Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computersperrung GVU Trojaner mit 100€ Paysafecard

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.01.2013, 18:23   #1
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Hallo

Vor gut einer Stunde wurde mein Laptop geblockt, und der bekannte Bildschirm der mich auffordert, 100 Euro zu überweisen damit diese Sperrung aufgehoben wird erscheint nun bei jedem hochfahren des Rechners in ungesichertem Modus.
Nach kurzer Zeit des Googlens bin ich auf dieses Forum gestoßen und hoffe hier auf Hilfe
Ich habe meinen Laptop nun in abgesichertem Modus gestartet und ihn auch mit dem Programm Malwarebytes nun gescannt und 2 "befallene" Programme gelöscht. Nach dem Neustart kann ich den Laptop nun wieder im normalen Modus starten. Aber ich habe gelesen, dass dieses Vorgehen nun noch nicht ausreicht. Ich hoffe ihr könnt mir relativ schnell helfen, da ich den Laptop dringend für mein Studium benötige
Allerdings muss ich auch sagen, dass ich von der Materie "Computer" eigentlich absolut keine Ahnung habe und also eher unter die Kategorie reiner Anwender falle, ich hoffe ihr seht es mir nach, sofern ich Fehler mache

Nach dem Löschen der infizierten Programme durch die Malwarebytes Software erhielt ich folgenden Code
PHP-Code:
Malwarebytes Anti-Malware 1.70.0.1100
www
.malwarebytes.org

Datenbank Version
v2012.12.14.11

Windows 7 Service Pack 1 x64 NTFS 
(Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Justin 
:: JUSTIN-VAIO [Administrator]

09.01.2013 18:58:09
mbam
-log-2013-01-09 (18-58-09).txt

Art des Suchlaufs
Quick-Scan
Aktivierte Suchlaufeinstellungen
Speicher Autostart Registrierung Dateisystem Heuristiks/Extra HeuristiKs/Shuriken PUP PUM
Deaktivierte Suchlaufeinstellungen
P2P
Durchsuchte Objekte
210189
Laufzeit
1 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien2
C
:\Users\Justin\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(
Ende
Ich hoffe jemand von euch kann mir helfen

Alt 09.01.2013, 18:24   #2
markusg
/// Malware-holic
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Hi
bitte aber nicht in php code posten.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 09.01.2013, 18:57   #3
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



danke schonmal für deine Hilfe

also, nachdem OTL den Scan durchgeführt hat, kam folgender Code:

Code:
ATTFilter
OTL logfile created on: 09.01.2013 19:30:14 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Justin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,27% Memory free
7,80 Gb Paging File | 5,54 Gb Available in Paging File | 70,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444,41 Gb Total Space | 326,59 Gb Free Space | 73,49% Space Free | Partition Type: NTFS
Drive D: | 7,37 Gb Total Space | 7,36 Gb Free Space | 99,85% Space Free | Partition Type: FAT32
 
Computer Name: JUSTIN-VAIO | User Name: Justin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.09 18:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
PRC - [2012.12.11 22:54:53 | 007,880,664 | ---- | M] (Spotify Ltd) -- C:\Users\Justin\AppData\Roaming\Spotify\spotify.exe
PRC - [2012.03.07 17:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2012.02.27 08:34:42 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.02.21 11:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.01.20 14:23:00 | 000,054,432 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2012.01.19 12:40:32 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.11.30 17:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.20 15:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.11 22:54:53 | 020,220,376 | ---- | M] () -- C:\Users\Justin\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012.11.16 03:35:46 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4a443c775f768ede71bde8e10f50ec0b\IAStorUtil.ni.dll
MOD - [2012.11.16 03:35:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e88f87e9200afb5ede994c89c92e22b8\IAStorCommon.ni.dll
MOD - [2012.11.16 03:31:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012.11.16 03:31:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012.11.16 03:31:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.16 03:30:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.16 03:30:44 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012.11.16 03:30:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.16 03:30:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.16 03:30:35 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.16 03:30:25 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.06.10 04:01:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.02.28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.05.25 16:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012.05.25 15:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012.05.25 15:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011.11.30 17:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011.01.27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2013.01.09 15:25:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.05 20:20:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.23 10:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\virusscan\mcods.exe -- (McODS)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.26 08:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2012.03.21 16:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV - [2012.03.14 09:36:51 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.02.09 08:43:45 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.07 16:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.01.20 14:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2012.01.19 12:40:32 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012.01.19 12:22:08 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.01.10 12:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2012.01.06 15:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2012.01.06 15:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.12.29 15:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.12.21 12:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.12.21 12:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.12.01 09:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.10.01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.26 17:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.04.18 21:00:50 | 000,223,544 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe -- (MOBK649backup)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.01.28 11:28:54 | 000,225,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Programme\McAfee\MSC\McAWFwk.exe -- (McAWFwk)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.19 10:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 10:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.15 03:42:06 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.14 09:40:16 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.03.14 09:38:59 | 014,658,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.27 08:34:27 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.27 08:34:19 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.27 08:34:16 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.22 12:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012.02.22 12:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012.02.22 12:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012.02.22 12:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012.02.21 22:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.02.09 08:43:54 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012.02.09 06:34:36 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.01.19 12:31:32 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.01.19 12:31:02 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP)
DRV:64bit: - [2012.01.19 12:30:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.01.19 12:30:32 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.01.19 12:30:02 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.01.19 12:29:44 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.01.19 12:29:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.01.19 12:29:14 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.01.19 12:29:02 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.01.16 10:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.10.01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.04.18 21:00:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK649.sys -- (MOBK649Filter)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{FBD840EA-D3AE-4D67-A90D-9FE23B36382A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.4.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.09.08 11:52:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.11 12:35:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 20:20:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 20:20:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.10 17:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Extensions
[2012.12.11 12:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\Firefox\Profiles\5q5antka.default\extensions
[2012.12.11 12:19:06 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Justin\AppData\Roaming\mozilla\firefox\profiles\5q5antka.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.12.05 20:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.08 11:52:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012.12.05 20:20:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 22:00:35 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\systemcore\ScriptSn.20120810234533.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120810234533.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\Justin\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B316494-111A-44BC-A677-664F54BA1F9B}: DhcpNameServer = 192.54.104.29
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA1E5CEC-54D9-45B2-8502-FF6DB2076307}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{BB2326E0-1AAE-432B-89E1-7BFC8550CD09} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.09 19:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013.01.09 19:14:52 | 000,000,000 | R--D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.01.09 18:57:18 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
[2013.01.09 18:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.09 18:57:10 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.09 18:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.09 18:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.09 18:56:36 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Programs
[2013.01.09 18:30:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2012.12.11 22:54:56 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Spotify
[2012.12.11 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Spotify
[2012.12.11 18:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.12.11 18:10:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.11 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.11 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.11 18:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.09 19:30:58 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.09 19:30:58 | 000,697,322 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.09 19:30:58 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.09 19:30:58 | 000,148,328 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.09 19:30:58 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 19:29:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.09 19:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.09 19:21:27 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 19:21:27 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.09 19:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.09 19:13:59 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.09 18:57:11 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 18:28:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
[2013.01.09 18:21:42 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013.01.09 18:07:05 | 000,002,915 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.25 03:17:42 | 000,303,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.11 22:54:55 | 000,001,813 | ---- | M] () -- C:\Users\Justin\Desktop\Spotify.lnk
[2012.12.11 18:11:26 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\Justin\Desktop\*.tmp files -> C:\Users\Justin\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.09 19:29:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.01.09 18:57:11 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 18:07:05 | 000,002,915 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 18:07:04 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.11 22:54:55 | 000,001,813 | ---- | C] () -- C:\Users\Justin\Desktop\Spotify.lnk
[2012.12.11 22:54:55 | 000,001,799 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.12.11 18:11:26 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.07 14:35:54 | 000,019,106 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.06.10 05:04:38 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.03.15 20:57:54 | 013,206,016 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.03.15 20:57:54 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.15 20:57:54 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.15 20:57:54 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.15 20:57:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.02.11 00:03:27 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.20 13:11:36 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DVDVideoSoft
[2012.08.11 20:12:21 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.08.10 21:05:43 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\six-updater
[2012.08.10 19:03:21 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\six-zsync
[2012.12.11 18:19:22 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\SoftGrid Client
[2013.01.09 19:16:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\Spotify
[2012.08.17 15:30:15 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\TP
[2012.08.12 22:53:25 | 000,000,000 | ---D | M] -- C:\Users\Justin\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.08.11 21:04:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.13 11:57:37 | 000,000,000 | ---D | M] -- C:\26c245a8aae495e4ff954b23b44a0d
[2012.12.11 18:20:26 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012.06.10 03:45:19 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.10 16:51:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.10 03:19:55 | 000,000,000 | ---D | M] -- C:\Intel
[2012.08.17 15:36:38 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.11 18:10:18 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.09 18:57:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.01.09 18:57:10 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.10 16:51:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.01.09 19:32:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.06.10 03:49:28 | 000,000,000 | ---D | M] -- C:\temp
[2012.08.10 16:51:09 | 000,000,000 | R--D | M] -- C:\Users
[2012.06.10 04:13:52 | 000,000,000 | ---D | M] -- C:\VAIO Sample Contents
[2013.01.09 18:22:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,013,978 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.10 03:51:02 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012.02.24 01:18:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012.02.24 01:18:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys
[2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys
[2012.02.16 15:14:57 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b6f2349de4a55e89\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.09 19:32:00 | 001,835,008 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT
[2013.01.09 19:32:00 | 000,262,144 | -HS- | M] () -- C:\Users\Justin\ntuser.dat.LOG1
[2012.08.10 16:51:15 | 000,000,000 | -HS- | M] () -- C:\Users\Justin\ntuser.dat.LOG2
[2012.08.10 17:16:15 | 000,065,536 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.10 17:16:15 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.10 17:16:15 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.15 03:11:18 | 000,065,536 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{5c28d4ef-e536-11e1-8dd2-08edb9ba266c}.TM.blf
[2012.08.15 03:11:18 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{5c28d4ef-e536-11e1-8dd2-08edb9ba266c}.TMContainer00000000000000000001.regtrans-ms
[2012.08.15 03:11:18 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{5c28d4ef-e536-11e1-8dd2-08edb9ba266c}.TMContainer00000000000000000002.regtrans-ms
[2012.08.19 21:47:16 | 000,065,536 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{be56d0b2-ea3b-11e1-a99f-08edb9ba266c}.TM.blf
[2012.08.19 21:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{be56d0b2-ea3b-11e1-a99f-08edb9ba266c}.TMContainer00000000000000000001.regtrans-ms
[2012.08.19 21:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\Justin\NTUSER.DAT{be56d0b2-ea3b-11e1-a99f-08edb9ba266c}.TMContainer00000000000000000002.regtrans-ms
[2012.08.10 16:51:15 | 000,000,020 | -HS- | M] () -- C:\Users\Justin\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
Ich hoffe dass ich das soweit richtig gemacht hab?
__________________

