| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizeitrojaner entdeckt - Logs anbeiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
02.08.2012, 15:18
| #1 |
| |  Bundespolizeitrojaner entdeckt - Logs anbei Hallo trojaner-board Team, heute hat es mich anscheinend erwischt. Vorhin hat der Bundestrojaner/UKASH mein System lahmgelegt. Habe dann im abgesicherten Modus Malwarebytes laufen lassen und es wurde ein Trojan.Agent.Gen unter Quarantäne gestellt. Nachdem ich mir hier ein paar Threads durchgelesen habe, lies ich OTL, Avira, MalwareBytes, CCCleaner, Temp File Cleaner,adwcleaner durchlaufen. Am meisten beunruhigt mich ja das versteckte Objekt im Avira Log, Avira empfiehlt eine Rescue CD zu erstellen und die durchlaufen zu lassen... Hier meine Logs: Avira Code:
ATTFilter
Avira Professional Security
Erstellungsdatum der Reportdatei: Donnerstag, 2. August 2012 13:46
Es wird nach 4050057 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Plattform : Windows 7 Home Premium
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : CHRIS-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1466 46760 Bytes 23.05.2012 16:50:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 24.05.2012 15:08:06
AVSCAN.DLL : 12.3.0.15 66256 Bytes 24.05.2012 15:08:06
LUKE.DLL : 12.3.0.15 68304 Bytes 24.05.2012 15:08:24
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 24.05.2012 15:08:47
AVREG.DLL : 12.3.0.17 232200 Bytes 24.05.2012 15:08:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 15:06:28
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 15:07:02
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 15:07:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:07:28
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 15:07:34
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 12:55:43
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 12:55:43
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 12:55:43
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 12:55:43
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 12:55:43
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 12:55:43
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 12:55:43
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 12:55:43
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 12:55:43
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 15:55:25
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 13:48:13
VBASE016.VDF : 7.11.38.71 2048 Bytes 31.07.2012 13:48:13
VBASE017.VDF : 7.11.38.72 2048 Bytes 31.07.2012 13:48:13
VBASE018.VDF : 7.11.38.73 2048 Bytes 31.07.2012 13:48:13
VBASE019.VDF : 7.11.38.74 2048 Bytes 31.07.2012 13:48:13
VBASE020.VDF : 7.11.38.75 2048 Bytes 31.07.2012 13:48:13
VBASE021.VDF : 7.11.38.76 2048 Bytes 31.07.2012 13:48:13
VBASE022.VDF : 7.11.38.77 2048 Bytes 31.07.2012 13:48:13
VBASE023.VDF : 7.11.38.78 2048 Bytes 31.07.2012 13:48:13
VBASE024.VDF : 7.11.38.79 2048 Bytes 31.07.2012 13:48:13
VBASE025.VDF : 7.11.38.80 2048 Bytes 31.07.2012 13:48:13
VBASE026.VDF : 7.11.38.81 2048 Bytes 31.07.2012 13:48:13
VBASE027.VDF : 7.11.38.82 2048 Bytes 31.07.2012 13:48:13
VBASE028.VDF : 7.11.38.83 2048 Bytes 31.07.2012 13:48:13
VBASE029.VDF : 7.11.38.84 2048 Bytes 31.07.2012 13:48:13
VBASE030.VDF : 7.11.38.85 2048 Bytes 31.07.2012 13:48:13
VBASE031.VDF : 7.11.38.140 159744 Bytes 02.08.2012 08:28:38
Engineversion : 8.2.10.120
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 14:01:21
AESCRIPT.DLL : 8.1.4.36 459131 Bytes 27.07.2012 08:44:48
AESCN.DLL : 8.1.8.2 131444 Bytes 24.05.2012 15:07:45
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 12:29:20
AERDL.DLL : 8.1.9.15 639348 Bytes 24.05.2012 15:07:44
AEPACK.DLL : 8.3.0.18 807287 Bytes 27.07.2012 08:44:48
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 19.07.2012 12:14:42
AEHEUR.DLL : 8.1.4.80 5075318 Bytes 27.07.2012 08:44:48
AEHELP.DLL : 8.1.23.2 258422 Bytes 28.06.2012 11:55:24
AEGEN.DLL : 8.1.5.34 434548 Bytes 19.07.2012 12:14:39
AEEXP.DLL : 8.1.0.72 86389 Bytes 27.07.2012 08:44:49
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 14:01:20
AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 14:01:20
AEBB.DLL : 8.1.1.0 53618 Bytes 24.05.2012 15:07:39
AVWINLL.DLL : 12.3.0.15 27344 Bytes 24.05.2012 15:05:31
AVPREF.DLL : 12.3.0.15 51920 Bytes 24.05.2012 15:08:06
AVREP.DLL : 12.3.0.15 179208 Bytes 24.05.2012 15:08:47
AVARKT.DLL : 12.3.0.15 211408 Bytes 24.05.2012 15:07:56
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 24.05.2012 15:07:58
SQLITE3.DLL : 3.7.0.1 398288 Bytes 24.05.2012 15:08:35
AVSMTP.DLL : 12.3.0.15 63952 Bytes 24.05.2012 15:08:07
NETNT.DLL : 12.3.0.15 17104 Bytes 24.05.2012 15:08:29
RCIMAGE.DLL : 12.3.0.15 4713680 Bytes 24.05.2012 15:05:32
RCTEXT.DLL : 12.3.0.15 98512 Bytes 24.05.2012 15:05:32
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Donnerstag, 2. August 2012 13:46
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '227' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMgr.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Switcher.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzFw.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'VcmIAlzMgr.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'stacsv.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3145' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Users\chriz\Downloads\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\chriz\Downloads\Forentreffen.part01.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\chriz\Downloads\Final Fantasy VII (PC) Ultima Edition\Setup-1.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
Ende des Suchlaufs: Donnerstag, 2. August 2012 16:06
Benötigte Zeit: 2:20:10 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
25958 Verzeichnisse wurden überprüft
895695 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
895695 Dateien ohne Befall
6024 Archive wurden durchsucht
4 Warnungen
1 Hinweise
530030 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
MalwareBytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.02.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 chriz :: CHRIS-PC [Administrator] 02.08.2012 12:25:37 mbam-log-2012-08-02 (12-25-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 333908 Laufzeit: 1 Stunde(n), 12 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 02.08.2012 12:55:11 - Run 6 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\chriz\Desktop Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,16% Memory free 4,00 Gb Paging File | 2,50 Gb Available in Paging File | 62,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 176,24 Gb Total Space | 8,95 Gb Free Space | 5,08% Space Free | Partition Type: NTFS Computer Name: CHRIS-PC | User Name: chriz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\chriz\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\chriz\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe (Oracle Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\chriz\Desktop\JavaRa\JavaRa.exe (The RaProducts Team: Paul McLain and Fred de Vries) PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\adobexmp.dll () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\ccme_base.dll () MOD - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\cryptocme2.dll () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\1031\nsextint.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (NSNDIS5) -- C:\Windows\system32\NSNDIS5.SYS File not found DRV - (asxyq2lt) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (EverestDriver) -- C:\Users\chriz\Desktop\Everest Ultimate\kerneld.wnt () DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {E87584EE-A620-4117-A1F3-ECEB4AF1F77B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes,DefaultScope = {E87584EE-A620-4117-A1F3-ECEB4AF1F77B} IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.readmore.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 50370 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:19:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.11 02:49:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 20:19:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.11 02:49:43 | 000,000,000 | ---D | M] [2010.04.19 21:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chriz\AppData\Roaming\mozilla\Extensions [2012.08.02 11:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chriz\AppData\Roaming\mozilla\Firefox\Profiles\588nyvj1.default\extensions [2012.01.08 06:16:14 | 000,000,000 | ---D | M] (Perapera Chinese) -- C:\Users\chriz\AppData\Roaming\mozilla\Firefox\Profiles\588nyvj1.default\extensions\chineseperakun@gmail.com [2008.10.18 19:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chriz\AppData\Roaming\mozilla\Sunbird\Profiles\izky56rr.default\extensions [2011.05.03 22:14:05 | 000,001,583 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\searchplugins\web-search.xml [2012.03.18 01:03:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.03.24 12:43:15 | 000,049,303 | ---- | M] () (No name found) -- C:\USERS\CHRIZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\588NYVJ1.DEFAULT\EXTENSIONS\{4C7097F7-08F2-4EF2-9B9F-F95FA4CBB064}.XPI [2012.07.18 20:19:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.12 06:59:59 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.06 21:39:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.06 21:39:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.06 21:39:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.06 21:39:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.06 21:39:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.06 21:39:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\chriz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.4.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C053E522-E255-4D89-8C47-0394D8575728}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO Tender Green Wallpaper 1280x800.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO Tender Green Wallpaper 1280x800.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\Shell - "" = AutoRun O33 - MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\Shell\AutoRun\command - "" = G:\baldur.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 12:50:08 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\chriz\Desktop\OTL.exe [2012.08.02 12:49:17 | 000,000,000 | ---D | C] -- C:\Users\chriz\Desktop\Logs [2012.08.02 12:38:38 | 000,000,000 | ---D | C] -- C:\Users\chriz\Desktop\JavaRa [2012.08.02 12:23:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.02 10:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2012.08.02 10:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2012.08.02 10:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager [2008.08.16 01:27:02 | 019,957,488 | ---- | C] (Intel Corporation) -- C:\Users\chriz\winvista_159.