rasl2tp ( LockedFile.Multi.Generic ) - warning
22:01:32.0562 0264        Rasl2tp - detected LockedFile.Multi.Generic (1)
22:01:32.0952 0264        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:01:33.0045 0264        RasMan - ok
22:01:33.0404 0264        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:01:33.0404 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855c9b1cd4756c5e9a2aa58a15f58c25
22:01:33.0794 0264        RasPppoe ( LockedFile.Multi.Generic ) - warning
22:01:33.0794 0264        RasPppoe - detected LockedFile.Multi.Generic (1)
22:01:34.0137 0264        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:01:34.0153 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: e8b1e447b008d07ff47d016c2b0eeecb
22:01:34.0543 0264        RasSstp ( LockedFile.Multi.Generic ) - warning
22:01:34.0543 0264        RasSstp - detected LockedFile.Multi.Generic (1)
22:01:34.0933 0264        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:01:34.0933 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77f665941019a1594d887a74f301fa2f
22:01:35.0276 0264        rdbss ( LockedFile.Multi.Generic ) - warning
22:01:35.0276 0264        rdbss - detected LockedFile.Multi.Generic (1)
22:01:35.0650 0264        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:01:35.0650 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpbus.sys. md5: 302da2a0539f2cf54d7c6cc30c1f2d8d
22:01:35.0978 0264        rdpbus ( LockedFile.Multi.Generic ) - warning
22:01:35.0978 0264        rdpbus - detected LockedFile.Multi.Generic (1)
22:01:36.0337 0264        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:01:36.0337 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: cea6cc257fc9b7715f1c2b4849286d24
22:01:36.0696 0264        RDPCDD ( LockedFile.Multi.Generic ) - warning
22:01:36.0696 0264        RDPCDD - detected LockedFile.Multi.Generic (1)
22:01:37.0585 0264        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:01:37.0585 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: bb5971a4f00659529a5c44831af22365
22:01:37.0912 0264        RDPENCDD ( LockedFile.Multi.Generic ) - warning
22:01:37.0912 0264        RDPENCDD - detected LockedFile.Multi.Generic (1)
22:01:38.0599 0264        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:01:38.0599 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216f3fa57533d98e1f74ded70113177a
22:01:38.0942 0264        RDPREFMP ( LockedFile.Multi.Generic ) - warning
22:01:38.0942 0264        RDPREFMP - detected LockedFile.Multi.Generic (1)
22:01:39.0316 0264        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:01:39.0316 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: 6d76e6433574b058adcb0c50df834492
22:01:39.0675 0264        RDPWD ( LockedFile.Multi.Generic ) - warning
22:01:39.0675 0264        RDPWD - detected LockedFile.Multi.Generic (1)
22:01:40.0081 0264        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:01:40.0081 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ed295fa0121c241bfef24764fc4520
22:01:40.0440 0264        rdyboost ( LockedFile.Multi.Generic ) - warning
22:01:40.0440 0264        rdyboost - detected LockedFile.Multi.Generic (1)
22:01:40.0861 0264        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:01:40.0939 0264        RemoteAccess - ok
22:01:41.0454 0264        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:01:41.0547 0264        RemoteRegistry - ok
22:01:41.0984 0264        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:01:41.0984 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3dd798846e2c28102b922c56e71b7932
22:01:42.0343 0264        RFCOMM ( LockedFile.Multi.Generic ) - warning
22:01:42.0343 0264        RFCOMM - detected LockedFile.Multi.Generic (1)
22:01:42.0764 0264        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:01:42.0842 0264        RpcEptMapper - ok
22:01:43.0404 0264        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:01:43.0482 0264        RpcLocator - ok
22:01:43.0950 0264        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:01:43.0981 0264        RpcSs - ok
22:01:44.0480 0264        RSPCIESTOR      (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
22:01:44.0480 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RtsPStor.sys. md5: 546d7f426776090b90ef5f195b6ae662
22:01:45.0010 0264        RSPCIESTOR ( LockedFile.Multi.Generic ) - warning
22:01:45.0010 0264        RSPCIESTOR - detected LockedFile.Multi.Generic (1)
22:01:45.0837 0264        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:01:45.0837 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: ddc86e4f8e7456261e637e3552e804ff
22:01:46.0430 0264        rspndr ( LockedFile.Multi.Generic ) - warning
22:01:46.0430 0264        rspndr - detected LockedFile.Multi.Generic (1)
22:01:46.0992 0264        RTL8167        (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:01:46.0992 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\Rt64win7.sys. md5: ea5532868ba76923d75bcb2a1448d810
22:01:47.0522 0264        RTL8167 ( LockedFile.Multi.Generic ) - warning
22:01:47.0522 0264        RTL8167 - detected LockedFile.Multi.Generic (1)
22:01:48.0318 0264        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:01:48.0349 0264        SamSs - ok
22:01:48.0739 0264        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:01:48.0739 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\sbp2port.sys. md5: ac03af3329579fffb455aa2daabbe22b
22:01:49.0254 0264        sbp2port ( LockedFile.Multi.Generic ) - warning
22:01:49.0254 0264        sbp2port - detected LockedFile.Multi.Generic (1)
22:01:49.0753 0264        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:01:49.0831 0264        SCardSvr - ok
22:01:50.0283 0264        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:01:50.0283 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253f38d0d7074c02ff8deb9836c97d2b
22:01:50.0658 0264        scfilter ( LockedFile.Multi.Generic ) - warning
22:01:50.0658 0264        scfilter - detected LockedFile.Multi.Generic (1)
22:01:51.0172 0264        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:01:51.0297 0264        Schedule - ok
22:01:52.0062 0264        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:01:52.0140 0264        SCPolicySvc - ok
22:01:52.0623 0264        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
22:01:52.0623 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sdbus.sys. md5: 111e0ebc0ad79cb0fa014b907b231cf0
22:01:53.0154 0264        sdbus ( LockedFile.Multi.Generic ) - warning
22:01:53.0154 0264        sdbus - detected LockedFile.Multi.Generic (1)
22:01:53.0653 0264        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:01:53.0700 0264        SDRSVC - ok
22:01:54.0152 0264        SeaPort        (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:01:54.0183 0264        SeaPort - ok
22:01:54.0807 0264        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:01:54.0807 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3ea8a16169c26afbeb544e0e48421186
22:01:55.0275 0264        secdrv ( LockedFile.Multi.Generic ) - warning
22:01:55.0275 0264        secdrv - detected LockedFile.Multi.Generic (1)
22:01:55.0696 0264        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:01:55.0759 0264        seclogon - ok
22:01:56.0133 0264        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:01:56.0211 0264        SENS - ok
22:01:56.0492 0264        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:01:56.0523 0264        SensrSvc - ok
22:01:56.0866 0264        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:01:56.0866 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\serenum.sys. md5: cb624c0035412af0debec78c41f5ca1b
22:01:57.0350 0264        Serenum ( LockedFile.Multi.Generic ) - warning