Alt 09.01.2013, 18:59   #4
markusg
/// Malware-holic
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2013.01.09 18:07:05 | 000,002,915 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 18:07:04 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 19:08   #5
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



So, alles gemacht wie du gesagt hast


Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 56468 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Justin
->Flash cache emptied: 58271 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Justin
->Temp folder emptied: 928379825 bytes
->Temporary Internet Files folder emptied: 20425374 bytes
->Java cache emptied: 205164 bytes
->FireFox cache emptied: 71539447 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530673731 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 143198 bytes
RecycleBin emptied: 17864156594 bytes
 
Total Files Cleaned = 18.516,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01092013_200241

Files\Folders moved on Reboot...
File\Folder C:\Users\Justin\AppData\Local\Temp\CVHLauncher(201301091929134D8).log not found!
C:\Users\Justin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Justin\AppData\Local\Temp\trayicon-5108-20130109-191449.log moved successfully.
File\Folder C:\Users\Justin\AppData\Local\Temp\~DF4CACCC63B6550C47.TMP not found!
File\Folder C:\Users\Justin\AppData\Local\Temp\~DF5A01C1D453995CBD.TMP not found!
File\Folder C:\Users\Justin\AppData\Local\Temp\~DFA7E303AF0BE8F2FB.TMP not found!
File\Folder C:\Users\Justin\AppData\Local\Temp\~DFEA05F8929190BE53.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         


Alt 09.01.2013, 19:16   #6
markusg
/// Malware-holic
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
--> Computersperrung GVU Trojaner mit 100€ Paysafecard

Alt 09.01.2013, 19:38   #7
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



ich weiß grad nicht ob ich das jetzt richtig gemacht hab, aber ich hoffe es einfach mal