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.02 12:50:08 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\chriz\Desktop\OTL.exe [2012.08.02 12:35:46 | 000,614,881 | ---- | M] () -- C:\Users\chriz\Desktop\adwcleaner.exe [2012.08.02 12:23:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 12:23:46 | 000,005,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 12:23:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.08.02 12:07:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.02 11:26:15 | 000,071,455 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\nvModes.001 [2012.08.02 10:23:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 10:23:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 10:23:17 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2012.08.01 17:14:52 | 000,071,455 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\nvModes.dat [2012.08.01 16:59:15 | 000,095,939 | ---- | M] () -- C:\Users\chriz\Desktop\error.png [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.02 12:35:46 | 000,614,881 | ---- | C] () -- C:\Users\chriz\Desktop\adwcleaner.exe [2012.08.01 16:59:15 | 000,095,939 | ---- | C] () -- C:\Users\chriz\Desktop\error.png [2011.06.30 21:34:15 | 000,151,840 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.11.15 13:34:31 | 000,000,000 | ---- | C] () -- C:\Users\chriz\defogger_reenable [2009.09.28 22:00:31 | 002,086,760 | ---- | C] () -- C:\Users\chriz\img021.jpg [2009.03.03 21:18:54 | 000,003,193 | ---- | C] () -- C:\Users\chriz\avatar-4754.jpg [2009.02.03 03:46:01 | 000,003,195 | ---- | C] () -- C:\Users\chriz\.sdedit.conf [2009.01.26 01:33:58 | 020,660,224 | ---- | C] () -- C:\Users\chriz\AppData\Roaming\Messages.mdb [2009.01.19 04:50:27 | 000,000,277 | ---- | C] () -- C:\Users\chriz\First.java [2009.01.15 23:31:32 | 000,570,018 | ---- | C] () -- C:\Users\chriz\EER_2002_Techn.Merkblatt_6TT.pdf [2008.06.16 15:50:29 | 000,071,455 | ---- | C] () -- C:\Users\chriz\AppData\Roaming\nvModes.dat [2008.06.16 15:50:29 | 000,071,455 | ---- | C] () -- C:\Users\chriz\AppData\Roaming\nvModes.001 ========== LOP Check ========== [2012.05.23 17:51:02 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\DAEMON Tools Lite [2011.10.05 13:11:21 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\DVDVideoSoft [2011.10.05 13:11:12 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.08 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\ICQ [2008.08.26 23:12:41 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\ICQ Toolbar [2010.04.19 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\InterVideo [2010.04.19 21:42:06 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\Lingoes [2010.11.04 00:20:05 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\LolClient [2012.05.23 16:47:46 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\LolClient2 [2011.07.27 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\MyPhoneExplorer [2012.05.17 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\TS3Client [2012.08.02 09:55:01 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\uTorrent [2011.09.11 01:55:05 | 000,000,000 | ---D | M] -- C:\Users\chriz\AppData\Roaming\WordToPDF [2012.07.26 07:19:54 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 12:55:11 - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\chriz\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 41,16% Memory free
4,00 Gb Paging File | 2,50 Gb Available in Paging File | 62,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 8,95 Gb Free Space | 5,08% Space Free | Partition Type: NTFS
Computer Name: CHRIS-PC | User Name: chriz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C241F1-906F-4837-8005-DCD6F839F24A}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{0FCFDEB0-D3F2-4F63-9720-904A96F8E432}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1F7FBF91-0D7D-4447-9F65-3F77BC07E39C}" = lport=6921 | protocol=6 | dir=in | name=league of legends launcher |
"{2E59BFD8-F583-45E7-9864-FA82EC049D3E}" = lport=6929 | protocol=17 | dir=in | name=league of legends launcher |
"{2ED03363-6C64-43C0-9224-7B7A8CC4FE74}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{2F6497E8-CC47-4F41-B371-836477B6D3E1}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher |
"{307588EE-A6C5-4037-81A9-283F5595EF8B}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher |
"{32AF26B4-37BD-4D47-8F38-3D353FF79439}" = lport=137 | protocol=17 | dir=in | app=system |
"{3B77C5BB-AE62-4CF8-BB66-74D9857B5284}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{51C08432-CDE8-4E23-8CD2-872B1D8FE4B1}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher |
"{529844F0-D4C5-418B-80D3-56F86AF54870}" = rport=137 | protocol=17 | dir=out | app=system |
"{580BD7F6-8EDF-4DCD-A05B-8C0A40E98463}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher |
"{5A6A05F4-AC6D-4EAC-B5AE-CE6B9C8F1C2F}" = lport=138 | protocol=17 | dir=in | app=system |
"{5EA6AD2E-088F-4C9D-B0E5-5D50BD7F73A4}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher |
"{607768B9-7ABD-40DC-8AF1-51FA3D228EC4}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{6513805D-C92E-4159-B501-E4D2BCA80EFA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{656A6AD9-B2D9-45E1-B91B-844BAE23AF93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6929AE59-AE66-4B70-B551-E993D5B119AD}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher |
"{6A3B500A-5500-43C1-B177-189EBB61111C}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher |
"{6CAE1A81-F6B8-4A3F-AE9F-9400E4C5048D}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher |
"{787F5D9F-F151-4D1A-AE74-96AA185B27F9}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher |
"{7B7348FC-08F5-4B31-9DCA-FE3D3FC73AA3}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher |
"{7EAF6786-C882-437B-9BE3-825A4AC4B0BF}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{84F3B413-E2ED-4EA7-BA14-0878551F9F13}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher |
"{880033E7-4B28-4753-B276-EDCA1ACB68A6}" = lport=6987 | protocol=17 | dir=in | name=league of legends launcher |
"{882C974A-D68D-4A79-87FA-ED3586450B02}" = lport=6899 | protocol=6 | dir=in | name=league of legends launcher |
"{8BCCCF4A-CB7A-4F89-B64C-9B7510708385}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C78D9C5-2D5F-43EF-AC63-B0B92E336BA8}" = lport=6921 | protocol=17 | dir=in | name=league of legends launcher |
"{91C0B9A6-A7E0-474F-8CEA-8BC19A7850E8}" = lport=6929 | protocol=6 | dir=in | name=league of legends launcher |
"{92726E06-BEB1-4E8D-B946-71B4F7CEA1E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A5C9628-FE9F-4417-9C4E-E65C486DC1BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B14288C-BD60-47BD-8D23-958BF720780D}" = rport=139 | protocol=6 | dir=out | app=system |
"{AB221638-4437-4157-8588-73231F493F11}" = rport=445 | protocol=6 | dir=out | app=system |
"{B15EF692-FA3C-40D6-8E83-62158759C86C}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{B15F6B6A-F61A-4473-B6E3-AE2D290D132E}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{B1F9CAC6-9664-4799-BD84-7A9EA84DFB7F}" = lport=6899 | protocol=17 | dir=in | name=league of legends launcher |
"{B25FCB4C-6D5D-4E53-9166-08952E255D08}" = rport=138 | protocol=17 | dir=out | app=system |
"{B85DB678-CF90-4D92-B6D9-3C120102D686}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB858D24-F2DA-4A9B-86D3-9BD62FE0C7EB}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{C751E4AB-6253-4D9E-9970-4351D5D7C563}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{CC52E8BD-D28B-4B11-958A-BDCBEDAD434F}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher |
"{D4EBEB04-DD8B-4655-B576-6685A6FD83A8}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher |
"{DD31FECD-CA34-443D-A868-F40E7506AE06}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher |
"{DF8EEBEE-7A0E-4F23-92F2-2C5BD3422110}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher |
"{E17C37BC-7574-4011-8708-1A9C456BBC48}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{FE4F95A0-8F35-4F9C-964C-26BA2AD3D7B9}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher |
"{FEAE807B-1356-4A0F-88A3-48871532B650}" = lport=6987 | protocol=6 | dir=in | name=league of legends launcher |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A5FD35-377F-43B3-8C07-1E92661CBB76}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{0463DAEF-7811-4801-A8B1-2F3FDF2C4ED6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1755F99A-820A-4AE4-95BE-585294944361}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{1F918227-DE3B-4C75-87C4-94C44EE309C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{21C70D52-A7E2-45F8-95F5-5F5A56C7198C}" = protocol=6 | dir=in | app=c:\league of legends\air\lolclient.exe |
"{24F943A6-E911-4D37-816D-145A741527F0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{25BE620F-1F0C-4E13-92BF-C932AEFAEE6E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{375015AD-3EC1-44B1-B095-8A798769189F}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{37720196-8068-4A6D-9CCD-72D8685C4B23}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{3F799868-A83C-4348-BC4B-B36BDABDC505}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{40774E56-C278-426C-9AC1-89D239D30642}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{457442C5-AAB9-4603-AA4D-1BEF065F48F1}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{507C4C78-AC64-49D0-AC0E-EF577156D626}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe |
"{51B2E955-B03D-4DC4-898B-CF65C05D0EB2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{545CB333-673C-4885-B161-DE2D9E9DCC33}" = protocol=17 | dir=in | app=c:\league of legends\game\league of legends.exe |
"{55579BF8-4601-4C49-ACE2-BA6D62C941DF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{61DD59EF-16C1-4717-9B22-CD90F03D433C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6335BD01-A912-4A80-876B-9EFCC0D8DAB0}" = protocol=6 | dir=in | app=c:\league of legends\game\league of legends.exe |
"{6581AACF-BF6E-4E0D-997E-F3C7C4E1CE8D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{666A41B3-B379-4FE6-88EB-C19EA26E5CDE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{66916233-D3DC-4FF6-A4F7-8A0FAF70C23E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6D555F52-DEDF-44A8-9027-FC6A69787998}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{6FE07B4C-B6E0-439F-B3A9-585EE661D99A}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{7061C6E9-6010-448B-A984-6A718B972E9A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7637EB8E-0BA8-428E-B283-674E6A780952}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe |
"{763E4FC8-FAE2-4C86-9274-B0168F56681E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{79B44A92-7DE1-41C7-9FE8-CA0CAEDB8F46}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{886DF598-A501-41E8-B1E6-4DCAF6942139}" = protocol=6 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe |
"{8A67B9C7-2086-4E1A-9C4A-C93D9A34EC72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{93D2BE7E-AB90-40A5-94D2-249838F07A61}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{945B0C5E-F699-4861-BBCF-0285A4B08295}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{95E6ABE9-ED0A-4D69-9027-159E0CDB18B9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{9613C189-3A52-4EB9-93D1-0F9A88BA5690}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{9A3DCB8D-D6CB-4AA2-9EC3-4B5A6B0B625A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{9AEA0ABD-DB1B-40A7-8581-6589D8364138}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{9E3E65D3-B475-4A07-AEBA-F239BCF75336}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe |
"{A4BCD3B3-5038-4F6C-8E98-EDA8507836EA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{A76DB196-D08C-425D-8E0D-AFABF521C8B5}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{A8379D32-716E-42C8-B796-83F5C42288A3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{AB96C472-069F-4010-BA59-0C73EEE7AF68}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AC922372-BBD7-4977-9841-665FF5670D9C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{AF30D51A-8495-4088-8811-B6049C4EBF6D}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B39F633F-7E7A-4DA8-86B6-E248576E6498}" = protocol=17 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe |
"{B4464B3F-F197-4927-881B-E4BF96AFDB7E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B6786A1A-46A5-417E-9357-FE5A88D71AC3}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{B7CC5182-7F41-49AE-89E9-A38BE542A8BE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B9943E0D-6884-4B6D-A4FE-4C93A3CDC9DD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{BA3E22D7-7287-4A22-B5D2-7E267E6048D2}" = protocol=17 | dir=in | app=c:\league of legends\air\lolclient.exe |