22:01:57.0350 0264        Serenum - detected LockedFile.Multi.Generic (1)
22:01:57.0818 0264        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:01:57.0818 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\serial.sys. md5: c1d8e28b2c2adfaec4ba89e9fda69bd6
22:01:58.0161 0264        Serial ( LockedFile.Multi.Generic ) - warning
22:01:58.0161 0264        Serial - detected LockedFile.Multi.Generic (1)
22:01:58.0536 0264        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:01:58.0536 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\sermouse.sys. md5: 1c545a7d0691cc4a027396535691c3e3
22:01:58.0894 0264        sermouse ( LockedFile.Multi.Generic ) - warning
22:01:58.0894 0264        sermouse - detected LockedFile.Multi.Generic (1)
22:02:00.0361 0264        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:02:00.0470 0264        SessionEnv - ok
22:02:01.0047 0264        SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
22:02:01.0047 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\SFEP.sys. md5: 286d3889e6ab5589646ff8a63cb928ae
22:02:01.0484 0264        SFEP ( LockedFile.Multi.Generic ) - warning
22:02:01.0484 0264        SFEP - detected LockedFile.Multi.Generic (1)
22:02:01.0936 0264        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:02:01.0936 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\sffdisk.sys. md5: a554811bcd09279536440c964ae35bbf
22:02:02.0280 0264        sffdisk ( LockedFile.Multi.Generic ) - warning
22:02:02.0280 0264        sffdisk - detected LockedFile.Multi.Generic (1)
22:02:02.0670 0264        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:02:02.0685 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_mmc.sys. md5: ff414f0baefeba59bc6c04b3db0b87bf
22:02:03.0153 0264        sffp_mmc ( LockedFile.Multi.Generic ) - warning
22:02:03.0153 0264        sffp_mmc - detected LockedFile.Multi.Generic (1)
22:02:03.0621 0264        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:02:03.0621 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\sffp_sd.sys. md5: dd85b78243a19b59f0637dcf284da63c
22:02:04.0042 0264        sffp_sd ( LockedFile.Multi.Generic ) - warning
22:02:04.0042 0264        sffp_sd - detected LockedFile.Multi.Generic (1)
22:02:04.0448 0264        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:02:04.0448 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\sfloppy.sys. md5: a9d601643a1647211a1ee2ec4e433ff4
22:02:04.0807 0264        sfloppy ( LockedFile.Multi.Generic ) - warning
22:02:04.0807 0264        sfloppy - detected LockedFile.Multi.Generic (1)
22:02:05.0634 0264        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:02:05.0743 0264        ShellHWDetection - ok
22:02:06.0133 0264        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:02:06.0133 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\SiSRaid2.sys. md5: 843caf1e5fde1ffd5ff768f23a51e2e1
22:02:06.0538 0264        SiSRaid2 ( LockedFile.Multi.Generic ) - warning
22:02:06.0538 0264        SiSRaid2 - detected LockedFile.Multi.Generic (1)
22:02:06.0975 0264        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:02:06.0975 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\sisraid4.sys. md5: 6a6c106d42e9ffff8b9fcb4f754f6da4
22:02:07.0334 0264        SiSRaid4 ( LockedFile.Multi.Generic ) - warning
22:02:07.0334 0264        SiSRaid4 - detected LockedFile.Multi.Generic (1)
22:02:07.0771 0264        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:02:07.0771 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260a7b8654e024dc30bf8a7c5baa4
22:02:08.0161 0264        Smb ( LockedFile.Multi.Generic ) - warning
22:02:08.0161 0264        Smb - detected LockedFile.Multi.Generic (1)
22:02:09.0300 0264        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:02:09.0331 0264        SNMPTRAP - ok
22:02:09.0830 0264        SOHCImp        (ddf2ec98af6fc70608a4f9ce4db52758) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
22:02:09.0846 0264        SOHCImp - ok
22:02:10.0454 0264        SOHDs          (5fa03f5ea6efef6d17b4a1a48c40a23c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
22:02:10.0470 0264        SOHDs - ok
22:02:11.0156 0264        SpfService      (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
22:02:11.0187 0264        SpfService - ok
22:02:11.0905 0264        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:02:11.0905 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\spldr.sys. md5: b9e31e5cacdfe584f34f730a677803f9
22:02:12.0420 0264        spldr ( LockedFile.Multi.Generic ) - warning
22:02:12.0420 0264        spldr - detected LockedFile.Multi.Generic (1)
22:02:12.0856 0264        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:02:12.0950 0264        Spooler - ok
22:02:13.0793 0264        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:02:13.0964 0264        sppsvc - ok
22:02:14.0713 0264        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:02:14.0791 0264        sppuinotify - ok
22:02:15.0774 0264        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:02:15.0774 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv.sys. md5: 441fba48bff01fdb9d5969ebc1838f0b
22:02:16.0367 0264        srv ( LockedFile.Multi.Generic ) - warning
22:02:16.0367 0264        srv - detected LockedFile.Multi.Generic (1)
22:02:16.0913 0264        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:02:16.0913 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srv2.sys. md5: b4adebbf5e3677cce9651e0f01f7cc28
22:02:17.0646 0264        srv2 ( LockedFile.Multi.Generic ) - warning
22:02:17.0646 0264        srv2 - detected LockedFile.Multi.Generic (1)
22:02:18.0317 0264        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:02:18.0332 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27e461f0be5bff5fc737328f749538c3
22:02:18.0800 0264        srvnet ( LockedFile.Multi.Generic ) - warning
22:02:18.0800 0264        srvnet - detected LockedFile.Multi.Generic (1)
22:02:19.0284 0264        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:02:19.0377 0264        SSDPSRV - ok
22:02:19.0783 0264        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:02:19.0861 0264        SstpSvc - ok
22:02:20.0251 0264        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:02:20.0251 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\stexstor.sys. md5: f3817967ed533d08327dc73bc4d5542a
22:02:20.0657 0264        stexstor ( LockedFile.Multi.Generic ) - warning
22:02:20.0657 0264        stexstor - detected LockedFile.Multi.Generic (1)
22:02:21.0125 0264        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:02:21.0218 0264        stisvc - ok
22:02:21.0639 0264        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:02:21.0639 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\swenum.sys. md5: d01ec09b6711a5f8e7e6564a4d0fbc90
22:02:22.0045 0264        swenum ( LockedFile.Multi.Generic ) - warning
22:02:22.0045 0264        swenum - detected LockedFile.Multi.Generic (1)
22:02:22.0513 0264        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:02:22.0622 0264        swprv - ok
22:02:22.0997 0264        Suspicious service (NoAccess): syshost32
22:02:23.0137 0264        syshost32      (be7ae78fd2aeb32f00ba13cd4f22b1d8) C:\Windows\Installer\{59C14EBC-E371-A8AB-3464-EE33142DE6C5}\syshost.exe
22:02:23.0137 0264        Suspicious file (NoAccess): C:\Windows\Installer\{59C14EBC-E371-A8AB-3464-EE33142DE6C5}\syshost.exe. md5: be7ae78fd2aeb32f00ba13cd4f22b1d8
22:02:23.0761 0264        syshost32 ( LockedService.Multi.Generic ) - warning
22:02:23.0761 0264        syshost32 - detected LockedService.Multi.Generic (1)
22:02:24.0432 0264        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:02:24.0541 0264        SysMain - ok
22:02:25.0196 0264        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:02:25.0274 0264        TabletInputService - ok