Code:
ATTFilter
20:31:03.0603 2836  ============================================================
20:31:03.0603 2836  Scan started
20:31:03.0603 2836  Mode: Manual; SigCheck; TDLFS; 
20:31:03.0603 2836  ============================================================
20:31:03.0868 2836  ================ Scan system memory ========================
20:31:03.0868 2836  System memory - ok
20:31:03.0868 2836  ================ Scan services =============================
20:31:04.0056 2836  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:31:04.0102 2836  1394ohci - ok
20:31:04.0180 2836  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:31:04.0212 2836  ACDaemon - ok
20:31:04.0227 2836  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:31:04.0258 2836  ACPI - ok
20:31:04.0258 2836  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:31:04.0274 2836  AcpiPmi - ok
20:31:04.0383 2836  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:31:04.0414 2836  AdobeFlashPlayerUpdateSvc - ok
20:31:04.0446 2836  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:31:04.0461 2836  adp94xx - ok
20:31:04.0477 2836  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:31:04.0492 2836  adpahci - ok
20:31:04.0492 2836  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:31:04.0508 2836  adpu320 - ok
20:31:04.0539 2836  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:31:04.0570 2836  AeLookupSvc - ok
20:31:04.0586 2836  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:31:04.0617 2836  AFD - ok
20:31:04.0633 2836  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:31:04.0648 2836  agp440 - ok
20:31:04.0664 2836  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:31:04.0680 2836  ALG - ok
20:31:04.0680 2836  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:31:04.0695 2836  aliide - ok
20:31:04.0695 2836  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:31:04.0711 2836  amdide - ok
20:31:04.0711 2836  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:31:04.0726 2836  AmdK8 - ok
20:31:04.0726 2836  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:31:04.0742 2836  AmdPPM - ok
20:31:04.0773 2836  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:31:04.0773 2836  amdsata - ok
20:31:04.0804 2836  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:31:04.0820 2836  amdsbs - ok
20:31:04.0820 2836  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:31:04.0836 2836  amdxata - ok
20:31:04.0836 2836  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:31:04.0867 2836  AppID - ok
20:31:04.0882 2836  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:31:04.0929 2836  AppIDSvc - ok
20:31:04.0945 2836  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:31:04.0976 2836  Appinfo - ok
20:31:05.0023 2836  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:31:05.0054 2836  Apple Mobile Device - ok
20:31:05.0070 2836  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:31:05.0085 2836  arc - ok
20:31:05.0101 2836  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:31:05.0116 2836  arcsas - ok
20:31:05.0148 2836  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:31:05.0148 2836  ArcSoftKsUFilter - ok
20:31:05.0226 2836  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:31:05.0241 2836  aspnet_state - ok
20:31:05.0257 2836  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:31:05.0304 2836  AsyncMac - ok
20:31:05.0319 2836  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:31:05.0319 2836  atapi - ok
20:31:05.0335 2836  [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
20:31:05.0350 2836  AthBTPort - ok
20:31:05.0397 2836  [ 86F8A0A8D59D0AE2B1096F3103F0E0AD ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
20:31:05.0413 2836  AtherosSvc - ok
20:31:05.0475 2836  [ 237EE0B7A65D55E08EB7530F77423480 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:31:05.0522 2836  athr - ok
20:31:05.0553 2836  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:31:05.0584 2836  AudioEndpointBuilder - ok
20:31:05.0616 2836  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:31:05.0662 2836  AudioSrv - ok
20:31:05.0678 2836  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:31:05.0694 2836  AxInstSV - ok
20:31:05.0725 2836  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:31:05.0740 2836  b06bdrv - ok
20:31:05.0772 2836  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:31:05.0787 2836  b57nd60a - ok
20:31:05.0818 2836  [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:31:05.0834 2836  BBSvc - ok
20:31:05.0850 2836  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:31:05.0865 2836  BDESVC - ok
20:31:05.0881 2836  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:31:05.0928 2836  Beep - ok
20:31:05.0943 2836  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:31:05.0974 2836  BFE - ok
20:31:06.0021 2836  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:31:06.0052 2836  BITS - ok
20:31:06.0068 2836  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:31:06.0084 2836  blbdrive - ok
20:31:06.0130 2836  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:31:06.0146 2836  Bonjour Service - ok
20:31:06.0162 2836  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:31:06.0177 2836  bowser - ok
20:31:06.0193 2836  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:31:06.0208 2836  BrFiltLo - ok
20:31:06.0224 2836  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:31:06.0240 2836  BrFiltUp - ok
20:31:06.0286 2836  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:31:06.0302 2836  Browser - ok
20:31:06.0318 2836  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:31:06.0333 2836  Brserid - ok
20:31:06.0333 2836  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:31:06.0349 2836  BrSerWdm - ok
20:31:06.0349 2836  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:31:06.0364 2836  BrUsbMdm - ok
20:31:06.0364 2836  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:31:06.0380 2836  BrUsbSer - ok
20:31:06.0411 2836  [ C05ED3246C06EC56F10D85B0304CD09E ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
20:31:06.0427 2836  BTATH_A2DP - ok
20:31:06.0458 2836  [ 2D27F7A831657D63AFC78E5E78DCA83F ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
20:31:06.0489 2836  btath_avdt - ok
20:31:06.0520 2836  [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
20:31:06.0536 2836  BTATH_BUS - ok
20:31:06.0536 2836  [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
20:31:06.0552 2836  BTATH_HCRP - ok
20:31:06.0567 2836  [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
20:31:06.0583 2836  BTATH_LWFLT - ok
20:31:06.0598 2836  [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
20:31:06.0614 2836  BTATH_RCP - ok
20:31:06.0630 2836  [ 680BE9ED6431DAFA844F5F7B61B11F9A ] BTATH_VDP       C:\Windows\system32\drivers\btath_vdp.sys
20:31:06.0645 2836  BTATH_VDP - ok
20:31:06.0676 2836  [ 4FBDD8AF372ED5CB2EA63C0890C62435 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
20:31:06.0692 2836  BtFilter - ok
20:31:06.0723 2836  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:31:06.0739 2836  BthEnum - ok
20:31:06.0754 2836  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:31:06.0770 2836  BTHMODEM - ok
20:31:06.0801 2836  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:31:06.0817 2836  BthPan - ok
20:31:06.0848 2836  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:31:06.0895 2836  BTHPORT - ok
20:31:06.0910 2836  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:31:06.0942 2836  bthserv - ok
20:31:06.0957 2836  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:31:06.0973 2836  BTHUSB - ok
20:31:06.0988 2836  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:31:07.0035 2836  cdfs - ok
20:31:07.0051 2836  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:31:07.0066 2836  cdrom - ok
20:31:07.0082 2836  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:31:07.0113 2836  CertPropSvc - ok
20:31:07.0144 2836  [ 274CE03459896006F7A5069266E0469E ] cfwids          C:\Windows\system32\drivers\cfwids.sys
20:31:07.0160 2836  cfwids - ok
20:31:07.0176 2836  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:31:07.0191 2836  circlass - ok
20:31:07.0222 2836  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:31:07.0238 2836  CLFS - ok
20:31:07.0285 2836  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:31:07.0316 2836  clr_optimization_v2.0.50727_32 - ok
20:31:07.0363 2836  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:31:07.0378 2836  clr_optimization_v2.0.50727_64 - ok
20:31:07.0425 2836  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:31:07.0441 2836  clr_optimization_v4.0.30319_32 - ok
20:31:07.0456 2836  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:31:07.0472 2836  clr_optimization_v4.0.30319_64 - ok
20:31:07.0488 2836  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:31:07.0503 2836  CmBatt - ok
20:31:07.0519 2836  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:31:07.0534 2836  cmdide - ok
20:31:07.0566 2836  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:31:07.0597 2836  CNG - ok
20:31:07.0612 2836  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:31:07.0612 2836  Compbatt - ok
20:31:07.0628 2836  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:31:07.0644 2836  CompositeBus - ok
20:31:07.0644 2836  COMSysApp - ok
20:31:07.0706 2836  [ B045E4A252442D6223994AA5765438B8 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:31:07.0737 2836  cphs - ok
20:31:07.0753 2836  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:31:07.0768 2836  crcdisk - ok
20:31:07.0800 2836  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:31:07.0831 2836  CryptSvc - ok
20:31:07.0924 2836  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:31:07.0940 2836  cvhsvc - ok
20:31:08.0018 2836  [ 461A0688205D088D2A2EBEEDEE81622E ] DCDhcpService   C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
20:31:08.0034 2836  DCDhcpService - ok
20:31:08.0080 2836  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:31:08.0127 2836  DcomLaunch - ok
20:31:08.0158 2836  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:31:08.0190 2836  defragsvc - ok
20:31:08.0221 2836  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:31:08.0252 2836  DfsC - ok
20:31:08.0283 2836  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:31:08.0299 2836  dg_ssudbus - ok
20:31:08.0314 2836  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:31:08.0330 2836  Dhcp - ok
20:31:08.0346 2836  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:31:08.0377 2836  discache - ok
20:31:08.0408 2836  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:31:08.0408 2836  Disk - ok
20:31:08.0439 2836  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:31:08.0486 2836  Dnscache - ok
20:31:08.0486 2836  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:31:08.0533 2836  dot3svc - ok
20:31:08.0548 2836  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:31:08.0580 2836  DPS - ok
20:31:08.0595 2836  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:31:08.0611 2836  drmkaud - ok
20:31:08.0642 2836  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:31:08.0673 2836  DXGKrnl - ok
20:31:08.0689 2836  [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
20:31:08.0704 2836  e1yexpress - ok
20:31:08.0736 2836  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:31:08.0767 2836  EapHost - ok
20:31:08.0845 2836  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:31:08.0907 2836  ebdrv - ok
20:31:08.0923 2836  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:31:08.0938 2836  EFS - ok
20:31:09.0016 2836  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:31:09.0048 2836  ehRecvr - ok
20:31:09.0063 2836  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:31:09.0079 2836  ehSched - ok
20:31:09.0110 2836  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:31:09.0141 2836  elxstor - ok
20:31:09.0157 2836  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:31:09.0172 2836  ErrDev - ok
20:31:09.0204 2836  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:31:09.0235 2836  EventSystem - ok
20:31:09.0282 2836  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:31:09.0313 2836  exfat - ok
20:31:09.0313 2836  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:31:09.0344 2836  fastfat - ok
20:31:09.0375 2836  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:31:09.0391 2836  Fax - ok
20:31:09.0391 2836  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:31:09.0406 2836  fdc - ok
20:31:09.0422 2836  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:31:09.0453 2836  fdPHost - ok
20:31:09.0469 2836  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:31:09.0500 2836  FDResPub - ok
20:31:09.0516 2836  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:31:09.0516 2836  FileInfo - ok
20:31:09.0547 2836  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:31:09.0578 2836  Filetrace - ok
20:31:09.0594 2836  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:31:09.0609 2836  flpydisk - ok
20:31:09.0625 2836  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:31:09.0640 2836  FltMgr - ok
20:31:09.0672 2836  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:31:09.0703 2836  FontCache - ok
20:31:09.0750 2836  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:31:09.0781 2836  FontCache3.0.0.0 - ok
20:31:09.0812 2836  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:31:09.0828 2836  FsDepends - ok
20:31:09.0859 2836  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:31:09.0890 2836  Fs_Rec - ok
20:31:09.0906 2836  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:31:09.0921 2836  fvevol - ok
20:31:09.0937 2836  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:31:09.0952 2836  gagp30kx - ok
20:31:09.0984 2836  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
20:31:09.0999 2836  GamesAppService - ok
20:31:10.0030 2836  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:31:10.0062 2836  GEARAspiWDM - ok
20:31:10.0093 2836  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:31:10.0140 2836  gpsvc - ok
20:31:10.0171 2836  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:31:10.0171 2836  hcw85cir - ok
20:31:10.0202 2836  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:31:10.0218 2836  HdAudAddService - ok
20:31:10.0233 2836  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:31:10.0249 2836  HDAudBus - ok
20:31:10.0249 2836  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:31:10.0264 2836  HidBatt - ok
20:31:10.0264 2836  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:31:10.0280 2836  HidBth - ok
20:31:10.0280 2836  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:31:10.0296 2836  HidIr - ok
20:31:10.0311 2836  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:31:10.0342 2836  hidserv - ok
20:31:10.0342 2836  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:31:10.0358 2836  HidUsb - ok
20:31:10.0405 2836  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:31:10.0467 2836  hkmsvc - ok
20:31:10.0483 2836  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:31:10.0498 2836  HomeGroupListener - ok
20:31:10.0530 2836  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:31:10.0545 2836  HomeGroupProvider - ok
20:31:10.0576 2836  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:31:10.0576 2836  HpSAMD - ok
20:31:10.0608 2836  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:31:10.0639 2836  HTTP - ok
20:31:10.0654 2836  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:31:10.0670 2836  hwpolicy - ok
20:31:10.0670 2836  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:31:10.0686 2836  i8042prt - ok
20:31:10.0732 2836  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
20:31:10.0779 2836  iaStor - ok
20:31:10.0826 2836  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:31:10.0857 2836  IAStorDataMgrSvc - ok
20:31:10.0888 2836  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:31:10.0904 2836  iaStorV - ok
20:31:11.0013 2836  [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
20:31:11.0060 2836  IconMan_R - ok
20:31:11.0091 2836  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:31:11.0122 2836  idsvc - ok
20:31:11.0372 2836  [ 11BA677667432A99CA261A472A2C29B8 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:31:11.0528 2836  igfx - ok
20:31:11.0559 2836  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:31:11.0575 2836  iirsp - ok
20:31:11.0606 2836  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:31:11.0653 2836  IKEEXT - ok
20:31:11.0762 2836  [ E83BB47C3446F0497019DE7FD6C6A86F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:31:11.0840 2836  IntcAzAudAddService - ok
20:31:11.0887 2836  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:31:11.0887 2836  IntcDAud - ok
20:31:11.0934 2836  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:31:11.0980 2836  Intel(R) Capability Licensing Service Interface - ok
20:31:12.0012 2836  [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
20:31:12.0012 2836  Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - warning
20:31:12.0012 2836  Intel(R) ME Service - detected UnsignedFile.Multi.Generic (1)
20:31:12.0027 2836  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:31:12.0043 2836  intelide - ok
20:31:12.0074 2836  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:31:12.0090 2836  intelppm - ok
20:31:12.0105 2836  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:31:12.0152 2836  IPBusEnum - ok
20:31:12.0152 2836  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:31:12.0183 2836  IpFilterDriver - ok
20:31:12.0230 2836  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:31:12.0277 2836  iphlpsvc - ok
20:31:12.0277 2836  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:31:12.0292 2836  IPMIDRV - ok