"{BBEED90A-C73C-4884-BB36-C3FD452C9256}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{BC0C0C16-4AB8-4BF1-955A-243FFDBB73F4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BDA03587-3800-4889-9944-88952DEEF993}" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"{C3E4B142-7370-4281-B07D-689E948DA033}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{C4269324-1E9A-4059-998C-5A3FDACDF724}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{C5CB4147-7938-4462-9574-F6B1281E595C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CAD21E2B-6025-40A6-A703-C74CD3A13046}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{CB127B24-168F-4A89-B506-A0CA85C5A815}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{CE9E0697-6EC1-47A0-86DC-5A26B1007E5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D1214147-8320-44A4-97B7-FF408DD6B7B6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D66BA66B-1DEE-4896-892A-85369EA5BB99}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{D7EEDF0F-D690-42DF-BC7F-5A91C067B8CC}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{DBDCE47B-C794-4B19-B268-85B465B286D1}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EC395FFD-64C0-47B2-B161-351FC3B65B6B}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe |
"{F8EAFDC1-34B8-4C04-9149-A2BDE2AABD57}" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{1512127F-40CA-4833-822B-E0AA11A630E2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{20D4A642-2015-40E3-B6E8-CF3F63927EC5}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"TCP Query User{21CAC22B-373A-4C96-BECB-25518EFBD76D}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{2B13F138-8456-48C7-9EF2-208B874E00C2}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3356A4F7-C1AE-4793-A6F6-81854B345221}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{43873C80-AC12-4FB3-A3A2-0961307DFB9F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{59DCD455-7B3C-4E0C-82BB-6B8EC979F11D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6063009F-D621-4F55-8447-664F379F77F2}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{69F5DEEE-3E31-4DB3-9ED3-C123C0C18947}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{6E23A3FA-AED9-4EC1-98FF-000713F00236}C:\users\chriz\desktop\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\users\chriz\desktop\flatout2\flatout2.exe |
"TCP Query User{700AD149-6DC3-4CBD-A59A-CF61C705BB1E}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{8298B8E8-402C-4F0A-A893-E20C84774599}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"TCP Query User{8A92BBE8-7325-4212-9585-3EF77C731D2B}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{8C8B04BA-E5F4-4D13-8D51-A2C98D4698C3}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{9CA252DD-FA90-4BEE-B1BF-DDDE67DDC1C0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9D043FF0-374A-4C2D-9778-848B16443E3B}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A69F0C74-3AC9-411F-AD29-8B3ECA583CF4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B86E1132-F62A-4D29-8338-2CB727EC7664}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{C8D95EDD-4017-4CE7-B2BC-2DBB55A3D55A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{CC67D390-5BFE-4D6E-880B-51C6D72BE479}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{D0C005FC-1992-41D9-B3B4-729C5899C28F}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"TCP Query User{DAC229DF-1529-4B90-92CE-6378A65FAB50}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{DD816A11-8230-4F7B-A255-E76445B65FC5}C:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe |
"UDP Query User{0FC39C1A-17E1-41DD-B9AC-2BB5410C8619}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{15674B55-F2DC-437A-998C-13DCB5A6EC11}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1611DC9C-4DCD-4D25-A6AE-747A5F007BFA}C:\users\chriz\desktop\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\users\chriz\desktop\flatout2\flatout2.exe |
"UDP Query User{1B80AC34-2BE8-47D4-BC6C-4920333819DC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{2F86645E-20B3-4950-8511-06E4A98B68AA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3D89B994-C2B3-44CC-AF7E-C5F09B9EDD32}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{493CF04A-A959-4384-B102-4E2D4619B662}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{4C2A7F3A-E378-4154-8444-6DA5CFC0A615}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{55A59975-F397-4BB4-B83E-725EB7F2EBAD}C:\program files\activision\call of duty - world at war\codwaw.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"UDP Query User{61735BD6-311E-46DE-B442-46FC836AF34E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{70FF5B12-17C2-46BA-AB88-BC12FEA40FBF}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{79AAD8B4-AF80-48C8-BB9B-02EEFB36DA34}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{7AFC5599-A13B-4C24-A8DE-CC1556A4E120}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{7B6C3E02-CEBD-4673-9206-5CEFA7AA022C}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{83DF692C-8B58-4856-9C58-5AE7B823B211}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{8484B4AD-0DA7-4D47-911D-3599A839D809}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"UDP Query User{89D5763A-E9C1-41C0-B383-6A8E07262C64}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{90BD53E7-4AE6-4094-95DE-4B81CF91FD28}C:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\chriz\desktop\age of empires ii inkl. addon the conquerors\age2_x1\age2_x1.exe |
"UDP Query User{93C440D3-9A31-4F41-8EBE-C112DF58952A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D6D4F43F-2318-47FC-8320-A41644078DBB}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{DD50EB20-6B9C-47B8-90B4-6A5981FA9F7F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{ECAF81A3-0610-4655-94FE-63B099A7FD89}C:\programdata\battle.net\agent\agent.913\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"UDP Query User{F6B7FB52-3768-4CF2-82C7-B605ECBD5FD0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{32A3A4F4-B792-11D6-A78A-00B0D0160110}" = Java(TM) SE Development Kit 6 Update 11
"{336DD6B4-B100-4048-B2B7-FBA7059FD959}" = Yu-Gi-Oh! Power of Chaos JOEY THE PASSION
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{485C9280-B899-4D46-86F3-B3E459636EE5}" = Yu-Gi-Oh! Power of Chaos KAIBA THE REVENGE
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" =
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{C22826DB-8064-4607-9816-1B5B62358C3C}" = inSSIDer 2.0
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E89D31F3-7F6C-47A3-8669-0A8DDE27B664}" = VAIO Media Registration Tool
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"Adobe AIR" = Adobe AIR
"Avira AntiVir Desktop" = Avira Professional Security
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" =
"eBay HTML" =
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQ Password" = ICQ Password
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IsoBuster_is1" = IsoBuster 2.8.5
"JCreator LE_is1" = JCreator LE 4.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa2" = Picasa 2
"PokerStars" = PokerStars
"Security Task Manager" = Security Task Manager 1.8d
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 3.2
"SopCast" = SopCast 3.2.9
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VAIO Help and Support" =
"VAIO MFU Module" =
"VAIO Xblack Contents" = VAIO Xblack Contents
"VLC media player" = VLC media player 1.0.2
"Wecker 2.2" = Wecker 2.2 2.2
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.4
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.09.2011 21:08:46 | Computer Name = chris-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 29.09.2011 21:08:51 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 29.09.2011 21:08:51 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.09.2011 07:52:18 | Computer Name = chris-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 30.09.2011 07:52:21 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.09.2011 07:52:21 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 30.09.2011 09:59:20 | Computer Name = chris-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 30.09.2011 10:33:07 | Computer Name = chris-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 01.10.2011 10:03:41 | Computer Name = chris-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 01.10.2011 10:03:43 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.10.2011 10:03:43 | Computer Name = chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 01.10.2011 10:35:57 | Computer Name = chris-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 02.08.2012 04:00:47 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 02.08.2012 04:07:39 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 02.08.2012 04:07:39 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 02.08.2012 04:08:26 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
Error - 02.08.2012 04:08:38 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 02.08.2012 04:08:38 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 02.08.2012 04:12:00 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 02.08.2012 04:12:00 | Computer Name = chris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 02.08.2012 04:12:00 | Computer Name = chris-PC | Source = DCOM | ID = 10005
Description =
Error - 02.08.2012 05:59:40 | Computer Name = chris-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
< End of report >
Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/02/2012 at 13:38:27
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : chriz - CHRIS-PC
# Running from : C:\Users\chriz\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\chriz\Desktop\Save
Folder Found : C:\ProgramData\Trymedia
File Found : C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\searchplugins\web-search.xml
***** [Registry] *****
Key Found : HKLM\SOFTWARE\DT Soft
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\prefs.js
Found : user_pref("browser.search.defaultenginename", "Web Search...");
Found : user_pref("extensions.vshare@toolbar.update.enabled", false);
Found : user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=");
*************************
AdwCleaner[R1].txt - [1270 octets] - [02/08/2012 12:35:54]
AdwCleaner[R2].txt - [1199 octets] - [02/08/2012 13:38:27]
########## EOF - C:\AdwCleaner[R2].txt - [1327 octets] ##########
|
|
02.08.2012, 17:14
| #2 |
| /// Helfer-Team  | Bundespolizeitrojaner entdeckt - Logs anbei Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Users\chriz\AppData\Local\Temp\jre-7u5-windows-i586-iftw.exe (Oracle Corporation)
DRV - (NSNDIS5) -- C:\Windows\system32\NSNDIS5.SYS File not found
DRV - (asxyq2lt) -- File not found
IE - HKLM\..\SearchScopes,DefaultScope = {E87584EE-A620-4117-A1F3-ECEB4AF1F77B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}: "URL" = http://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes,DefaultScope = {E87584EE-A620-4117-A1F3-ECEB4AF1F77B}
IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\..\SearchScopes\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK
IE - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.readmore.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\Shell - "" = AutoRun
O33 - MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\Shell\AutoRun\command - "" = G:\baldur.exe
[2012.08.02 11:26:15 | 000,071,455 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\nvModes.001
[2012.08.01 17:14:52 | 000,071,455 | ---- | M] () -- C:\Users\chriz\AppData\Roaming\nvModes.dat
[2012.08.02 12:07:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.02 10:23:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
02.08.2012, 19:03
| #3 |
| | Bundespolizeitrojaner entdeckt - Logs anbei Hallo t'john,
__________________danke für deine Antwort. Ich habe das Skript in OTL ausgeführt. Anbei der Log. Ich habe mittlerweile auch den Avira Rescue Scan von der selbsterstellten DVD ausgeführt. UNd dann habe ich noch TDSSKiller durchlaufen lassen und der hat wohl etwas entdeckt... Gruß Hydrom OTL-Log nach Neustart Code:
ATTFilter All processes killed
========== OTL ==========
No active process named jre-7u5-windows-i586-iftw.exe was found!