22:02:25.0976 0264        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:02:26.0070 0264        TapiSrv - ok
22:02:26.0631 0264        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:02:26.0709 0264        TBS - ok
22:02:27.0365 0264        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:02:27.0365 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpip.sys. md5: acb82bda8f46c84f465c1afa517dc4b9
22:02:27.0942 0264        Tcpip ( LockedFile.Multi.Generic ) - warning
22:02:27.0942 0264        Tcpip - detected LockedFile.Multi.Generic (1)
22:02:28.0706 0264        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:02:28.0706 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tcpip.sys. md5: acb82bda8f46c84f465c1afa517dc4b9
22:02:29.0330 0264        TCPIP6 ( LockedFile.Multi.Generic ) - warning
22:02:29.0330 0264        TCPIP6 - detected LockedFile.Multi.Generic (1)
22:02:30.0516 0264        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:02:30.0516 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\tcpipreg.sys. md5: df687e3d8836bfb04fcc0615bf15a519
22:02:31.0304 0264        tcpipreg ( LockedFile.Multi.Generic ) - warning
22:02:31.0304 0264        tcpipreg - detected LockedFile.Multi.Generic (1)
22:02:32.0424 0264        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:02:32.0424 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371d21011695b16333a3934340c4e7c
22:02:32.0804 0264        TDPIPE ( LockedFile.Multi.Generic ) - warning
22:02:32.0804 0264        TDPIPE - detected LockedFile.Multi.Generic (1)
22:02:33.0302 0264        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:02:33.0302 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51c5eceb1cdee2468a1748be550cfbc8
22:02:33.0739 0264        TDTCP ( LockedFile.Multi.Generic ) - warning
22:02:33.0739 0264        TDTCP - detected LockedFile.Multi.Generic (1)
22:02:34.0223 0264        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:02:34.0223 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: ddad5a7ab24d8b65f8d724f5c20fd806
22:02:34.0613 0264        tdx ( LockedFile.Multi.Generic ) - warning
22:02:34.0613 0264        tdx - detected LockedFile.Multi.Generic (1)
22:02:35.0096 0264        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:02:35.0096 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561e7e1f06895d78de991e01dd0fb6e5
22:02:35.0502 0264        TermDD ( LockedFile.Multi.Generic ) - warning
22:02:35.0502 0264        TermDD - detected LockedFile.Multi.Generic (1)
22:02:36.0017 0264        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:02:36.0141 0264        TermService - ok
22:02:36.0578 0264        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:02:36.0625 0264        Themes - ok
22:02:37.0389 0264        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:02:37.0467 0264        THREADORDER - ok
22:02:38.0138 0264        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:02:38.0247 0264        TrkWks - ok
22:02:38.0934 0264        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:02:39.0012 0264        TrustedInstaller - ok
22:02:40.0229 0264        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:02:40.0229 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: ce18b2cdfc837c99e5fae9ca6cba5d30
22:02:40.0747 0264        tssecsrv ( LockedFile.Multi.Generic ) - warning
22:02:40.0747 0264        tssecsrv - detected LockedFile.Multi.Generic (1)
22:02:41.0257 0264        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:02:41.0257 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: d11c783e3ef9a3c52c0ebe83cc5000e9
22:02:41.0737 0264        TsUsbFlt ( LockedFile.Multi.Generic ) - warning
22:02:41.0737 0264        TsUsbFlt - detected LockedFile.Multi.Generic (1)
22:02:42.0227 0264        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:02:42.0227 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\TsUsbGD.sys. md5: 9cc2ccae8a84820eaecb886d477cbcb8
22:02:42.0633 0264        TsUsbGD ( LockedFile.Multi.Generic ) - warning
22:02:42.0633 0264        TsUsbGD - detected LockedFile.Multi.Generic (1)
22:02:43.0371 0264        TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
22:02:43.0471 0264        TuneUp.UtilitiesSvc - ok
22:02:44.0261 0264        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
22:02:44.0281 0264        TuneUpUtilitiesDrv - ok
22:02:45.0321 0264        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:02:45.0321 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566a8daafa27af944f5d705eaa64894
22:02:46.0263 0264        tunnel ( LockedFile.Multi.Generic ) - warning
22:02:46.0263 0264        tunnel - detected LockedFile.Multi.Generic (1)
22:02:46.0871 0264        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:02:46.0871 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\uagp35.sys. md5: b4dd609bd7e282bfc683cec7eaaaad67
22:02:47.0339 0264        uagp35 ( LockedFile.Multi.Generic ) - warning
22:02:47.0339 0264        uagp35 - detected LockedFile.Multi.Generic (1)
22:02:47.0838 0264        uCamMonitor    (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
22:02:47.0854 0264        uCamMonitor - ok
22:02:48.0525 0264        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:02:48.0525 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: ff4232a1a64012baa1fd97c7b67df593
22:02:49.0126 0264        udfs ( LockedFile.Multi.Generic ) - warning
22:02:49.0126 0264        udfs - detected LockedFile.Multi.Generic (1)
22:02:50.0556 0264        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:02:50.0596 0264        UI0Detect - ok
22:02:51.0125 0264        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:02:51.0125 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4bfe1bc28391222894cbf1e7d0e42320
22:02:51.0640 0264        uliagpkx ( LockedFile.Multi.Generic ) - warning
22:02:51.0640 0264        uliagpkx - detected LockedFile.Multi.Generic (1)
22:02:52.0325 0264        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:02:52.0325 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: dc54a574663a895c8763af0fa1ff7561
22:02:53.0015 0264        umbus ( LockedFile.Multi.Generic ) - warning
22:02:53.0015 0264        umbus - detected LockedFile.Multi.Generic (1)
22:02:53.0805 0264        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:02:53.0805 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\umpass.sys. md5: b2e8e8cb557b156da5493bbddcc1474d
22:02:54.0295 0264        UmPass ( LockedFile.Multi.Generic ) - warning
22:02:54.0295 0264        UmPass - detected LockedFile.Multi.Generic (1)
22:02:54.0947 0264        UNS            (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:02:55.0056 0264        UNS - ok
22:02:55.0867 0264        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:02:55.0992 0264        upnphost - ok
22:02:56.0803 0264        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:02:56.0803 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6f1a3157a1c89435352ceb543cdb359c
22:02:57.0443 0264        usbccgp ( LockedFile.Multi.Generic ) - warning
22:02:57.0443 0264        usbccgp - detected LockedFile.Multi.Generic (1)
22:02:58.0033 0264        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:02:58.0033 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: af0892a803fdda7492f595368e3b68e7
22:02:58.0563 0264        usbcir ( LockedFile.Multi.Generic ) - warning
22:02:58.0563 0264        usbcir - detected LockedFile.Multi.Generic (1)
22:02:59.0033 0264        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:02:59.0033 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: c025055fe7b87701eb042095df1a2d7b
22:02:59.0503 0264        usbehci ( LockedFile.Multi.Generic ) - warning