20:31:12.0308 2836  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:31:12.0339 2836  IPNAT - ok
20:31:12.0386 2836  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:31:12.0417 2836  iPod Service - ok
20:31:12.0433 2836  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:31:12.0448 2836  IRENUM - ok
20:31:12.0464 2836  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:31:12.0464 2836  isapnp - ok
20:31:12.0495 2836  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:31:12.0495 2836  iScsiPrt - ok
20:31:12.0526 2836  [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:31:12.0542 2836  iusb3hcs - ok
20:31:12.0558 2836  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
20:31:12.0573 2836  iusb3hub - ok
20:31:12.0604 2836  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:31:12.0620 2836  iusb3xhc - ok
20:31:12.0651 2836  [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:31:12.0667 2836  jhi_service - ok
20:31:12.0682 2836  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:31:12.0698 2836  kbdclass - ok
20:31:12.0698 2836  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:31:12.0714 2836  kbdhid - ok
20:31:12.0729 2836  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:31:12.0745 2836  KeyIso - ok
20:31:12.0792 2836  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:31:12.0792 2836  KSecDD - ok
20:31:12.0807 2836  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:31:12.0823 2836  KSecPkg - ok
20:31:12.0854 2836  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:31:12.0885 2836  ksthunk - ok
20:31:12.0916 2836  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:31:12.0948 2836  KtmRm - ok
20:31:12.0979 2836  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:31:13.0026 2836  LanmanServer - ok
20:31:13.0026 2836  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:31:13.0072 2836  LanmanWorkstation - ok
20:31:13.0072 2836  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:31:13.0104 2836  lltdio - ok
20:31:13.0135 2836  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:31:13.0166 2836  lltdsvc - ok
20:31:13.0166 2836  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:31:13.0213 2836  lmhosts - ok
20:31:13.0228 2836  [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:31:13.0228 2836  LMS - ok
20:31:13.0260 2836  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:31:13.0275 2836  LSI_FC - ok
20:31:13.0275 2836  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:31:13.0291 2836  LSI_SAS - ok
20:31:13.0291 2836  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:31:13.0306 2836  LSI_SAS2 - ok
20:31:13.0306 2836  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:31:13.0322 2836  LSI_SCSI - ok
20:31:13.0338 2836  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:31:13.0369 2836  luafv - ok
20:31:13.0431 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0462 2836  McAfee SiteAdvisor Service - ok
20:31:13.0509 2836  [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk         c:\PROGRA~1\mcafee\msc\mcawfwk.exe
20:31:13.0540 2836  McAWFwk - ok
20:31:13.0556 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0572 2836  McMPFSvc - ok
20:31:13.0572 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0587 2836  mcmscsvc - ok
20:31:13.0587 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0603 2836  McNaiAnn - ok
20:31:13.0618 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0618 2836  McNASvc - ok
20:31:13.0665 2836  [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
20:31:13.0681 2836  McODS - ok
20:31:13.0696 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0712 2836  McOobeSv - ok
20:31:13.0712 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:13.0728 2836  McProxy - ok
20:31:13.0759 2836  [ 597C77235621E7DDD32A68574FDE6464 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:31:13.0790 2836  McShield - ok
20:31:13.0806 2836  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:31:13.0821 2836  Mcx2Svc - ok
20:31:13.0852 2836  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:31:13.0852 2836  megasas - ok
20:31:13.0884 2836  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:31:13.0899 2836  MegaSR - ok
20:31:13.0930 2836  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:31:13.0930 2836  MEIx64 - ok
20:31:13.0962 2836  [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk         C:\Windows\system32\drivers\mfeapfk.sys
20:31:13.0977 2836  mfeapfk - ok
20:31:13.0993 2836  [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
20:31:14.0008 2836  mfeavfk - ok
20:31:14.0008 2836  mfeavfk01 - ok
20:31:14.0040 2836  [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
20:31:14.0055 2836  mfefire - ok
20:31:14.0071 2836  [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
20:31:14.0086 2836  mfefirek - ok
20:31:14.0102 2836  [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
20:31:14.0118 2836  mfehidk - ok
20:31:14.0133 2836  [ A8129CFB919347F8533C934B365E9202 ] mfenlfk         C:\Windows\system32\DRIVERS\mfenlfk.sys
20:31:14.0149 2836  mfenlfk - ok
20:31:14.0164 2836  [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet        C:\Windows\system32\drivers\mferkdet.sys
20:31:14.0164 2836  mferkdet - ok
20:31:14.0180 2836  [ 4D0ECD05ABB518EA323F651F4AB8458F ] mfevtp          C:\Windows\system32\mfevtps.exe
20:31:14.0196 2836  mfevtp - ok
20:31:14.0211 2836  [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
20:31:14.0227 2836  mfewfpk - ok
20:31:14.0242 2836  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:31:14.0274 2836  MMCSS - ok
20:31:14.0336 2836  [ DB033326180514B9A45612CE14324F5C ] MOBK649backup   C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe
20:31:14.0367 2836  MOBK649backup - ok
20:31:14.0398 2836  [ 3C69AA906EE867ADE4437ACD8460B43D ] MOBK649Filter   C:\Windows\system32\DRIVERS\MOBK649.sys
20:31:14.0398 2836  MOBK649Filter - ok
20:31:14.0414 2836  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:31:14.0461 2836  Modem - ok
20:31:14.0476 2836  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:31:14.0492 2836  monitor - ok
20:31:14.0508 2836  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:31:14.0523 2836  mouclass - ok
20:31:14.0523 2836  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:31:14.0539 2836  mouhid - ok
20:31:14.0554 2836  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:31:14.0570 2836  mountmgr - ok
20:31:14.0617 2836  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:31:14.0632 2836  MozillaMaintenance - ok
20:31:14.0648 2836  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:31:14.0664 2836  mpio - ok
20:31:14.0679 2836  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:31:14.0710 2836  mpsdrv - ok
20:31:14.0742 2836  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:31:14.0788 2836  MpsSvc - ok
20:31:14.0788 2836  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:31:14.0804 2836  MRxDAV - ok
20:31:14.0820 2836  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:31:14.0835 2836  mrxsmb - ok
20:31:14.0851 2836  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:31:14.0866 2836  mrxsmb10 - ok
20:31:14.0882 2836  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:31:14.0898 2836  mrxsmb20 - ok
20:31:14.0913 2836  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:31:14.0929 2836  msahci - ok
20:31:14.0929 2836  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:31:14.0944 2836  msdsm - ok
20:31:14.0960 2836  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:31:14.0976 2836  MSDTC - ok
20:31:14.0991 2836  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:31:15.0022 2836  Msfs - ok
20:31:15.0022 2836  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:31:15.0069 2836  mshidkmdf - ok
20:31:15.0085 2836  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:31:15.0085 2836  msisadrv - ok
20:31:15.0116 2836  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:31:15.0147 2836  MSiSCSI - ok
20:31:15.0147 2836  msiserver - ok
20:31:15.0163 2836  [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
20:31:15.0178 2836  MSK80Service - ok
20:31:15.0194 2836  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:31:15.0225 2836  MSKSSRV - ok
20:31:15.0241 2836  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:31:15.0272 2836  MSPCLOCK - ok
20:31:15.0272 2836  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:31:15.0303 2836  MSPQM - ok
20:31:15.0334 2836  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:31:15.0350 2836  MsRPC - ok
20:31:15.0350 2836  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:31:15.0366 2836  mssmbios - ok
20:31:15.0381 2836  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:31:15.0412 2836  MSTEE - ok
20:31:15.0412 2836  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:31:15.0428 2836  MTConfig - ok
20:31:15.0444 2836  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:31:15.0459 2836  Mup - ok
20:31:15.0490 2836  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:31:15.0522 2836  napagent - ok
20:31:15.0537 2836  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:31:15.0568 2836  NativeWifiP - ok
20:31:15.0600 2836  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:31:15.0631 2836  NDIS - ok
20:31:15.0646 2836  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:31:15.0678 2836  NdisCap - ok
20:31:15.0709 2836  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:31:15.0740 2836  NdisTapi - ok
20:31:15.0756 2836  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:31:15.0787 2836  Ndisuio - ok
20:31:15.0802 2836  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:31:15.0834 2836  NdisWan - ok
20:31:15.0849 2836  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:31:15.0880 2836  NDProxy - ok
20:31:15.0896 2836  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:31:15.0927 2836  NetBIOS - ok
20:31:15.0943 2836  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:31:15.0974 2836  NetBT - ok
20:31:15.0974 2836  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:31:15.0990 2836  Netlogon - ok
20:31:16.0021 2836  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:31:16.0052 2836  Netman - ok
20:31:16.0099 2836  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0130 2836  NetMsmqActivator - ok
20:31:16.0130 2836  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0146 2836  NetPipeActivator - ok
20:31:16.0161 2836  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:31:16.0192 2836  netprofm - ok
20:31:16.0192 2836  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0208 2836  NetTcpActivator - ok
20:31:16.0208 2836  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:31:16.0224 2836  NetTcpPortSharing - ok
20:31:16.0255 2836  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:31:16.0270 2836  nfrd960 - ok
20:31:16.0302 2836  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:31:16.0317 2836  NlaSvc - ok
20:31:16.0333 2836  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:31:16.0364 2836  Npfs - ok
20:31:16.0380 2836  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:31:16.0411 2836  nsi - ok
20:31:16.0426 2836  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:31:16.0458 2836  nsiproxy - ok
20:31:16.0536 2836  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:31:16.0582 2836  Ntfs - ok
20:31:16.0614 2836  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:31:16.0645 2836  Null - ok
20:31:16.0848 2836  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:31:17.0004 2836  nvlddmkm - ok
20:31:17.0082 2836  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:31:17.0113 2836  nvraid - ok
20:31:17.0129 2836  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:31:17.0144 2836  nvstor - ok
20:31:17.0160 2836  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:31:17.0175 2836  nv_agp - ok
20:31:17.0191 2836  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:31:17.0191 2836  ohci1394 - ok
20:31:17.0238 2836  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:31:17.0253 2836  ose - ok
20:31:17.0394 2836  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:31:17.0472 2836  osppsvc - ok
20:31:17.0503 2836  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:31:17.0519 2836  p2pimsvc - ok
20:31:17.0519 2836  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:31:17.0534 2836  p2psvc - ok
20:31:17.0565 2836  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
20:31:17.0581 2836  Parport - ok
20:31:17.0597 2836  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:31:17.0612 2836  partmgr - ok
20:31:17.0628 2836  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:31:17.0659 2836  PcaSvc - ok
20:31:17.0675 2836  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:31:17.0690 2836  pci - ok
20:31:17.0690 2836  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:31:17.0706 2836  pciide - ok
20:31:17.0721 2836  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:31:17.0737 2836  pcmcia - ok
20:31:17.0753 2836  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:31:17.0753 2836  pcw - ok
20:31:17.0784 2836  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:31:17.0815 2836  PEAUTH - ok
20:31:17.0893 2836  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:31:17.0924 2836  PerfHost - ok
20:31:17.0987 2836  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:31:18.0033 2836  pla - ok
20:31:18.0065 2836  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:31:18.0080 2836  PlugPlay - ok
20:31:18.0143 2836  [ 9C4D0DE187CBC24F658C52EFC93B1C73 ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
20:31:18.0174 2836  PMBDeviceInfoProvider - ok
20:31:18.0205 2836  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:31:18.0205 2836  PNRPAutoReg - ok
20:31:18.0236 2836  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:31:18.0252 2836  PNRPsvc - ok
20:31:18.0267 2836  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:31:18.0314 2836  PolicyAgent - ok
20:31:18.0330 2836  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:31:18.0361 2836  Power - ok
20:31:18.0377 2836  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:31:18.0423 2836  PptpMiniport - ok
20:31:18.0439 2836  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:31:18.0455 2836  Processor - ok
20:31:18.0470 2836  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:31:18.0486 2836  ProfSvc - ok
20:31:18.0486 2836  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:31:18.0501 2836  ProtectedStorage - ok
20:31:18.0517 2836  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:31:18.0548 2836  Psched - ok
20:31:18.0611 2836  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:31:18.0673 2836  ql2300 - ok
20:31:18.0673 2836  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:31:18.0689 2836  ql40xx - ok
20:31:18.0704 2836  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:31:18.0735 2836  QWAVE - ok
20:31:18.0751 2836  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:31:18.0782 2836  QWAVEdrv - ok
20:31:18.0782 2836  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:31:18.0813 2836  RasAcd - ok
20:31:18.0829 2836  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:31:18.0860 2836  RasAgileVpn - ok
20:31:18.0891 2836  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:31:18.0923 2836  RasAuto - ok
20:31:18.0938 2836  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:31:18.0969 2836  Rasl2tp - ok
20:31:19.0001 2836  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:31:19.0032 2836  RasMan - ok
20:31:19.0047 2836  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:31:19.0079 2836  RasPppoe - ok
20:31:19.0110 2836  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:31:19.0141 2836  RasSstp - ok
20:31:19.0157 2836  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:31:19.0188 2836  rdbss - ok
20:31:19.0203 2836  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:31:19.0219 2836  rdpbus - ok
20:31:19.0235 2836  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:31:19.0266 2836  RDPCDD - ok
20:31:19.0281 2836  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:31:19.0313 2836  RDPENCDD - ok
20:31:19.0328 2836  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:31:19.0359 2836  RDPREFMP - ok
20:31:19.0375 2836  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:31:19.0391 2836  RDPWD - ok
20:31:19.0422 2836  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:31:19.0437 2836  rdyboost - ok
20:31:19.0453 2836  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:31:19.0500 2836  RemoteAccess - ok
20:31:19.0531 2836  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:31:19.0562 2836  RemoteRegistry - ok
20:31:19.0593 2836  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:31:19.0609 2836  RFCOMM - ok
20:31:19.0609 2836  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:31:19.0656 2836  RpcEptMapper - ok
20:31:19.0671 2836  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:31:19.0687 2836  RpcLocator - ok
20:31:19.0718 2836  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:31:19.0749 2836  RpcSs - ok
20:31:19.0765 2836  [ EBBFA2B4E317AF86E93FEC4C04D7A9B3 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
20:31:19.0781 2836  RSPCIESTOR - ok
20:31:19.0812 2836  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:31:19.0843 2836  rspndr - ok
20:31:19.0874 2836  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:31:19.0890 2836  RTL8167 - ok
20:31:19.0905 2836  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:31:19.0921 2836  SamSs - ok
20:31:19.0937 2836  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:31:19.0952 2836  sbp2port - ok
20:31:19.0968 2836  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:31:19.0999 2836  SCardSvr - ok
20:31:20.0015 2836  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:31:20.0046 2836  scfilter - ok
20:31:20.0077 2836  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:31:20.0124 2836  Schedule - ok