Service NSNDIS5 stopped successfully!
Service NSNDIS5 deleted successfully!
File C:\Windows\system32\NSNDIS5.SYS File not found not found.
Error: No service named asxyq2lt was found to stop!
Service\Driver key asxyq2lt not found.
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted
successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}\ deleted
successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set
successfully!
Registry key HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-
472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E87584EE-A620-
4117-A1F3-ECEB4AF1F77B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87584EE-A620-4117-A1F3-ECEB4AF1F77B}\ not found.
HKU\S-1-5-21-1255904841-3874207504-1916605801-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E :
value set successfully!
Prefs.js: "Web Search..." removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.readmore.de" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50370 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted
successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1255904841-3874207504-1916605801-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\
\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted
successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon\ deleted successfully.
C:\Windows\System32\VESWinlogon.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\
deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46c25759-4d72-11df-bb30-001a801f0678}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46c25759-4d72-11df-bb30-001a801f0678}\ not
found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46c25759-4d72-11df-bb30-001a801f0678}\ not found.
File G:\baldur.exe not found.
C:\Users\chriz\AppData\Roaming\nvModes.001 moved successfully.
C:\Users\chriz\AppData\Roaming\nvModes.dat moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\chriz\Desktop\cmd.bat deleted successfully.
C:\Users\chriz\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: chriz
->Temp folder emptied: 266754430 bytes
->Temporary Internet Files folder emptied: 102555 bytes
->Java cache emptied: 89766 bytes
->FireFox cache emptied: 54932359 bytes
->Flash cache emptied: 453 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14548523 bytes
RecycleBin emptied: 1071 bytes
Total Files Cleaned = 321,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: chriz
->Flash cache emptied: 0 bytes
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 08022012_200842
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2009.07.14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) C:\Windows\System32\mctadmin.exe :
MD5=BBA1A5B86134F496B926DDAF247DB871
Registry entries deleted on Reboot...
Code:
ATTFilter 20:25:17.0001 3096 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:25:17.0813 3096 ============================================================
20:25:17.0813 3096 Current date / time: 2012/08/02 20:25:17.0813
20:25:17.0813 3096 SystemInfo:
20:25:17.0813 3096
20:25:17.0813 3096 OS Version: 6.1.7600 ServicePack: 0.0
20:25:17.0813 3096 Product type: Workstation
20:25:17.0813 3096 ComputerName: CHRIS-PC
20:25:17.0813 3096 UserName: chriz
20:25:17.0813 3096 Windows directory: C:\Windows
20:25:17.0813 3096 System windows directory: C:\Windows
20:25:17.0813 3096 Processor architecture: Intel x86
20:25:17.0813 3096 Number of processors: 2
20:25:17.0813 3096 Page size: 0x1000
20:25:17.0813 3096 Boot type: Normal boot
20:25:17.0813 3096 ============================================================
20:25:18.0405 3096 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:25:18.0405 3096 ============================================================
20:25:18.0405 3096 \Device\Harddisk0\DR0:
20:25:18.0405 3096 MBR partitions:
20:25:18.0405 3096 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1422000, BlocksNum 0x1607C800
20:25:18.0405 3096 ============================================================
20:25:18.0452 3096 C: <-> \Device\Harddisk0\DR0\Partition0
20:25:18.0452 3096 ============================================================
20:25:18.0452 3096 Initialize success
20:25:18.0452 3096 ============================================================
20:25:21.0619 3980 ============================================================
20:25:21.0619 3980 Scan started
20:25:21.0619 3980 Mode: Manual;
20:25:21.0619 3980 ============================================================
20:25:23.0569 3980 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:25:23.0585 3980 1394ohci - ok
20:25:23.0647 3980 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:25:23.0663 3980 ACPI - ok
20:25:23.0725 3980 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:25:23.0725 3980 AcpiPmi - ok
20:25:23.0819 3980 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:25:24.0084 3980 adp94xx - ok
20:25:24.0146 3980 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:25:24.0177 3980 adpahci - ok
20:25:24.0271 3980 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:25:24.0287 3980 adpu320 - ok
20:25:24.0333 3980 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
20:25:24.0349 3980 AeLookupSvc - ok
20:25:24.0427 3980 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
20:25:24.0458 3980 AFD - ok
20:25:24.0505 3980 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:25:24.0505 3980 agp440 - ok
20:25:24.0567 3980 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:25:24.0567 3980 aic78xx - ok
20:25:24.0599 3980 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
20:25:24.0599 3980 ALG - ok
20:25:24.0645 3980 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:25:24.0645 3980 aliide - ok
20:25:24.0692 3980 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:25:24.0708 3980 amdagp - ok
20:25:24.0723 3980 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:25:24.0739 3980 amdide - ok
20:25:24.0770 3980 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:25:24.0786 3980 AmdK8 - ok
20:25:24.0817 3980 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:25:24.0817 3980 AmdPPM - ok
20:25:24.0848 3980 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
20:25:24.0848 3980 amdsata - ok
20:25:24.0879 3980 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:25:24.0895 3980 amdsbs - ok
20:25:24.0942 3980 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
20:25:24.0942 3980 amdxata - ok
20:25:25.0082 3980 AntiVirMailService (56beb1292dc71e49c824455ec582bfce) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
20:25:25.0129 3980 AntiVirMailService - ok
20:25:25.0176 3980 AntiVirSchedulerService (7abe4092c35e7d4596487dfa075d84e1) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:25:25.0191 3980 AntiVirSchedulerService - ok
20:25:25.0223 3980 AntiVirService (5a37ffa608ae126c9702f5c07e07fc08) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:25:25.0223 3980 AntiVirService - ok
20:25:25.0316 3980 AntiVirWebService (5f2f39626586536ca86f402a1c947463) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:25:25.0347 3980 AntiVirWebService - ok
20:25:25.0410 3980 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:25:25.0425 3980 ApfiltrService - ok
20:25:25.0519 3980 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:25:25.0519 3980 AppID - ok
20:25:25.0581 3980 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
20:25:25.0597 3980 AppIDSvc - ok
20:25:25.0613 3980 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
20:25:25.0628 3980 Appinfo - ok
20:25:25.0659 3980 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:25:25.0675 3980 arc - ok
20:25:25.0675 3980 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:25:25.0691 3980 arcsas - ok
20:25:25.0691 3980 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:25:25.0706 3980 AsyncMac - ok
20:25:25.0737 3980 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:25:25.0737 3980 atapi - ok
20:25:25.0831 3980 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:25:25.0847 3980 AudioEndpointBuilder - ok
20:25:25.0862 3980 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
20:25:25.0878 3980 Audiosrv - ok
20:25:25.0925 3980 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
20:25:25.0940 3980 avgntflt - ok
20:25:25.0971 3980 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
20:25:26.0003 3980 avipbb - ok
20:25:26.0018 3980 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
20:25:26.0018 3980 avkmgr - ok
20:25:26.0096 3980 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
20:25:26.0112 3980 AxInstSV - ok
20:25:26.0205 3980 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:25:26.0237 3980 b06bdrv - ok
20:25:26.0283 3980 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:25:26.0299 3980 b57nd60x - ok
20:25:26.0346 3980 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
20:25:26.0361 3980 BDESVC - ok
20:25:26.0377 3980 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:25:26.0377 3980 Beep - ok
20:25:26.0455 3980 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
20:25:26.0486 3980 BFE - ok
20:25:26.0580 3980 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
20:25:26.0611 3980 BITS - ok
20:25:26.0642 3980 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:25:26.0642 3980 blbdrive - ok
20:25:26.0673 3980 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
20:25:26.0673 3980 bowser - ok
20:25:26.0705 3980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:25:26.0705 3980 BrFiltLo - ok
20:25:26.0751 3980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:25:26.0751 3980 BrFiltUp - ok
20:25:26.0814 3980 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
20:25:26.0814 3980 Browser - ok
20:25:26.0861 3980 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:25:26.0876 3980 Brserid - ok
20:25:26.0892 3980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:25:26.0907 3980 BrSerWdm - ok
20:25:26.0923 3980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:25:26.0923 3980 BrUsbMdm - ok
20:25:26.0939 3980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:25:26.0939 3980 BrUsbSer - ok
20:25:27.0001 3980 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
20:25:27.0001 3980 BthEnum - ok
20:25:27.0017 3980 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:25:27.0032 3980 BTHMODEM - ok
20:25:27.0048 3980 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
20:25:27.0048 3980 BthPan - ok
20:25:27.0095 3980 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
20:25:27.0110 3980 BTHPORT - ok
20:25:27.0141 3980 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
20:25:27.0157 3980 bthserv - ok
20:25:27.0173 3980 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
20:25:27.0173 3980 BTHUSB - ok
20:25:27.0235 3980 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:25:27.0235 3980 cdfs - ok
20:25:27.0282 3980 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:25:27.0282 3980 cdrom - ok
20:25:27.0344 3980 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:25:27.0360 3980 CertPropSvc - ok
20:25:27.0391 3980 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:25:27.0391 3980 circlass - ok
20:25:27.0422 3980 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:25:27.0438 3980 CLFS - ok
20:25:27.0547 3980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:25:27.0563 3980 clr_optimization_v2.0.50727_32 - ok