22:02:59.0503 0264        usbehci - detected LockedFile.Multi.Generic (1)
22:02:59.0953 0264        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
22:02:59.0953 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\usbhub.sys. md5: 287c6c9410b111b68b52ca298f7b8c24
22:03:00.0480 0264        usbhub ( LockedFile.Multi.Generic ) - warning
22:03:00.0480 0264        usbhub - detected LockedFile.Multi.Generic (1)
22:03:00.0963 0264        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:03:00.0963 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840fc418b4cbd632d3d0a667a725c31
22:03:01.0338 0264        usbohci ( LockedFile.Multi.Generic ) - warning
22:03:01.0338 0264        usbohci - detected LockedFile.Multi.Generic (1)
22:03:01.0806 0264        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:03:01.0806 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188f58fb384e75c4063d29413cee3d
22:03:02.0243 0264        usbprint ( LockedFile.Multi.Generic ) - warning
22:03:02.0243 0264        usbprint - detected LockedFile.Multi.Generic (1)
22:03:02.0726 0264        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:03:02.0726 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: aaa2513c8aed8b54b189fd0c6b1634c0
22:03:03.0225 0264        usbscan ( LockedFile.Multi.Generic ) - warning
22:03:03.0225 0264        usbscan - detected LockedFile.Multi.Generic (1)
22:03:03.0709 0264        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:03.0709 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: fed648b01349a3c8395a5169db5fb7d6
22:03:04.0130 0264        USBSTOR ( LockedFile.Multi.Generic ) - warning
22:03:04.0130 0264        USBSTOR - detected LockedFile.Multi.Generic (1)
22:03:04.0614 0264        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:03:04.0614 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069a34518bcf9c1fd9e74b3f6db7cd
22:03:05.0129 0264        usbuhci ( LockedFile.Multi.Generic ) - warning
22:03:05.0129 0264        usbuhci - detected LockedFile.Multi.Generic (1)
22:03:05.0690 0264        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:03:05.0690 0264        Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvideo.sys. md5: 454800c2bc7f3927ce030141ee4f4c50
22:03:06.0174 0264        usbvideo ( LockedFile.Multi.Generic ) - warning
22:03:06.0174 0264        usbvideo - detected LockedFile.Multi.Generic (1)
22:03:06.0689 0264        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:03:06.0767 0264        UxSms - ok
22:03:07.0313 0264        UxTuneUp        (5bf180f7f7c2f68ed6d5777840270bce) C:\Windows\System32\uxtuneup.dll
22:03:07.0328 0264        UxTuneUp - ok
22:03:07.0905 0264        VAIO Event Service (dcb1f83ad167d16d263ce57c94e9eedf) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
22:03:07.0921 0264        VAIO Event Service - ok
22:03:08.0670 0264        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:03:08.0701 0264        VaultSvc - ok
22:03:09.0637 0264        VCFw            (d00058c1fff3f3de990444a5734e9639) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
22:03:09.0699 0264        VCFw - ok
22:03:10.0464 0264        VcmIAlzMgr      (f19275655b42086c884abcdae2c659ae) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
22:03:10.0511 0264        VcmIAlzMgr - ok
22:03:11.0244 0264        VcmINSMgr      (2f06d134554ba84fe253dbc481dcfe6d) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
22:03:11.0291 0264        VcmINSMgr - ok
22:03:11.0899 0264        VcmXmlIfHelper  (32a3735f6874b7783c6209ed5ca36d9d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
22:03:11.0915 0264        VcmXmlIfHelper - ok
22:03:12.0570 0264        VCService      (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
22:03:12.0585 0264        VCService - ok
22:03:13.0350 0264        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:03:13.0350 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
22:03:14.0021 0264        vdrvroot ( LockedFile.Multi.Generic ) - warning
22:03:14.0021 0264        vdrvroot - detected LockedFile.Multi.Generic (1)
22:03:14.0691 0264        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:03:14.0801 0264        vds - ok
22:03:15.0783 0264        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:15.0783 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
22:03:16.0361 0264        vga ( LockedFile.Multi.Generic ) - warning
22:03:16.0361 0264        vga - detected LockedFile.Multi.Generic (1)
22:03:17.0031 0264        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:03:17.0031 0264        Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
22:03:17.0546 0264        VgaSave ( LockedFile.Multi.Generic ) - warning
22:03:17.0546 0264        VgaSave - detected LockedFile.Multi.Generic (1)
22:03:18.0077 0264        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:03:18.0077 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2ce2df28c83aeaf30084e1b1eb253cbb
22:03:18.0545 0264        vhdmp ( LockedFile.Multi.Generic ) - warning
22:03:18.0545 0264        vhdmp - detected LockedFile.Multi.Generic (1)
22:03:19.0013 0264        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:03:19.0028 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
22:03:19.0465 0264        viaide ( LockedFile.Multi.Generic ) - warning
22:03:19.0465 0264        viaide - detected LockedFile.Multi.Generic (1)
22:03:19.0933 0264        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:03:19.0933 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: d2aafd421940f640b407aefaaebd91b0
22:03:20.0370 0264        volmgr ( LockedFile.Multi.Generic ) - warning
22:03:20.0370 0264        volmgr - detected LockedFile.Multi.Generic (1)
22:03:20.0900 0264        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:03:20.0900 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: a255814907c89be58b79ef2f189b843b
22:03:21.0665 0264        volmgrx ( LockedFile.Multi.Generic ) - warning
22:03:21.0665 0264        volmgrx - detected LockedFile.Multi.Generic (1)
22:03:22.0335 0264        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:03:22.0335 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0d08d2f3b3ff84e433346669b5e0f639
22:03:22.0866 0264        volsnap ( LockedFile.Multi.Generic ) - warning
22:03:22.0866 0264        volsnap - detected LockedFile.Multi.Generic (1)
22:03:23.0443 0264        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:03:23.0443 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
22:03:23.0895 0264        vsmraid ( LockedFile.Multi.Generic ) - warning
22:03:23.0895 0264        vsmraid - detected LockedFile.Multi.Generic (1)
22:03:24.0519 0264        VSNService      (03f6f618367cb16a2176b8db4215d1f9) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
22:03:24.0566 0264        VSNService - ok
22:03:25.0471 0264        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:03:25.0596 0264        VSS - ok
22:03:26.0469 0264        VUAgent        (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
22:03:26.0547 0264        VUAgent - ok
22:03:27.0437 0264        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:03:27.0437 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36d4720b72b5c5d9cb2b9c29e9df67a1
22:03:28.0107 0264        vwifibus ( LockedFile.Multi.Generic ) - warning
22:03:28.0107 0264        vwifibus - detected LockedFile.Multi.Generic (1)
22:03:28.0731 0264        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:03:28.0731 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6a3d66263414ff0d6fa754c646612f3f
22:03:29.0246 0264        vwififlt ( LockedFile.Multi.Generic ) - warning
22:03:29.0246 0264        vwififlt - detected LockedFile.Multi.Generic (1)
22:03:29.0730 0264        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:03:29.0730 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6a638fc4bfddc4d9b186c28c91bd1a01