20:31:20.0139 2836  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:31:20.0171 2836  SCPolicySvc - ok
20:31:20.0186 2836  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
20:31:20.0217 2836  sdbus - ok
20:31:20.0233 2836  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:31:20.0249 2836  SDRSVC - ok
20:31:20.0295 2836  [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:31:20.0311 2836  SeaPort - ok
20:31:20.0327 2836  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:31:20.0358 2836  secdrv - ok
20:31:20.0389 2836  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:31:20.0420 2836  seclogon - ok
20:31:20.0436 2836  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:31:20.0467 2836  SENS - ok
20:31:20.0483 2836  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:31:20.0483 2836  SensrSvc - ok
20:31:20.0498 2836  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:31:20.0514 2836  Serenum - ok
20:31:20.0529 2836  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
20:31:20.0529 2836  Serial - ok
20:31:20.0545 2836  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:31:20.0561 2836  sermouse - ok
20:31:20.0576 2836  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:31:20.0607 2836  SessionEnv - ok
20:31:20.0639 2836  [ 85D0F874734C105D02280B39BF0AD23F ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
20:31:20.0639 2836  SFEP - ok
20:31:20.0639 2836  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:31:20.0654 2836  sffdisk - ok
20:31:20.0670 2836  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:31:20.0685 2836  sffp_mmc - ok
20:31:20.0685 2836  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:31:20.0701 2836  sffp_sd - ok
20:31:20.0701 2836  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:31:20.0717 2836  sfloppy - ok
20:31:20.0748 2836  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
20:31:20.0779 2836  Sftfs - ok
20:31:20.0857 2836  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:31:20.0873 2836  sftlist - ok
20:31:20.0888 2836  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
20:31:20.0904 2836  Sftplay - ok
20:31:20.0919 2836  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
20:31:20.0919 2836  Sftredir - ok
20:31:20.0951 2836  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
20:31:20.0982 2836  Sftvol - ok
20:31:21.0029 2836  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:31:21.0060 2836  sftvsa - ok
20:31:21.0107 2836  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:31:21.0153 2836  SharedAccess - ok
20:31:21.0185 2836  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:31:21.0216 2836  ShellHWDetection - ok
20:31:21.0247 2836  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:31:21.0247 2836  SiSRaid2 - ok
20:31:21.0263 2836  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:31:21.0278 2836  SiSRaid4 - ok
20:31:21.0294 2836  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:31:21.0294 2836  SkypeUpdate - ok
20:31:21.0309 2836  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:31:21.0341 2836  Smb - ok
20:31:21.0372 2836  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:31:21.0387 2836  SNMPTRAP - ok
20:31:21.0450 2836  [ 4AEA7A1C3CA06D95D6966C34D13C0D8B ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
20:31:21.0481 2836  SOHCImp - ok
20:31:21.0481 2836  [ 16FD95781117E13107D477AE36219E6F ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
20:31:21.0497 2836  SOHDs - ok
20:31:21.0528 2836  [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
20:31:21.0575 2836  SpfService - ok
20:31:21.0590 2836  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:31:21.0606 2836  spldr - ok
20:31:21.0668 2836  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:31:21.0715 2836  Spooler - ok
20:31:21.0809 2836  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:31:21.0871 2836  sppsvc - ok
20:31:21.0887 2836  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:31:21.0918 2836  sppuinotify - ok
20:31:21.0949 2836  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:31:21.0965 2836  srv - ok
20:31:21.0996 2836  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:31:22.0011 2836  srv2 - ok
20:31:22.0027 2836  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:31:22.0043 2836  srvnet - ok
20:31:22.0058 2836  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:31:22.0105 2836  SSDPSRV - ok
20:31:22.0121 2836  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:31:22.0152 2836  SstpSvc - ok
20:31:22.0183 2836  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:31:22.0214 2836  ssudmdm - ok
20:31:22.0230 2836  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:31:22.0245 2836  stexstor - ok
20:31:22.0277 2836  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:31:22.0308 2836  stisvc - ok
20:31:22.0323 2836  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:31:22.0339 2836  swenum - ok
20:31:22.0355 2836  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:31:22.0401 2836  swprv - ok
20:31:22.0433 2836  [ BD4F51AEF67AB7D57698BC4AAD983D1F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:31:22.0448 2836  SynTP - ok
20:31:22.0479 2836  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:31:22.0511 2836  SysMain - ok
20:31:22.0526 2836  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:31:22.0542 2836  TabletInputService - ok
20:31:22.0557 2836  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:31:22.0589 2836  TapiSrv - ok
20:31:22.0604 2836  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:31:22.0635 2836  TBS - ok
20:31:22.0713 2836  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:31:22.0760 2836  Tcpip - ok
20:31:22.0791 2836  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:31:22.0838 2836  TCPIP6 - ok
20:31:22.0838 2836  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:31:22.0854 2836  tcpipreg - ok
20:31:22.0885 2836  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:31:22.0901 2836  TDPIPE - ok
20:31:22.0916 2836  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:31:22.0932 2836  TDTCP - ok
20:31:22.0947 2836  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:31:22.0979 2836  tdx - ok
20:31:22.0994 2836  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:31:23.0010 2836  TermDD - ok
20:31:23.0041 2836  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:31:23.0072 2836  TermService - ok
20:31:23.0088 2836  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:31:23.0119 2836  Themes - ok
20:31:23.0135 2836  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:31:23.0166 2836  THREADORDER - ok
20:31:23.0181 2836  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:31:23.0228 2836  TrkWks - ok
20:31:23.0259 2836  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:31:23.0291 2836  TrustedInstaller - ok
20:31:23.0306 2836  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:31:23.0337 2836  tssecsrv - ok
20:31:23.0353 2836  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:31:23.0369 2836  TsUsbFlt - ok
20:31:23.0384 2836  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:31:23.0400 2836  TsUsbGD - ok
20:31:23.0415 2836  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:31:23.0447 2836  tunnel - ok
20:31:23.0447 2836  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:31:23.0462 2836  uagp35 - ok
20:31:23.0509 2836  [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
20:31:23.0525 2836  uCamMonitor - ok
20:31:23.0540 2836  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:31:23.0571 2836  udfs - ok
20:31:23.0587 2836  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:31:23.0603 2836  UI0Detect - ok
20:31:23.0634 2836  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:31:23.0649 2836  uliagpkx - ok
20:31:23.0649 2836  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:31:23.0665 2836  umbus - ok
20:31:23.0681 2836  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:31:23.0681 2836  UmPass - ok
20:31:23.0759 2836  [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:31:23.0805 2836  UNS - ok
20:31:23.0821 2836  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:31:23.0868 2836  upnphost - ok
20:31:23.0915 2836  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:31:23.0915 2836  USBAAPL64 - ok
20:31:23.0946 2836  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:31:23.0961 2836  usbccgp - ok
20:31:23.0977 2836  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:31:23.0993 2836  usbcir - ok
20:31:24.0008 2836  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:31:24.0008 2836  usbehci - ok
20:31:24.0039 2836  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:31:24.0055 2836  usbhub - ok
20:31:24.0071 2836  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:31:24.0086 2836  usbohci - ok
20:31:24.0102 2836  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:31:24.0117 2836  usbprint - ok
20:31:24.0133 2836  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:24.0149 2836  USBSTOR - ok
20:31:24.0149 2836  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:31:24.0164 2836  usbuhci - ok
20:31:24.0180 2836  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:31:24.0195 2836  usbvideo - ok
20:31:24.0227 2836  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:31:24.0258 2836  UxSms - ok
20:31:24.0289 2836  [ 203FD19D70549A2939E1AE3A36608151 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
20:31:24.0320 2836  VAIO Event Service - ok
20:31:24.0367 2836  [ 59308CD511A5F3EE33595FFD46F76B31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
20:31:24.0414 2836  VAIO Power Management - ok
20:31:24.0429 2836  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:31:24.0445 2836  VaultSvc - ok
20:31:24.0507 2836  [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
20:31:24.0554 2836  VCFw - ok
20:31:24.0585 2836  [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
20:31:24.0601 2836  VcmIAlzMgr - ok
20:31:24.0632 2836  [ FD5BD55C1854208BC9C51DBCFC3C1941 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
20:31:24.0648 2836  VcmINSMgr - ok
20:31:24.0679 2836  [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
20:31:24.0710 2836  VcmXmlIfHelper - ok
20:31:24.0741 2836  [ D076011ECD0D1310E879F32EBF3B4886 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
20:31:24.0757 2836  VCService - ok
20:31:24.0788 2836  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:31:24.0804 2836  vdrvroot - ok
20:31:24.0835 2836  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:31:24.0882 2836  vds - ok
20:31:24.0882 2836  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:31:24.0897 2836  vga - ok
20:31:24.0929 2836  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:31:24.0960 2836  VgaSave - ok
20:31:24.0960 2836  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:31:24.0975 2836  vhdmp - ok
20:31:24.0991 2836  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:31:24.0991 2836  viaide - ok
20:31:25.0007 2836  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:31:25.0022 2836  volmgr - ok
20:31:25.0038 2836  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:31:25.0053 2836  volmgrx - ok
20:31:25.0069 2836  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:31:25.0085 2836  volsnap - ok
20:31:25.0100 2836  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:31:25.0116 2836  vsmraid - ok
20:31:25.0178 2836  [ 596E65BDEE804CC6658A39756CC61849 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
20:31:25.0225 2836  VSNService - ok
20:31:25.0272 2836  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:31:25.0319 2836  VSS - ok
20:31:25.0365 2836  [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent         C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
20:31:25.0397 2836  VUAgent - ok
20:31:25.0412 2836  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:31:25.0428 2836  vwifibus - ok
20:31:25.0459 2836  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:31:25.0475 2836  vwififlt - ok
20:31:25.0490 2836  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:31:25.0506 2836  vwifimp - ok
20:31:25.0553 2836  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:31:25.0615 2836  W32Time - ok
20:31:25.0631 2836  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:31:25.0646 2836  WacomPen - ok
20:31:25.0677 2836  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:31:25.0709 2836  WANARP - ok
20:31:25.0709 2836  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:31:25.0755 2836  Wanarpv6 - ok
20:31:25.0787 2836  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:31:25.0818 2836  wbengine - ok
20:31:25.0833 2836  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:31:25.0865 2836  WbioSrvc - ok
20:31:25.0896 2836  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:31:25.0911 2836  wcncsvc - ok
20:31:25.0927 2836  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:31:25.0927 2836  WcsPlugInService - ok
20:31:25.0943 2836  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:31:25.0958 2836  Wd - ok
20:31:26.0021 2836  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:31:26.0052 2836  Wdf01000 - ok
20:31:26.0067 2836  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:31:26.0083 2836  WdiServiceHost - ok
20:31:26.0083 2836  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:31:26.0114 2836  WdiSystemHost - ok
20:31:26.0145 2836  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:31:26.0161 2836  WebClient - ok
20:31:26.0177 2836  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:31:26.0208 2836  Wecsvc - ok
20:31:26.0223 2836  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:31:26.0270 2836  wercplsupport - ok
20:31:26.0286 2836  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:31:26.0317 2836  WerSvc - ok
20:31:26.0348 2836  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:31:26.0379 2836  WfpLwf - ok
20:31:26.0379 2836  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:31:26.0395 2836  WIMMount - ok
20:31:26.0411 2836  WinDefend - ok
20:31:26.0426 2836  WinHttpAutoProxySvc - ok
20:31:26.0489 2836  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:31:26.0551 2836  Winmgmt - ok
20:31:26.0582 2836  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:31:26.0645 2836  WinRM - ok
20:31:26.0676 2836  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:31:26.0691 2836  WinUsb - ok
20:31:26.0723 2836  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:31:26.0754 2836  Wlansvc - ok
20:31:26.0785 2836  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:31:26.0801 2836  wlcrasvc - ok
20:31:26.0894 2836  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:31:26.0941 2836  wlidsvc - ok
20:31:26.0957 2836  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:31:26.0972 2836  WmiAcpi - ok
20:31:27.0003 2836  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:31:27.0019 2836  wmiApSrv - ok
20:31:27.0035 2836  WMPNetworkSvc - ok
20:31:27.0066 2836  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:31:27.0113 2836  WPCSvc - ok
20:31:27.0128 2836  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:31:27.0144 2836  WPDBusEnum - ok
20:31:27.0237 2836  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:31:27.0284 2836  ws2ifsl - ok
20:31:27.0315 2836  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:31:27.0331 2836  wscsvc - ok
20:31:27.0378 2836  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:31:27.0393 2836  WSDPrintDevice - ok
20:31:27.0393 2836  WSearch - ok
20:31:27.0487 2836  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:31:27.0534 2836  wuauserv - ok
20:31:27.0581 2836  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:31:27.0596 2836  WudfPf - ok
20:31:27.0612 2836  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:31:27.0612 2836  WUDFRd - ok
20:31:27.0659 2836  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:31:27.0690 2836  wudfsvc - ok
20:31:27.0705 2836  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:31:27.0737 2836  WwanSvc - ok
20:31:27.0768 2836  [ A5B25E310678175F4779499FFF7D0994 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
20:31:27.0783 2836  ZAtheros Bt&Wlan Coex Agent - ok
20:31:27.0815 2836  ================ Scan global ===============================
20:31:27.0846 2836  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:31:27.0877 2836  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:31:27.0877 2836  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:31:27.0908 2836  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:31:27.0939 2836  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:31:27.0939 2836  [Global] - ok
20:31:27.0955 2836  ================ Scan MBR ==================================
20:31:27.0971 2836  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:31:28.0470 2836  \Device\Harddisk0\DR0 - ok
20:31:28.0470 2836  ================ Scan VBR ==================================
20:31:28.0485 2836  [ F3F8221CA6CDA1434DED9F58073EE63C ] \Device\Harddisk0\DR0\Partition1
20:31:28.0485 2836  \Device\Harddisk0\DR0\Partition1 - ok
20:31:28.0517 2836  [ 9B90A1861802C112E2C1EDC1E6910FA2 ] \Device\Harddisk0\DR0\Partition2
20:31:28.0517 2836  \Device\Harddisk0\DR0\Partition2 - ok
20:31:28.0532 2836  ============================================================
20:31:28.0532 2836  Scan finished
20:31:28.0532 2836  ============================================================
20:31:28.0532 3792  Detected object count: 1
20:31:28.0532 3792  Actual detected object count: 1
20:31:43.0415 3792  Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:43.0415 3792  Intel(R) ME Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 09.01.2013, 19:46   #8
markusg
/// Malware-holic
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 20:15   #9
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Hier jetzt der Combofix-Log