20:25:27.0594 3980 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:25:27.0594 3980 CmBatt - ok
20:25:27.0609 3980 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:25:27.0625 3980 cmdide - ok
20:25:27.0672 3980 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:25:27.0672 3980 CNG - ok
20:25:27.0719 3980 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:25:27.0734 3980 Compbatt - ok
20:25:27.0750 3980 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:25:27.0765 3980 CompositeBus - ok
20:25:27.0765 3980 COMSysApp - ok
20:25:27.0781 3980 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:25:27.0797 3980 crcdisk - ok
20:25:27.0859 3980 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
20:25:27.0859 3980 CryptSvc - ok
20:25:27.0906 3980 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
20:25:27.0906 3980 CVirtA - ok
20:25:28.0140 3980 CVPND (ea4300e53e5d4d1912ad04985f6264f0) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
20:25:28.0249 3980 CVPND - ok
20:25:28.0452 3980 CVPNDRVA (34c345aaf390c12ae6e51b75198e8564) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:25:28.0499 3980 CVPNDRVA - ok
20:25:28.0561 3980 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:25:28.0577 3980 DcomLaunch - ok
20:25:28.0655 3980 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
20:25:28.0670 3980 defragsvc - ok
20:25:28.0733 3980 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
20:25:28.0748 3980 DfsC - ok
20:25:28.0811 3980 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
20:25:28.0826 3980 Dhcp - ok
20:25:28.0842 3980 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:25:28.0857 3980 discache - ok
20:25:28.0904 3980 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:25:28.0920 3980 Disk - ok
20:25:28.0935 3980 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
20:25:28.0951 3980 DMICall - ok
20:25:28.0998 3980 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
20:25:28.0998 3980 DNE - ok
20:25:29.0060 3980 Dnscache (d0722e963d3c6145446874241401b209) C:\Windows\System32\dnsrslvr.dll
20:25:29.0060 3980 Dnscache - ok
20:25:29.0091 3980 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
20:25:29.0123 3980 dot3svc - ok
20:25:29.0154 3980 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
20:25:29.0154 3980 DPS - ok
20:25:29.0201 3980 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:25:29.0216 3980 drmkaud - ok
20:25:29.0294 3980 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
20:25:29.0372 3980 DXGKrnl - ok
20:25:29.0435 3980 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
20:25:29.0450 3980 EapHost - ok
20:25:29.0731 3980 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:25:29.0856 3980 ebdrv - ok
20:25:30.0027 3980 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
20:25:30.0043 3980 EFS - ok
20:25:30.0168 3980 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
20:25:30.0215 3980 ehRecvr - ok
20:25:30.0246 3980 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
20:25:30.0261 3980 ehSched - ok
20:25:30.0355 3980 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:25:30.0386 3980 elxstor - ok
20:25:30.0402 3980 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:25:30.0417 3980 ErrDev - ok
20:25:30.0495 3980 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
20:25:30.0511 3980 EventSystem - ok
20:25:30.0698 3980 EverestDriver (69c7c1f9b0b24f31604a68679bd07555) C:\Users\chriz\Desktop\Everest Ultimate\kerneld.wnt
20:25:30.0698 3980 EverestDriver - ok
20:25:30.0729 3980 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:25:30.0745 3980 exfat - ok
20:25:30.0776 3980 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:25:30.0792 3980 fastfat - ok
20:25:30.0870 3980 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
20:25:30.0885 3980 Fax - ok
20:25:30.0963 3980 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:25:30.0979 3980 fdc - ok
20:25:31.0026 3980 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
20:25:31.0041 3980 fdPHost - ok
20:25:31.0057 3980 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
20:25:31.0057 3980 FDResPub - ok
20:25:31.0073 3980 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:25:31.0088 3980 FileInfo - ok
20:25:31.0104 3980 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:25:31.0104 3980 Filetrace - ok
20:25:31.0229 3980 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:25:31.0275 3980 FLEXnet Licensing Service - ok
20:25:31.0307 3980 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:25:31.0307 3980 flpydisk - ok
20:25:31.0338 3980 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:25:31.0353 3980 FltMgr - ok
20:25:31.0416 3980 FontCache (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll
20:25:31.0463 3980 FontCache - ok
20:25:31.0587 3980 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:25:31.0603 3980 FontCache3.0.0.0 - ok
20:25:31.0650 3980 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:25:31.0665 3980 FsDepends - ok
20:25:31.0681 3980 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:25:31.0681 3980 Fs_Rec - ok
20:25:31.0728 3980 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:25:31.0743 3980 fvevol - ok
20:25:31.0775 3980 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:25:31.0775 3980 gagp30kx - ok
20:25:31.0821 3980 GEARAspiWDM (f877c945233039914dbe63b76f9a1065) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:25:31.0821 3980 GEARAspiWDM - ok
20:25:31.0915 3980 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
20:25:31.0946 3980 gpsvc - ok
20:25:32.0133 3980 gupdate1c9a77f619e5ddc (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:32.0133 3980 gupdate1c9a77f619e5ddc - ok
20:25:32.0149 3980 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:32.0149 3980 gupdatem - ok
20:25:32.0180 3980 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:25:32.0196 3980 gusvc - ok
20:25:32.0227 3980 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
20:25:32.0227 3980 hamachi - ok
20:25:32.0274 3980 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:25:32.0289 3980 hcw85cir - ok
20:25:32.0321 3980 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:25:32.0321 3980 HDAudBus - ok
20:25:32.0336 3980 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:25:32.0336 3980 HidBatt - ok
20:25:32.0352 3980 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:25:32.0367 3980 HidBth - ok
20:25:32.0383 3980 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:25:32.0383 3980 HidIr - ok
20:25:32.0430 3980 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
20:25:32.0445 3980 hidserv - ok
20:25:32.0492 3980 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:25:32.0492 3980 HidUsb - ok
20:25:32.0539 3980 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
20:25:32.0555 3980 hkmsvc - ok
20:25:32.0586 3980 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
20:25:32.0601 3980 HomeGroupListener - ok
20:25:32.0679 3980 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
20:25:32.0695 3980 HomeGroupProvider - ok
20:25:32.0773 3980 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:25:32.0789 3980 HpSAMD - ok
20:25:32.0913 3980 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:25:32.0991 3980 HSF_DPV - ok
20:25:33.0007 3980 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:25:33.0023 3980 HSXHWAZL - ok
20:25:33.0085 3980 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:25:33.0101 3980 HTTP - ok
20:25:33.0116 3980 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:25:33.0116 3980 hwpolicy - ok
20:25:33.0147 3980 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:25:33.0163 3980 i8042prt - ok
20:25:33.0210 3980 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
20:25:33.0225 3980 iaStor - ok
20:25:33.0272 3980 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
20:25:33.0288 3980 iaStorV - ok
20:25:33.0428 3980 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
20:25:33.0459 3980 IDriverT - ok
20:25:33.0631 3980 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:25:33.0725 3980 idsvc - ok
20:25:33.0881 3980 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:25:33.0881 3980 iirsp - ok
20:25:33.0990 3980 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
20:25:34.0052 3980 IKEEXT - ok
20:25:34.0130 3980 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:25:34.0130 3980 intelide - ok
20:25:34.0161 3980 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:25:34.0161 3980 intelppm - ok
20:25:34.0177 3980 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
20:25:34.0193 3980 IPBusEnum - ok
20:25:34.0208 3980 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:25:34.0224 3980 IpFilterDriver - ok
20:25:34.0271 3980 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
20:25:34.0286 3980 iphlpsvc - ok
20:25:34.0349 3980 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:25:34.0380 3980 IPMIDRV - ok
20:25:34.0411 3980 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:25:34.0411 3980 IPNAT - ok
20:25:34.0458 3980 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:25:34.0458 3980 IRENUM - ok
20:25:34.0473 3980 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:25:34.0473 3980 isapnp - ok
20:25:34.0505 3980 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:25:34.0520 3980 iScsiPrt - ok
20:25:34.0629 3980 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:25:34.0645 3980 IviRegMgr - ok
20:25:34.0676 3980 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:25:34.0692 3980 kbdclass - ok
20:25:34.0723 3980 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:25:34.0723 3980 kbdhid - ok
20:25:34.0770 3980 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:25:34.0785 3980 KeyIso - ok
20:25:34.0832 3980 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
20:25:34.0848 3980 KSecDD - ok
20:25:34.0895 3980 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
20:25:34.0910 3980 KSecPkg - ok
20:25:34.0957 3980 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
20:25:34.0988 3980 KtmRm - ok
20:25:35.0066 3980 LanmanServer (bca92cb047a4326925ecef759dbaa233) C:\Windows\system32\srvsvc.dll
20:25:35.0066 3980 LanmanServer - ok
20:25:35.0129 3980 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
20:25:35.0144 3980 LanmanWorkstation - ok
20:25:35.0207 3980 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:25:35.0207 3980 lltdio - ok
20:25:35.0253 3980 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
20:25:35.0269 3980 lltdsvc - ok
20:25:35.0285 3980 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
20:25:35.0300 3980 lmhosts - ok
20:25:35.0331 3980 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:25:35.0347 3980 LSI_FC - ok
20:25:35.0363 3980 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:25:35.0363 3980 LSI_SAS - ok
20:25:35.0394 3980 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:25:35.0394 3980 LSI_SAS2 - ok
20:25:35.0441 3980 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:25:35.0456 3980 LSI_SCSI - ok
20:25:35.0472 3980 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:25:35.0487 3980 luafv - ok
20:25:35.0534 3980 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
20:25:35.0534 3980 MBAMProtector - ok
20:25:35.0659 3980 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:25:35.0675 3980 MBAMService - ok