22:03:30.0182 0264        vwifimp ( LockedFile.Multi.Generic ) - warning
22:03:30.0182 0264        vwifimp - detected LockedFile.Multi.Generic (1)
22:03:30.0697 0264        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:03:30.0822 0264        W32Time - ok
22:03:32.0163 0264        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:03:32.0163 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
22:03:32.0741 0264        WacomPen ( LockedFile.Multi.Generic ) - warning
22:03:32.0741 0264        WacomPen - detected LockedFile.Multi.Generic (1)
22:03:33.0287 0264        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:33.0287 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
22:03:33.0755 0264        WANARP ( LockedFile.Multi.Generic ) - warning
22:03:33.0755 0264        WANARP - detected LockedFile.Multi.Generic (1)
22:03:34.0238 0264        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:34.0238 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356afd78a6ed4457169241ac3965230c
22:03:34.0691 0264        Wanarpv6 ( LockedFile.Multi.Generic ) - warning
22:03:34.0691 0264        Wanarpv6 - detected LockedFile.Multi.Generic (1)
22:03:35.0299 0264        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:03:35.0393 0264        wbengine - ok
22:03:36.0001 0264        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:03:36.0063 0264        WbioSrvc - ok
22:03:36.0843 0264        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:03:36.0921 0264        wcncsvc - ok
22:03:37.0748 0264        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:03:37.0795 0264        WcsPlugInService - ok
22:03:38.0403 0264        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:03:38.0403 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
22:03:39.0074 0264        Wd ( LockedFile.Multi.Generic ) - warning
22:03:39.0074 0264        Wd - detected LockedFile.Multi.Generic (1)
22:03:39.0807 0264        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:03:39.0807 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
22:03:40.0385 0264        Wdf01000 ( LockedFile.Multi.Generic ) - warning
22:03:40.0385 0264        Wdf01000 - detected LockedFile.Multi.Generic (1)
22:03:40.0915 0264        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:03:40.0977 0264        WdiServiceHost - ok
22:03:41.0461 0264        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:03:41.0508 0264        WdiSystemHost - ok
22:03:42.0038 0264        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:03:42.0101 0264        WebClient - ok
22:03:42.0865 0264        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:03:42.0974 0264        Wecsvc - ok
22:03:43.0817 0264        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:03:43.0895 0264        wercplsupport - ok
22:03:44.0550 0264        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:03:44.0628 0264        WerSvc - ok
22:03:45.0221 0264        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:03:45.0221 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
22:03:45.0907 0264        WfpLwf ( LockedFile.Multi.Generic ) - warning
22:03:45.0907 0264        WfpLwf - detected LockedFile.Multi.Generic (1)
22:03:46.0484 0264        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:03:46.0484 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
22:03:47.0015 0264        WIMMount ( LockedFile.Multi.Generic ) - warning
22:03:47.0015 0264        WIMMount - detected LockedFile.Multi.Generic (1)
22:03:48.0621 0264        WinHttpAutoProxySvc - ok
22:03:49.0355 0264        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:03:49.0448 0264        Winmgmt - ok
22:03:50.0306 0264        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:03:50.0447 0264        WinRM - ok
22:03:52.0272 0264        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:03:52.0272 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: fe88b288356e7b47b74b13372add906d
22:03:53.0005 0264        WinUsb ( LockedFile.Multi.Generic ) - warning
22:03:53.0005 0264        WinUsb - detected LockedFile.Multi.Generic (1)
22:03:53.0738 0264        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:03:53.0847 0264        Wlansvc - ok
22:03:54.0549 0264        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:03:54.0565 0264        wlcrasvc - ok
22:03:55.0485 0264        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:03:55.0626 0264        wlidsvc - ok
22:03:56.0421 0264        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:03:56.0421 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
22:03:57.0092 0264        WmiAcpi ( LockedFile.Multi.Generic ) - warning
22:03:57.0092 0264        WmiAcpi - detected LockedFile.Multi.Generic (1)
22:03:58.0387 0264        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:03:58.0449 0264        wmiApSrv - ok
22:03:59.0276 0264        WMPNetworkSvc - ok
22:03:59.0994 0264        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:04:00.0025 0264        WPCSvc - ok
22:04:00.0680 0264        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:04:00.0743 0264        WPDBusEnum - ok
22:04:01.0351 0264        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:01.0351 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
22:04:01.0881 0264        ws2ifsl ( LockedFile.Multi.Generic ) - warning
22:04:01.0881 0264        ws2ifsl - detected LockedFile.Multi.Generic (1)
22:04:02.0396 0264        WSearch - ok
22:04:03.0597 0264        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:04:03.0753 0264        wuauserv - ok
22:04:04.0409 0264        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:04:04.0409 0264        Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: d3381dc54c34d79b22cee0d65ba91b7c
22:04:05.0251 0264        WudfPf ( LockedFile.Multi.Generic ) - warning
22:04:05.0251 0264        WudfPf - detected LockedFile.Multi.Generic (1)
22:04:05.0875 0264        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:05.0875 0264        Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: cf8d590be3373029d57af80914190682
22:04:06.0437 0264        WUDFRd ( LockedFile.Multi.Generic ) - warning
22:04:06.0437 0264        WUDFRd - detected LockedFile.Multi.Generic (1)
22:04:07.0014 0264        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:04:07.0092 0264        wudfsvc - ok
22:04:07.0685 0264        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:04:07.0763 0264        WwanSvc - ok
22:04:10.0820 0264        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:04:11.0179 0264        \Device\Harddisk0\DR0 - ok
22:04:11.0179 0264        Boot (0x1200)  (106314c430212e3dc5792c8ce69be2bd) \Device\Harddisk0\DR0\Partition0
22:04:11.0195 0264        \Device\Harddisk0\DR0\Partition0 - ok
22:04:11.0226 0264        Boot (0x1200)  (7be582398a6988b0b8922ca07b3ffa6a) \Device\Harddisk0\DR0\Partition1
22:04:11.0226 0264        \Device\Harddisk0\DR0\Partition1 - ok
22:04:11.0226 0264        ============================================================
22:04:11.0226 0264        Scan finished
22:04:11.0226 0264        ============================================================
22:04:11.0257 3580        Detected object count: 196
22:04:11.0257 3580        Actual detected object count: 196
22:04:36.0139 3580        ErrDev ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580        ErrDev ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0139 3580        exfat ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580        exfat ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0139 3580        f03f375b4aa00e1d ( LockedService.Multi.Generic ) - skipped by user
22:04:36.0139 3580        f03f375b4aa00e1d ( LockedService.Multi.Generic ) - User select action: Skip