Code:
ATTFilter
ComboFix 13-01-08.01 - Justin 09.01.2013  21:03:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3996.2250 [GMT 1:00]
ausgeführt von:: D:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-09 bis 2013-01-09  ))))))))))))))))))))))))))))))
.
.
2013-01-09 20:09 . 2013-01-09 20:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-09 19:02 . 2013-01-09 19:02	--------	d-----w-	C:\_OTL
2013-01-09 17:57 . 2013-01-09 17:57	--------	d-----w-	c:\users\Justin\AppData\Roaming\Malwarebytes
2013-01-09 17:57 . 2013-01-09 17:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-09 17:57 . 2013-01-09 17:57	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-09 17:57 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-09 17:56 . 2013-01-09 17:56	--------	d-----w-	c:\users\Justin\AppData\Local\Programs
2012-12-25 02:00 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-25 02:00 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-25 02:00 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-25 02:00 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-13 15:00 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 14:59 . 2012-10-04 17:38	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 21:54 . 2013-01-09 19:06	--------	d-----w-	c:\users\Justin\AppData\Local\Spotify
2012-12-11 21:53 . 2013-01-09 19:10	--------	d-----w-	c:\users\Justin\AppData\Roaming\Spotify
2012-12-11 17:10 . 2012-12-11 17:10	--------	d-----w-	c:\program files\iPod
2012-12-11 17:10 . 2012-12-11 17:11	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-11 17:10 . 2012-12-11 17:11	--------	d-----w-	c:\program files\iTunes
2012-12-11 17:10 . 2012-12-11 17:11	--------	d-----w-	c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 14:25 . 2012-06-10 02:51	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 14:25 . 2012-06-10 02:51	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 11:28 . 2012-11-25 11:28	40960	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-11-25 11:28 . 2012-11-25 11:28	40960	----a-r-	c:\users\Justin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-10-16 08:38 . 2012-11-28 12:43	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 12:43	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 12:43	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\Justin\AppData\Roaming\Spotify\Spotify.exe" [2012-12-11 7880664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-09 340072]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-01-19 106144]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-09 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-01-19 158880]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-01-19 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-01-19 339616]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-01-19 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-01-19 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-01-19 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-01-19 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-01-19 280992]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-01-19 421664]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-01-19 550560]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-14 331264]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 787736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-09 565352]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 14:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-27 1158248]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-01-19 1016992]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-01-19 800416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-14 440600]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://vaioportal.sony.eu/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Free YouTube to MP3 Converter - c:\users\Justin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\5q5antka.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-09  21:11:21
ComboFix-quarantined-files.txt  2013-01-09 20:11
.
Vor Suchlauf: 12 Verzeichnis(se), 369.820.553.216 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 369.300.393.984 Bytes frei
.
- - End Of File - - 3907C200EF83F8B819F8036443CF7A77
         