20:25:35.0721 3980 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
20:25:35.0737 3980 Mcx2Svc - ok
20:25:35.0799 3980 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:25:35.0815 3980 mdmxsdk - ok
20:25:35.0831 3980 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:25:35.0831 3980 megasas - ok
20:25:35.0877 3980 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:25:35.0893 3980 MegaSR - ok
20:25:36.0018 3980 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:25:36.0033 3980 Microsoft Office Groove Audit Service - ok
20:25:36.0096 3980 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:25:36.0096 3980 MMCSS - ok
20:25:36.0111 3980 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:25:36.0127 3980 Modem - ok
20:25:36.0189 3980 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:25:36.0189 3980 monitor - ok
20:25:36.0221 3980 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:25:36.0236 3980 mouclass - ok
20:25:36.0283 3980 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:25:36.0283 3980 mouhid - ok
20:25:36.0314 3980 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:25:36.0330 3980 mountmgr - ok
20:25:36.0455 3980 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:25:36.0470 3980 MozillaMaintenance - ok
20:25:36.0517 3980 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:25:36.0533 3980 mpio - ok
20:25:36.0564 3980 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:25:36.0564 3980 mpsdrv - ok
20:25:36.0657 3980 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
20:25:36.0689 3980 MpsSvc - ok
20:25:36.0720 3980 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:25:36.0735 3980 MRxDAV - ok
20:25:36.0798 3980 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:25:36.0813 3980 mrxsmb - ok
20:25:36.0829 3980 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:25:36.0845 3980 mrxsmb10 - ok
20:25:36.0860 3980 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:25:36.0876 3980 mrxsmb20 - ok
20:25:36.0923 3980 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:25:36.0923 3980 msahci - ok
20:25:37.0063 3980 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
20:25:37.0079 3980 MSCSPTISRV - ok
20:25:37.0141 3980 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:25:37.0157 3980 msdsm - ok
20:25:37.0203 3980 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
20:25:37.0219 3980 MSDTC - ok
20:25:37.0235 3980 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:25:37.0235 3980 Msfs - ok
20:25:37.0250 3980 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:25:37.0250 3980 mshidkmdf - ok
20:25:37.0266 3980 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:25:37.0266 3980 msisadrv - ok
20:25:37.0344 3980 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
20:25:37.0359 3980 MSiSCSI - ok
20:25:37.0375 3980 msiserver - ok
20:25:37.0391 3980 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:25:37.0391 3980 MSKSSRV - ok
20:25:37.0422 3980 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:25:37.0422 3980 MSPCLOCK - ok
20:25:37.0437 3980 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:25:37.0437 3980 MSPQM - ok
20:25:37.0469 3980 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:25:37.0484 3980 MsRPC - ok
20:25:37.0500 3980 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:25:37.0500 3980 mssmbios - ok
20:25:37.0515 3980 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:25:37.0531 3980 MSTEE - ok
20:25:37.0547 3980 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:25:37.0547 3980 MTConfig - ok
20:25:37.0562 3980 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:25:37.0562 3980 Mup - ok
20:25:37.0640 3980 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
20:25:37.0640 3980 napagent - ok
20:25:37.0718 3980 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:25:37.0734 3980 NativeWifiP - ok
20:25:37.0796 3980 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:25:37.0827 3980 NDIS - ok
20:25:37.0843 3980 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:25:37.0859 3980 NdisCap - ok
20:25:37.0874 3980 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:25:37.0874 3980 NdisTapi - ok
20:25:37.0905 3980 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:25:37.0921 3980 Ndisuio - ok
20:25:37.0937 3980 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:25:37.0952 3980 NdisWan - ok
20:25:37.0968 3980 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:25:37.0968 3980 NDProxy - ok
20:25:37.0999 3980 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:25:38.0015 3980 NetBIOS - ok
20:25:38.0030 3980 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:25:38.0046 3980 NetBT - ok
20:25:38.0093 3980 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:25:38.0093 3980 Netlogon - ok
20:25:38.0186 3980 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
20:25:38.0202 3980 Netman - ok
20:25:38.0249 3980 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
20:25:38.0280 3980 netprofm - ok
20:25:38.0420 3980 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:25:38.0436 3980 NetTcpPortSharing - ok
20:25:38.0888 3980 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
20:25:39.0091 3980 netw5v32 - ok
20:25:39.0325 3980 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:25:39.0325 3980 nfrd960 - ok
20:25:39.0403 3980 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
20:25:39.0419 3980 NlaSvc - ok
20:25:39.0450 3980 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:25:39.0450 3980 Npfs - ok
20:25:39.0465 3980 npggsvc - ok
20:25:39.0497 3980 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
20:25:39.0497 3980 nsi - ok
20:25:39.0512 3980 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:25:39.0512 3980 nsiproxy - ok
20:25:39.0621 3980 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
20:25:39.0715 3980 Ntfs - ok
20:25:39.0731 3980 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:25:39.0746 3980 Null - ok
20:25:40.0417 3980 nvlddmkm (61cc6e7237973caa4e384ce97fd7a7b9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:25:40.0729 3980 nvlddmkm - ok
20:25:40.0979 3980 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
20:25:40.0994 3980 nvraid - ok
20:25:41.0057 3980 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
20:25:41.0057 3980 nvstor - ok
20:25:41.0072 3980 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:25:41.0088 3980 nv_agp - ok
20:25:41.0244 3980 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:25:41.0306 3980 odserv - ok
20:25:41.0337 3980 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:25:41.0337 3980 ohci1394 - ok
20:25:41.0400 3980 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:25:41.0415 3980 ose - ok
20:25:41.0509 3980 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:25:41.0540 3980 p2pimsvc - ok
20:25:41.0587 3980 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
20:25:41.0603 3980 p2psvc - ok
20:25:41.0696 3980 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
20:25:41.0712 3980 PACSPTISVR - ok
20:25:41.0774 3980 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:25:41.0774 3980 Parport - ok
20:25:41.0806 3980 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:25:41.0821 3980 partmgr - ok
20:25:41.0837 3980 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:25:41.0837 3980 Parvdm - ok
20:25:41.0868 3980 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
20:25:41.0884 3980 PcaSvc - ok
20:25:41.0899 3980 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:25:41.0915 3980 pci - ok
20:25:41.0930 3980 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:25:41.0930 3980 pciide - ok
20:25:41.0962 3980 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:25:41.0962 3980 pcmcia - ok
20:25:41.0993 3980 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:25:42.0008 3980 pcw - ok
20:25:42.0055 3980 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:25:42.0086 3980 PEAUTH - ok
20:25:42.0258 3980 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
20:25:42.0352 3980 pla - ok
20:25:42.0554 3980 PlugPlay (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll
20:25:42.0570 3980 PlugPlay - ok
20:25:42.0570 3980 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
20:25:42.0586 3980 PNRPAutoReg - ok
20:25:42.0617 3980 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
20:25:42.0632 3980 PNRPsvc - ok
20:25:42.0695 3980 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
20:25:42.0695 3980 Point32 - ok
20:25:42.0788 3980 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
20:25:42.0804 3980 PolicyAgent - ok
20:25:42.0835 3980 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
20:25:42.0851 3980 Power - ok
20:25:42.0913 3980 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:25:42.0929 3980 PptpMiniport - ok
20:25:42.0944 3980 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:25:42.0960 3980 Processor - ok
20:25:43.0022 3980 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
20:25:43.0022 3980 ProfSvc - ok
20:25:43.0069 3980 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:25:43.0069 3980 ProtectedStorage - ok
20:25:43.0100 3980 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:25:43.0100 3980 Psched - ok
20:25:43.0132 3980 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
20:25:43.0132 3980 PxHelp20 - ok
20:25:43.0256 3980 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:25:43.0334 3980 ql2300 - ok
20:25:43.0568 3980 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:25:43.0584 3980 ql40xx - ok
20:25:43.0631 3980 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
20:25:43.0646 3980 QWAVE - ok
20:25:43.0662 3980 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:25:43.0662 3980 QWAVEdrv - ok
20:25:43.0724 3980 R5U870FLx86 (9ac8ac6cd00100443ea6afd0a4ade8f7) C:\Windows\system32\Drivers\R5U870FLx86.sys
20:25:43.0724 3980 R5U870FLx86 - ok
20:25:43.0740 3980 R5U870FUx86 (1ae358affffd13bf6ec7dc72dccfac12) C:\Windows\system32\Drivers\R5U870FUx86.sys
20:25:43.0756 3980 R5U870FUx86 - ok
20:25:43.0771 3980 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:25:43.0771 3980 RasAcd - ok
20:25:43.0834 3980 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:25:43.0849 3980 RasAgileVpn - ok
20:25:43.0865 3980 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
20:25:43.0880 3980 RasAuto - ok
20:25:43.0896 3980 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:25:43.0896 3980 Rasl2tp - ok
20:25:43.0927 3980 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
20:25:43.0943 3980 RasMan - ok
20:25:43.0958 3980 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:25:43.0958 3980 RasPppoe - ok
20:25:43.0974 3980 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:25:43.0990 3980 RasSstp - ok
20:25:44.0021 3980 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:25:44.0021 3980 rdbss - ok
20:25:44.0083 3980 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:25:44.0083 3980 rdpbus - ok
20:25:44.0099 3980 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:25:44.0099 3980 RDPCDD - ok
20:25:44.0130 3980 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:25:44.0146 3980 RDPENCDD - ok
20:25:44.0161 3980 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:25:44.0161 3980 RDPREFMP - ok
20:25:44.0192 3980 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:25:44.0192 3980 RDPWD - ok