22:04:36.0139 3580        fastfat ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580        fastfat ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0139 3580        fdc ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580        fdc ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0139 3580        FileInfo ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0139 3580        FileInfo ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0139 3580        Filetrace ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        Filetrace ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        flpydisk ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        flpydisk ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        FltMgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        FltMgr ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        FsDepends ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        FsDepends ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        Fs_Rec ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        Fs_Rec ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        fvevol ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        fvevol ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        gagp30kx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        gagp30kx ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        hcw85cir ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        hcw85cir ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        HdAudAddService ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        HdAudAddService ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        HDAudBus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        HDAudBus ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        HidBatt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        HidBatt ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0155 3580        HidBth ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0155 3580        HidBth ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        HidIr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        HidIr ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        HidUsb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        HidUsb ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        HpSAMD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        HpSAMD ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        HTTP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        HTTP ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        hwpolicy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        hwpolicy ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        i8042prt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        iaStor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        iaStor ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        iaStorV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        iaStorV ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        igfx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        igfx ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0170 3580        iirsp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0170 3580        iirsp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        IntcDAud ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        IntcDAud ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        intelide ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        intelide ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        intelppm ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        IpFilterDriver ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        IpFilterDriver ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        IPMIDRV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        IPMIDRV ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        IPNAT ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        IPNAT ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        IRENUM ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        IRENUM ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        isapnp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        isapnp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        iScsiPrt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        iScsiPrt ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        kbdclass ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        kbdclass ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        kbdhid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        kbdhid ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0186 3580        KSecDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0186 3580        KSecDD ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        KSecPkg ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        KSecPkg ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        ksthunk ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        ksthunk ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        lltdio ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        lltdio ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        LSI_FC ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        LSI_FC ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        LSI_SAS ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        LSI_SAS ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        LSI_SCSI ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        LSI_SCSI ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        luafv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        luafv ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        megasas ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        megasas ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        MegaSR ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        MegaSR ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        MEIx64 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        MEIx64 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0202 3580        Modem ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0202 3580        Modem ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        monitor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        monitor ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mouclass ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mouhid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mouhid ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mountmgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mountmgr ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mpio ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mpio ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mpsdrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mpsdrv ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        MRxDAV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        MRxDAV ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mrxsmb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mrxsmb ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mrxsmb10 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mrxsmb10 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0217 3580        msahci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0217 3580        msahci ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        msdsm ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        msdsm ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        Msfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        Msfs ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        mshidkmdf ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        mshidkmdf ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        msisadrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        msisadrv ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        MSKSSRV ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        MSKSSRV ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        MSPQM ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        MSPQM ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        MsRPC ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        MsRPC ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        mssmbios ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        mssmbios ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        MSTEE ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        MSTEE ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        MTConfig ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        MTConfig ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0233 3580        Mup ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0233 3580        Mup ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NativeWifiP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NativeWifiP ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NDIS ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NDIS ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NdisCap ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NdisCap ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NdisTapi ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NdisTapi ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        Ndisuio ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        Ndisuio ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NdisWan ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NdisWan ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NDProxy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NDProxy ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NetBIOS ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NetBIOS ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        NetBT ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        NetBT ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        nfrd960 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        nfrd960 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        Npfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        Npfs ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0248 3580        nsiproxy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0248 3580        nsiproxy ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        Ntfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        Ntfs ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        Null ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        Null ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        nvlddmkm ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        nvlddmkm ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        nvraid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        nvraid ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        nvstor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        nvstor ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        nv_agp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        nv_agp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        ohci1394 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        ohci1394 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        Parport ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        Parport ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        partmgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        partmgr ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        pci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        pci ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0264 3580        pciide ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0264 3580        pciide ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        pcmcia ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        pcmcia ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        pcw ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        pcw ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        PEAUTH ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        PEAUTH ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        PptpMiniport ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        PptpMiniport ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        Processor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        Processor ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        Psched ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        Psched ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        ql2300 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        ql2300 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        ql40xx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        ql40xx ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        QWAVEdrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        QWAVEdrv ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        RasAcd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        RasAcd ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        RasAgileVpn ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        RasAgileVpn ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0280 3580        Rasl2tp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0280 3580        Rasl2tp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RasSstp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RasSstp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        rdbss ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        rdbss ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        rdpbus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        rdpbus ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RDPCDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RDPCDD ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RDPENCDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RDPENCDD ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RDPREFMP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RDPREFMP ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RDPWD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RDPWD ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        rdyboost ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        rdyboost ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RFCOMM ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RFCOMM ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        RSPCIESTOR ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        RSPCIESTOR ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0295 3580        rspndr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0295 3580        rspndr ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        RTL8167 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        RTL8167 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        sbp2port ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        