Alt 09.01.2013, 23:41   #10
markusg
/// Malware-holic
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 13:12   #11
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



so, hab ich eben mal gemacht. Ich hoffe es ist nicht falsch, wenn ich das jetzt als code poste?
Code:
ATTFilter
ACID Music Studio 8.0	Sony	10.06.2012	212MB	8.0.178 unbekannt
ActiveX контрола на Windows Live Mesh за отдалечени връзки	Microsoft Corporation	10.06.2012	5,57MB	15.4.5722.2 unbekannt
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Adobe AIR	Adobe Systems Incorporated	10.06.2012		2.7.0.19460 notwendig
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146 notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146 notwendig
Adobe Reader X MUI	Adobe Systems Incorporated	10.06.2012	470MB	10.0.0 notwendig
Apple Application Support	Apple Inc.	11.12.2012	65,0MB	2.3.2 notwendig
Apple Mobile Device Support	Apple Inc.	11.12.2012	25,1MB	6.0.1.3 notwendig
Apple Software Update	Apple Inc.	11.08.2012	2,38MB	2.1.3.127 notwendig
ArcSoft Magic-i Visual Effects 2	ArcSoft	10.06.2012	69,5MB	2.0.1.161 notwendig	
ArcSoft WebCam Companion 4	ArcSoft	10.06.2012	81,3MB	4.0.21.457 notwendig
Arma 2 Army of The Czech Republic (LITE) Uninstall		12.08.2012 notwendig	
ARMA 2 Operation Arrowhead Uninstall		11.08.2012 notwendig		
ArmA 2 Uninstall		11.08.2012 notwendig		
Atheros Bluetooth Suite (64)	Atheros	10.06.2012	120MB	7.4.0.120 notwendig
BattlEye for OA Uninstall		12.08.2012 notwendig		
BattlEye Uninstall		12.08.2012 notwendig		
BattlEye Uninstall		11.02.2011 notwendig		
Bing Bar	Microsoft Corporation	10.06.2012	24,4MB	7.0.610.0 notwendig
Bonjour	Apple Inc.	11.08.2012	2,04MB	3.0.0.10 notwendig
CCleaner	Piriform	19.12.2012		3.26 notwendig
Control ActiveX Windows Live Mesh pentru conexiuni la distanță	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Controlo ActiveX do Windows Live Mesh para Ligações Remotas	Microsoft Corporation	10.06.2012	5,38MB	15.4.5722.2 unbekannt
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
CyberLink PowerDVD	CyberLink Corp.	10.06.2012	182MB	9.0.5009.52 notwendig
DVD Architect Studio 5.0	Sony	10.06.2012	250MB	5.0.157 notwendig
Evernote v. 4.5.2	Evernote Corp.	10.06.2012	170MB	4.5.2.5904 unbekannt
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Free YouTube to MP3 Converter version 3.11.32.918	DVDVideoSoft Ltd.	20.09.2012	60,8MB	3.11.32.918 notwendig
Intel(R) Control Center	Intel Corporation	10.06.2012		1.2.1.1007 notwendig
Intel(R) Management Engine Components	Intel Corporation	10.06.2012		8.0.2.1410 notwendig
Intel(R) OpenCL CPU Runtime	Intel Corporation	10.06.2012 notwendig		
Intel(R) Processor Graphics	Intel Corporation	10.06.2012		8.15.10.2626 notwendig
Intel(R) Rapid Storage Technology	Intel Corporation	10.06.2012		11.0.0.1032 notwendig
Intel(R) USB 3.0 eXtensible Host Controller Driver	Intel Corporation	10.06.2012		1.0.3.214 notwendig
Intel® Trusted Connect Service Client	Intel Corporation	10.06.2012	10,6MB	1.23.605.1 notwendig
iTunes	Apple Inc.	11.12.2012	190MB	11.0.0.163 notwendig
Java(TM) 7 Update 1	Oracle	10.06.2012	98,9MB	7.0.10 notwendig
Java(TM) 7 Update 1 (64-bit)	Oracle	10.06.2012	93,3MB	7.0.10 notwendig
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	09.01.2013	18,4MB	1.70.0.1100 notwendig
Media Go	Sony	10.06.2012	99,3MB	2.0.317 notwendig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	11.02.2011	38,8MB	4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	10.06.2012	2,93MB	4.0.30319 notwendig
Microsoft .NET Framework 4 Extended	Microsoft Corporation	11.02.2011	51,9MB	4.0.30319 notwendig
Microsoft .NET Framework 4 Extended DEU Language Pack	Microsoft Corporation	10.06.2012	10,6MB	4.0.30319 notwendig
Microsoft Office 2010	Microsoft Corporation	10.06.2012	6,31MB	14.0.4763.1000 notwendig
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	17.08.2012		14.0.4763.1000 notwendig
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	17.08.2012		14.0.4763.1000 notwendig
Microsoft Silverlight	Microsoft Corporation	13.08.2012	40,3MB	4.1.10329.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	10.06.2012	1,69MB	3.1.0000 notwendig
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	13.08.2012	290KB	8.0.61001 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	10.06.2012	788KB	9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.08.2012	788KB	9.0.30729.6161 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.06.2012	596KB	9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	10.06.2012	590KB	9.0.30729.4148 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.08.2012	590KB	9.0.30729.6161 notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	18.08.2012	5,28MB	10.0.30319 notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319	Microsoft Corporation	18.08.2012	4,53MB	10.0.30319 notwendig
Mozilla Firefox 17.0.1 (x86 de)	Mozilla	07.12.2012	41,1MB	17.0.1 notwendig
Mozilla Maintenance Service	Mozilla	07.12.2012	329KB	17.0.1 notwendig
MSXML 4.0 SP3 Parser	Microsoft Corporation	10.06.2012	1,47MB	4.30.2100.0 unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	15.08.2012	1,53MB	4.30.2114.0 unbekannt
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
PlayMemories Home	Sony Corporation	10.06.2012		6.1.01.14210 notwendig
PlayStation(R)Network Downloader	Sony Computer Entertainment Inc.	10.06.2012	827KB	2.07.00849 notwendig
PlayStation(R)Store	Sony Computer Entertainment Inc.	10.06.2012	5,54MB	4.5.15.13232 notwendig
Project64 1.6	Project64	25.11.2012	3,46MB	1.6 unnötig
Qualcomm Atheros WiFi Driver Installation	Qualcomm Atheros	10.06.2012		3.0 unbekannt
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	10.06.2012		6.0.1.6570 notwendig
Realtek PCIE Card Reader	Realtek Semiconductor Corp.	10.06.2012		6.1.7601.92 notwendig
Six Updater	Six Projects	10.08.2012	38,7MB	2.09.7016 notwendig
Skype™ 5.10	Skype Technologies S.A.	10.08.2012	19,4MB	5.10.116 notwendig
Sound Forge Audio Studio 10.0	Sony	10.06.2012	232MB	10.0.176 notwendig
Spotify	Spotify AB	11.12.2012		0.8.5.1333.g822e0de8 notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	10.06.2012	46,4MB	15.3.45.0 unbekannt
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
VAIO - Media Gallery	Sony Corporation	10.06.2012	303MB	2.1.0.13300 notwendig
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325	Sony Corporation	10.06.2012	23,3MB	1.0.00.01300 notwendig
VAIO - PlayMemories Home Plug-in	Sony Corporation	10.06.2012	1,94GB	2.0.00.14200 notwendig
VAIO - Remote Play mit PlayStation®3	Sony Corporation	10.06.2012		1.1.0.21090 notwendig
VAIO - Remote-Tastatur	Sony Corporation	10.06.2012		1.2.0.09270 notwendig
VAIO - Remote-Tastatur mit PlayStation®3	Sony Corporation	10.06.2012		1.2.0.09210 notwendig
VAIO - TrackID™ mit BRAVIA	Sony Corporation	10.06.2012		1.2.0.09270 notwendig
VAIO Care	Sony Corporation	10.06.2012	108MB	7.3.0.14170 notwendig
VAIO Control Center	Sony Corporation	10.06.2012		5.2.1.15070 notwendig
VAIO Data Restore Tool	Sony Corporation	10.06.2012		1.9.0.13190 notwendig
VAIO Easy Connect	Sony Corporation	10.06.2012	14,6MB	1.1.2.01120 notwendig
VAIO Gate	Sony Corporation	10.06.2012		2.4.1.09230 notwendig
VAIO Gate Default	Sony Corporation	10.06.2012		2.5.2.02090 notwendig
VAIO Gesture Control	Sony Corporation	10.06.2012		1.0.0.12300 notwendig
VAIO Improvement	Sony Corporation	10.06.2012		1.3.0.12280 notwendig
VAIO Improvement Validation	Sony Corporation	10.06.2012	496KB	1.0.4.01190 notwendig
VAIO Sample Contents	Sony Corporation	10.06.2012		1.4.2.09010 notwendig
VAIO Smart Network	Sony Corporation	10.06.2012		3.11.1.15220 notwendig
VAIO Update	Sony Corporation	10.06.2012		5.7.0.13130 notwendig
VAIO-Handbuch	Sony Corporation	10.06.2012		2.3.0.12300 notwendig
VAIO-Support für Übertragungen	Sony Corporation	10.06.2012		1.7.0.02231 notwendig
VAIOCareLearnContents		11.02.2011 notwendig		
VAIO*CPU-Lüfterdiagnose	Sony Corporation	10.06.2012		1.1.0.09200 notwendig
Vegas Movie Studio HD Platinum 11.0	Sony	10.06.2012	296MB	11.0.256 unbekannt
Warcraft III		07.09.2012 notwendig		
WildTangent-Spiele	WildTangent	10.06.2012		1.0.2.5 unbekannt
Windows Live Essentials	Microsoft Corporation	10.06.2012		15.4.3538.0513 unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	10.06.2012	5,38MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX-objekt til fjernforbindelser	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz	Microsoft Corporation	10.06.2012	5,38MB	15.4.5722.2 unbekannt
Windows Live Meshin etäyhteyksien ActiveX-komponentti	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
WinRAR 4.20 (32-Bit)	win.rar GmbH	11.08.2012		4.20.0 notwendig
WinRAR 4.20 (64-Bit)	win.rar GmbH	11.08.2012		4.20.0 notwendig
World of Warcraft	Blizzard Entertainment	13.12.2012		5.1.0.16357 notwendig
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις	Microsoft Corporation	10.06.2012	5,38MB	15.4.5722.2 unbekannt
Елемент керування Windows Live Mesh ActiveX для віддалених підключень	Microsoft Corporation	10.06.2012	5,38MB	15.4.5722.2 unbekannt
Элемент управления Windows Live Mesh ActiveX для удаленных подключений	Microsoft Corporation	10.06.2012	5,37MB	15.4.5722.2 unbekannt
         