20:25:44.0239 3980 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:25:44.0239 3980 rdyboost - ok
20:25:44.0270 3980 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
20:25:44.0270 3980 regi - ok
20:25:44.0333 3980 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
20:25:44.0348 3980 RemoteAccess - ok
20:25:44.0380 3980 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
20:25:44.0395 3980 RemoteRegistry - ok
20:25:44.0426 3980 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
20:25:44.0442 3980 RFCOMM - ok
20:25:44.0458 3980 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
20:25:44.0458 3980 RpcEptMapper - ok
20:25:44.0504 3980 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
20:25:44.0520 3980 RpcLocator - ok
20:25:44.0551 3980 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
20:25:44.0567 3980 RpcSs - ok
20:25:44.0614 3980 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:25:44.0629 3980 rspndr - ok
20:25:44.0645 3980 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:25:44.0645 3980 SamSs - ok
20:25:44.0676 3980 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:25:44.0692 3980 sbp2port - ok
20:25:44.0738 3980 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
20:25:44.0754 3980 SCardSvr - ok
20:25:44.0785 3980 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:25:44.0785 3980 scfilter - ok
20:25:44.0848 3980 Schedule (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll
20:25:44.0879 3980 Schedule - ok
20:25:44.0941 3980 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
20:25:44.0941 3980 SCPolicySvc - ok
20:25:44.0972 3980 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
20:25:44.0988 3980 SDRSVC - ok
20:25:45.0019 3980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:25:45.0019 3980 secdrv - ok
20:25:45.0019 3980 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
20:25:45.0019 3980 seclogon - ok
20:25:45.0035 3980 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
20:25:45.0050 3980 SENS - ok
20:25:45.0097 3980 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
20:25:45.0113 3980 SensrSvc - ok
20:25:45.0128 3980 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:25:45.0128 3980 Serenum - ok
20:25:45.0175 3980 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:25:45.0191 3980 Serial - ok
20:25:45.0238 3980 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:25:45.0238 3980 sermouse - ok
20:25:45.0316 3980 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
20:25:45.0331 3980 SessionEnv - ok
20:25:45.0347 3980 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:25:45.0362 3980 sffdisk - ok
20:25:45.0378 3980 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:25:45.0394 3980 sffp_mmc - ok
20:25:45.0409 3980 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:25:45.0409 3980 sffp_sd - ok
20:25:45.0440 3980 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:25:45.0456 3980 sfloppy - ok
20:25:45.0518 3980 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
20:25:45.0534 3980 SharedAccess - ok
20:25:45.0581 3980 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
20:25:45.0581 3980 ShellHWDetection - ok
20:25:45.0612 3980 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:25:45.0612 3980 sisagp - ok
20:25:45.0628 3980 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:25:45.0643 3980 SiSRaid2 - ok
20:25:45.0690 3980 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:25:45.0690 3980 SiSRaid4 - ok
20:25:45.0737 3980 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:25:45.0752 3980 Smb - ok
20:25:45.0815 3980 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys
20:25:45.0815 3980 SNC - ok
20:25:45.0877 3980 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
20:25:45.0893 3980 SNMPTRAP - ok
20:25:45.0924 3980 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:25:45.0924 3980 spldr - ok
20:25:45.0971 3980 Spooler (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe
20:25:45.0986 3980 Spooler - ok
20:25:46.0236 3980 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
20:25:46.0330 3980 sppsvc - ok
20:25:46.0501 3980 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
20:25:46.0501 3980 sppuinotify - ok
20:25:46.0595 3980 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
20:25:46.0595 3980 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:25:46.0595 3980 sptd ( LockedFile.Multi.Generic ) - warning
20:25:46.0595 3980 sptd - detected LockedFile.Multi.Generic (1)
20:25:46.0735 3980 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
20:25:46.0735 3980 SPTISRV - ok
20:25:46.0813 3980 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
20:25:46.0844 3980 srv - ok
20:25:46.0922 3980 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
20:25:46.0954 3980 srv2 - ok
20:25:46.0985 3980 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
20:25:47.0000 3980 srvnet - ok
20:25:47.0063 3980 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
20:25:47.0063 3980 SSDPSRV - ok
20:25:47.0094 3980 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:25:47.0110 3980 ssmdrv - ok
20:25:47.0125 3980 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
20:25:47.0141 3980 SstpSvc - ok
20:25:47.0203 3980 STacSV (b218068eba6f46f102b4218bdb81be0b) C:\Windows\system32\stacsv.exe
20:25:47.0219 3980 STacSV - ok
20:25:47.0250 3980 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:25:47.0250 3980 stexstor - ok
20:25:47.0281 3980 STHDA (167909a1c36aa3e8f2582962f0ccc748) C:\Windows\system32\drivers\stwrt.sys
20:25:47.0297 3980 STHDA - ok
20:25:47.0375 3980 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
20:25:47.0437 3980 StiSvc - ok
20:25:47.0500 3980 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:25:47.0500 3980 swenum - ok
20:25:47.0593 3980 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
20:25:47.0624 3980 swprv - ok
20:25:47.0734 3980 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
20:25:47.0780 3980 SysMain - ok
20:25:47.0796 3980 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
20:25:47.0812 3980 TabletInputService - ok
20:25:47.0843 3980 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
20:25:47.0843 3980 TapiSrv - ok
20:25:47.0874 3980 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
20:25:47.0874 3980 TBS - ok
20:25:48.0030 3980 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
20:25:48.0092 3980 Tcpip - ok
20:25:48.0124 3980 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
20:25:48.0139 3980 TCPIP6 - ok
20:25:48.0186 3980 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:25:48.0202 3980 tcpipreg - ok
20:25:48.0217 3980 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:25:48.0217 3980 TDPIPE - ok
20:25:48.0248 3980 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:25:48.0248 3980 TDTCP - ok
20:25:48.0264 3980 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:25:48.0280 3980 tdx - ok
20:25:48.0311 3980 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:25:48.0311 3980 TermDD - ok
20:25:48.0404 3980 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
20:25:48.0451 3980 TermService - ok
20:25:48.0467 3980 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
20:25:48.0482 3980 Themes - ok
20:25:48.0529 3980 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
20:25:48.0529 3980 THREADORDER - ok
20:25:48.0701 3980 ti21sony (909cd987b54a8179c9aee874d754721a) C:\Windows\system32\drivers\ti21sony.sys
20:25:48.0763 3980 ti21sony - ok
20:25:48.0779 3980 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
20:25:48.0779 3980 TrkWks - ok
20:25:48.0872 3980 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
20:25:48.0888 3980 TrustedInstaller - ok
20:25:48.0919 3980 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:25:48.0919 3980 tssecsrv - ok
20:25:48.0966 3980 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:25:48.0982 3980 tunnel - ok
20:25:48.0997 3980 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:25:49.0013 3980 uagp35 - ok
20:25:49.0044 3980 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:25:49.0060 3980 udfs - ok
20:25:49.0122 3980 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
20:25:49.0122 3980 UI0Detect - ok
20:25:49.0153 3980 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:25:49.0169 3980 uliagpkx - ok
20:25:49.0200 3980 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:25:49.0200 3980 umbus - ok
20:25:49.0231 3980 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:25:49.0231 3980 UmPass - ok
20:25:49.0262 3980 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
20:25:49.0278 3980 upnphost - ok
20:25:49.0340 3980 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
20:25:49.0356 3980 usbaudio - ok
20:25:49.0418 3980 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
20:25:49.0434 3980 usbccgp - ok
20:25:49.0465 3980 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:25:49.0481 3980 usbcir - ok
20:25:49.0512 3980 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
20:25:49.0512 3980 usbehci - ok
20:25:49.0559 3980 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
20:25:49.0574 3980 usbhub - ok
20:25:49.0590 3980 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:25:49.0606 3980 usbohci - ok
20:25:49.0637 3980 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:25:49.0652 3980 usbprint - ok
20:25:49.0668 3980 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:25:49.0668 3980 USBSTOR - ok
20:25:49.0699 3980 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
20:25:49.0699 3980 usbuhci - ok
20:25:49.0762 3980 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
20:25:49.0777 3980 usbvideo - ok
20:25:49.0824 3980 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
20:25:49.0840 3980 UxSms - ok
20:25:50.0011 3980 VAIO Entertainment TV Device Arbitration Service (afbcd738df9de3b6d71afc704e7f27fb) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
20:25:50.0042 3980 VAIO Entertainment TV Device Arbitration Service - ok
20:25:50.0167 3980 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
20:25:50.0183 3980 VAIO Event Service - ok
20:25:50.0417 3980 VAIOMediaPlatform-IntegratedServer-AppServer (0a4cd617ed1f03c8b7310fc4871173a4) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
20:25:50.0557 3980 VAIOMediaPlatform-IntegratedServer-AppServer - ok
20:25:50.0666 3980 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
20:25:50.0729 3980 VAIOMediaPlatform-IntegratedServer-HTTP - ok
20:25:50.0838 3980 VAIOMediaPlatform-IntegratedServer-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
20:25:50.0932 3980 VAIOMediaPlatform-IntegratedServer-UPnP - ok
20:25:51.0025 3980 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
20:25:51.0072 3980 VAIOMediaPlatform-UCLS-AppServer - ok
20:25:51.0119 3980 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
20:25:51.0119 3980 VAIOMediaPlatform-UCLS-HTTP - ok
20:25:51.0228 3980 VAIOMediaPlatform-UCLS-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
20:25:51.0244 3980 VAIOMediaPlatform-UCLS-UPnP - ok
20:25:51.0415 3980 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
20:25:51.0431 3980 VaultSvc - ok
20:25:51.0540 3980 VcmIAlzMgr (5d325b6add78a111be62a3842cf05345) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
20:25:51.0556 3980 VcmIAlzMgr - ok