sbp2port ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        scfilter ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        scfilter ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        sdbus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        sdbus ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        secdrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        secdrv ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        Serenum ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        Serenum ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        Serial ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        Serial ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        sermouse ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        SFEP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        SFEP ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        sffdisk ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        sffdisk ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        sffp_mmc ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        sffp_mmc ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0311 3580        sffp_sd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0311 3580        sffp_sd ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        sfloppy ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        sfloppy ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        SiSRaid2 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        SiSRaid2 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        SiSRaid4 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        SiSRaid4 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        Smb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        Smb ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        spldr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        spldr ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        srv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        srv ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        srv2 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        srv2 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        srvnet ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        stexstor ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        stexstor ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        swenum ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0326 3580        swenum ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0326 3580        syshost32 ( LockedService.Multi.Generic ) - skipped by user
22:04:36.0326 3580        syshost32 ( LockedService.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        Tcpip ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        Tcpip ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        TCPIP6 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        TCPIP6 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        tcpipreg ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        tcpipreg ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        TDTCP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        tdx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        tdx ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        TermDD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        TsUsbGD ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        TsUsbGD ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        tunnel ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0342 3580        uagp35 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0342 3580        uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        udfs ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        udfs ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        umbus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        umbus ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        UmPass ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        usbccgp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        usbcir ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        usbehci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        usbhub ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        usbohci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        usbprint ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0358 3580        usbscan ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0358 3580        usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        usbuhci ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        usbvideo ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        vga ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        vga ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        VgaSave ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        vhdmp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        viaide ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        viaide ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        volmgr ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        volmgrx ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0373 3580        volsnap ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0373 3580        volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        vsmraid ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        vwifibus ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        vwififlt ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        vwifimp ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        WacomPen ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        WANARP ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        Wd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        Wd ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        WIMMount ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0389 3580        WinUsb ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0389 3580        WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0404 3580        WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580        WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0404 3580        ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580        ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0404 3580        WudfPf ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580        WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
22:04:36.0404 3580        WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
22:04:36.0404 3580        WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus 05.06.2012 21:59
Hm, da wird ne Menge angezeigt, einiges davon ist auch Murks. Das will ich jetzt aber nicht händisch mit dem TDSS-Killer machen.
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Annschie 05.06.2012 23:13
Wenn ich das Programm öffne, erscheint anfangs keine Warnmeldung, auch keine Anfrage auf Updates oder die Installation einer Wiederherstellungskonsole, es wird sofort irgendeine Analyse (?) durchgeführt, die relativ schnell geht, dann schließt sich das Fenster & meine Taskleiste ändert auf einmal das Design & die Farbe, nach paar Minuten taucht dann das Alte wieder auf.

Am Ende kommt auch kein combofix.txt und wenn ich das auf der C-Festplatte suche, find ich auch kein Ordner mit dem Namen. Irgendwie scheint's nicht zu funktionieren ;(


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:22 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131