da waren ein paar Programme dabei, bei denen ich mir nicht ganz sicher war, was für welche das denn nun sind, z.B. bei denen in kyrillischer Schriftart, bei denen hab ich nun einfach unbekannt dahinter geschrieben

Alt 10.01.2013, 13:25   #12
markusg
/// Malware-holic
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



deinstaliere:
ACID
ActiveX : alle
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Control
Controlo
Contrôle
Formant
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Kontrolnik
Ovládací : alle
Project64
Uzak
Vegas
WildTangent
Windows Live : alle für dich unnötigen.

Öffne CCleaner, analysieren, starten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 13:46   #13
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Ich hoffe ich hab bis hierhin alles richtig gemacht, hier der Log des Adwcleaners:


Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 10/01/2013 um 14:43:56 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Justin - JUSTIN-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Justin\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\5q5antka.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [836 octets] - [10/01/2013 14:43:56]

########## EOF - C:\AdwCleaner[R1].txt - [895 octets] ##########
         

Alt 10.01.2013, 14:07   #14
markusg
/// Malware-holic
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten bitte,
Testen, wie der PC + Programme laufen, auch den Internet explorer mit testen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.01.2013, 14:17   #15
Borderliner
 
Computersperrung GVU Trojaner mit 100€ Paysafecard - Standard

Computersperrung GVU Trojaner mit 100€ Paysafecard



Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 10/01/2013 um 15:11:24 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Justin - JUSTIN-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Justin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\5q5antka.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [963 octets] - [10/01/2013 14:43:56]
AdwCleaner[S2].txt - [895 octets] - [10/01/2013 15:11:24]

########## EOF - C:\AdwCleaner[S2].txt - [954 octets] ##########
         
Der Rechner wurde einmal neu gestartet. Die Programme scheinen soweit auch alle ohne Probleme zu funktionieren.

Antwort

Themen zu Computersperrung GVU Trojaner mit 100€ Paysafecard
100€ paysafecard, administrator, anti-malware, autostart, bildschirm, computer, computersperrung, dateien, dringend, euro, explorer, fehler, folge, forum, geblockt, google, gvu-trojaner, infizierte, laptop, löschen, malwarebytes, microsoft, neustart, programm, programme, software, trojaner, wgsdgsdgdsgsd.exe



Ähnliche Themen: Computersperrung GVU Trojaner mit 100€ Paysafecard


  1. Der paysafecard Trojaner
    Log-Analyse und Auswertung - 18.10.2013 (12)
  2. Computersperrung durch Interpol
    Log-Analyse und Auswertung - 03.09.2013 (11)
  3. Paysafecard Trojaner(GVU,Interpol,BKA)
    Log-Analyse und Auswertung - 22.07.2013 (13)
  4. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  5. GVU Trojaner - 100€ Paysafecard
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (1)
  6. Trojaner will Paysafecard von 100 Euro
    Log-Analyse und Auswertung - 09.05.2013 (6)
  7. GVU Trojaner / PaySafeCard Erpressung
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (15)
  8. GVU Virus 100€ paysafe, Computersperrung
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (1)
  9. GVU Trojaner mit 100€ Paysafecard, Computersperrung
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (25)
  10. Computersperrung GVU Trojaner mit 100€ Paysafecard
    Plagegeister aller Art und deren Bekämpfung - 04.01.2013 (9)
  11. GVU Virus/Trojaner eingefangen: 48h per Paysafecard bezahlen
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (5)
  12. Computersperrung durch Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (2)
  13. BKA-Trojaner Version 2.07 mit PaySafeCard + UKash
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (15)
  14. Windows Verschlüsselungs Trojaner - 100 Eur Ukash + Paysafecard
    Log-Analyse und Auswertung - 30.08.2012 (5)
  15. Bundespolizei / Paysafecard Trojaner
    Log-Analyse und Auswertung - 21.08.2012 (2)
  16. Computer gesperrt - Trojaner mit ukash und paysafecard
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (11)
  17. Gema Trojaner paysafecard
    Plagegeister aller Art und deren Bekämpfung - 07.04.2012 (1)

Zum Thema Computersperrung GVU Trojaner mit 100€ Paysafecard - Hallo Vor gut einer Stunde wurde mein Laptop geblockt, und der bekannte Bildschirm der mich auffordert, 100 Euro zu überweisen damit diese Sperrung aufgehoben wird erscheint nun bei jedem hochfahren - Computersperrung GVU Trojaner mit 100€ Paysafecard...
Archiv
Du betrachtest: Computersperrung GVU Trojaner mit 100€ Paysafecard auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.