20:25:51.0665 3980 VcmXmlIfHelper (8fd247d84d168097d7bc3e4f21f3414d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
20:25:51.0696 3980 VcmXmlIfHelper - ok
20:25:51.0696 3980 Vcsw - ok
20:25:51.0790 3980 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:25:51.0805 3980 vdrvroot - ok
20:25:51.0899 3980 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
20:25:51.0946 3980 vds - ok
20:25:51.0961 3980 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:25:51.0961 3980 vga - ok
20:25:51.0977 3980 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:25:51.0977 3980 VgaSave - ok
20:25:52.0008 3980 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:25:52.0024 3980 vhdmp - ok
20:25:52.0055 3980 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:25:52.0055 3980 viaagp - ok
20:25:52.0070 3980 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:25:52.0070 3980 ViaC7 - ok
20:25:52.0086 3980 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:25:52.0102 3980 viaide - ok
20:25:52.0117 3980 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:25:52.0117 3980 volmgr - ok
20:25:52.0164 3980 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:25:52.0164 3980 volmgrx - ok
20:25:52.0211 3980 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:25:52.0226 3980 volsnap - ok
20:25:52.0289 3980 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:25:52.0289 3980 vsmraid - ok
20:25:52.0398 3980 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
20:25:52.0445 3980 VSS - ok
20:25:52.0460 3980 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:25:52.0460 3980 vwifibus - ok
20:25:52.0632 3980 VzCdbSvc (0b3244bab1fa37cf15fa7243504391a6) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
20:25:52.0648 3980 VzCdbSvc - ok
20:25:52.0679 3980 VzFw (938fbfa83148dadd7db0b1303dccfa00) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
20:25:52.0679 3980 VzFw - ok
20:25:52.0741 3980 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
20:25:52.0757 3980 W32Time - ok
20:25:52.0819 3980 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:25:52.0819 3980 WacomPen - ok
20:25:52.0850 3980 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:25:52.0866 3980 WANARP - ok
20:25:52.0866 3980 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:25:52.0866 3980 Wanarpv6 - ok
20:25:52.0960 3980 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
20:25:53.0038 3980 wbengine - ok
20:25:53.0084 3980 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
20:25:53.0100 3980 WbioSrvc - ok
20:25:53.0131 3980 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
20:25:53.0131 3980 wcncsvc - ok
20:25:53.0162 3980 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
20:25:53.0178 3980 WcsPlugInService - ok
20:25:53.0225 3980 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:25:53.0225 3980 Wd - ok
20:25:53.0287 3980 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:25:53.0334 3980 Wdf01000 - ok
20:25:53.0381 3980 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:25:53.0396 3980 WdiServiceHost - ok
20:25:53.0412 3980 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
20:25:53.0412 3980 WdiSystemHost - ok
20:25:53.0459 3980 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
20:25:53.0459 3980 WebClient - ok
20:25:53.0490 3980 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
20:25:53.0490 3980 Wecsvc - ok
20:25:53.0506 3980 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
20:25:53.0521 3980 wercplsupport - ok
20:25:53.0552 3980 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
20:25:53.0568 3980 WerSvc - ok
20:25:53.0615 3980 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:25:53.0630 3980 WfpLwf - ok
20:25:53.0662 3980 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
20:25:53.0677 3980 WimFltr - ok
20:25:53.0708 3980 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:25:53.0708 3980 WIMMount - ok
20:25:53.0818 3980 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:25:53.0864 3980 winachsf - ok
20:25:54.0036 3980 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
20:25:54.0098 3980 WinDefend - ok
20:25:54.0114 3980 WinHttpAutoProxySvc - ok
20:25:54.0332 3980 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
20:25:54.0364 3980 Winmgmt - ok
20:25:54.0504 3980 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
20:25:54.0566 3980 WinRM - ok
20:25:54.0676 3980 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
20:25:54.0707 3980 Wlansvc - ok
20:25:54.0800 3980 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:25:54.0800 3980 WmiAcpi - ok
20:25:54.0847 3980 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
20:25:54.0863 3980 wmiApSrv - ok
20:25:55.0066 3980 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:25:55.0175 3980 WMPNetworkSvc - ok
20:25:55.0222 3980 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
20:25:55.0237 3980 WPCSvc - ok
20:25:55.0268 3980 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
20:25:55.0268 3980 WPDBusEnum - ok
20:25:55.0378 3980 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:25:55.0393 3980 ws2ifsl - ok
20:25:55.0409 3980 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
20:25:55.0424 3980 wscsvc - ok
20:25:55.0424 3980 WSearch - ok
20:25:55.0565 3980 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
20:25:55.0643 3980 wuauserv - ok
20:25:55.0768 3980 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:25:55.0783 3980 WudfPf - ok
20:25:55.0830 3980 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:25:55.0830 3980 WUDFRd - ok
20:25:55.0877 3980 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
20:25:55.0877 3980 wudfsvc - ok
20:25:55.0908 3980 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
20:25:55.0924 3980 WwanSvc - ok
20:25:55.0970 3980 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
20:25:55.0970 3980 XAudio - ok
20:25:56.0017 3980 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
20:25:56.0033 3980 XAudioService - ok
20:25:56.0064 3980 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
20:25:56.0064 3980 yukonw7 - ok
20:25:56.0111 3980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:25:56.0423 3980 \Device\Harddisk0\DR0 - ok
20:25:56.0438 3980 Boot (0x1200) (6474a8e84c5ffe54d5fd7632a117c98a) \Device\Harddisk0\DR0\Partition0
20:25:56.0438 3980 \Device\Harddisk0\DR0\Partition0 - ok
20:25:56.0438 3980 ============================================================
20:25:56.0438 3980 Scan finished
20:25:56.0438 3980 ============================================================
20:25:56.0470 2356 Detected object count: 1
20:25:56.0470 2356 Actual detected object count: 1
20:26:27.0046 2356 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:26:27.0046 2356 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Avira Rescue Scan Code:
ATTFilter Avira / Linux Version 1.9.152.0
Copyright (c) 2010 by Avira GmbH
All rights reserved.
engine set: 8.2.10.120
VDF Version: 7.11.38.158
Scan start time: Thu Aug 2 19:48:25 2012
configuration file: /etc/avira/scancl.conf
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IENT_1.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IENT_2.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IENT_3.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IENT_4.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IENT_5.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IENT_6.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IE_1.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IE_2.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IE_3.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IE_4.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IE_5.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda1/data/2007/08/cn_20070806000000000000000000010/0000016276.app --> 1 --> IE_6.CAB
WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/chriz/Downloads/Forentreffen.part01.rar
WARNING: [File is encrypted] /media/Devices/sda2/Users/chriz/Downloads/avira_free_antivirus_de.exe --> AVSDKList.zip
WARNING: [File is encrypted] /media/Devices/sda2/Users/chriz/Downloads/avira_free_antivirus_de.exe --> ManualUninstallConfig.zip
WARNING: [File is encrypted] /media/Devices/sda2/Users/chriz/Downloads/avira_free_antivirus_de.exe --> ProductReleaseNotes.zip
WARNING: [File is encrypted] /media/Devices/sda2/Users/chriz/Downloads/avira_free_antivirus_de.exe --> QATestedProducts.zip
WARNING: [The files in archive are multiple volume] /media/Devices/sda2/Users/chriz/Downloads/Final Fantasy VII (PC) Ultima Edition/Setup-1.bin
WARNING: [Archive is invalid or corrupt] /media/Devices/sda2/Program Files/WinRAR/rarnew.dat
WARNING: [Unexpected end of block read] /media/Devices/sda2/Windows/Temp/Temporary Internet Files/Content.IE5/W62UEWOW/rescue_system-common-en[1].iso
Statistics :
Directories............... : 26247
Archives.................. : 3155
Files..................... : 1074281
Infected.............. : 0
Warnings.............. : 20
Suspicious............ : 0
Infections................ : 0
Geändert von Hydrom (02.08.2012 um 19:28 Uhr) |
|
03.08.2012, 13:43
| #4 |
| /// Helfer-Team | Bundespolizeitrojaner entdeckt - Logs anbei Sehr gut!  1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
04.08.2012, 11:47
| #5 |
| | Bundespolizeitrojaner entdeckt - Logs anbei Hallo t'john, hier die aktuellen Logfiles. Ich habe inzwischen auch mit JavaRa mein Java geupdated. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.02.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 chriz :: CHRIS-PC [Administrator] 04.08.2012 10:57:14 mbam-log-2012-08-04 (10-57-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 332560 Laufzeit: 1 Stunde(n), 16 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/04/2012 at 12:42:33
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : chriz - CHRIS-PC
# Running from : C:\Users\chriz\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\chriz\Desktop\Save
Folder Found : C:\ProgramData\Trymedia
File Found : C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\searchplugins\web-search.xml
***** [Registry] *****
Key Found : HKLM\SOFTWARE\DT Soft
***** [Registre - GUID] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\chriz\AppData\Roaming\Mozilla\Firefox\Profiles\588nyvj1.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1270 octets] - [02/08/2012 12:35:54]
AdwCleaner[R2].txt - [1328 octets] - [02/08/2012 13:38:27]
AdwCleaner[R3].txt - [1045 octets] - [04/08/2012 12:42:33]
########## EOF - C:\AdwCleaner[R3].txt - [1173 octets] ##########
|
|
04.08.2012, 14:51
| #6 |
| /// Helfer-Team | Bundespolizeitrojaner entdeckt - Logs anbei Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> Bundespolizeitrojaner entdeckt - Logs anbei |
|
22.08.2012, 01:19
| #7 |
| /// Helfer-Team | Bundespolizeitrojaner entdeckt - Logs anbei Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Bundespolizeitrojaner entdeckt - Logs anbei |
| adwcleaner, antivir, antivirus, avira, battle.net, bho, desktop, eraser, error, excel, firefox, flash player, google earth, grand theft auto, hier meine logs, home, hängen, install.exe, league of legends, logfile, mozilla, picasa, plug-in, programm, prozesse, registry, rescue cd, rundll, software, svchost.exe, system, taskhost.exe, teamspeak, trojan.agent.ge, trojaner-board, verweise, virus, vista, warnung, windows |
Hybrid-Darstellung
