Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2013, 14:14   #1
sennics
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Sehr geehrte Trojaner-Board Community,

mein Sony Vaio Notebook wurde von einem Trojaner befallen. Die Vorgehensweise ist wie in dem Hilfethread.

Malwarebytes Anti-Malware Bericht:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
quattro :: QUATTRO-VAIO [Administrator]

Schutz: Aktiviert

12.02.2013 13:41:32
mbam-log-2013-02-12 (13-41-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221901
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\quattro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.02.2013 13:51:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\quattro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,14 Gb Available Physical Memory | 69,13% Memory free
11,96 Gb Paging File | 9,61 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,40 Gb Total Space | 303,06 Gb Free Space | 66,55% Space Free | Partition Type: NTFS
 
Computer Name: QUATTRO-VAIO | User Name: quattro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.12 13:51:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\quattro\Downloads\OTL (1).exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.07.16 05:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.07.16 05:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.07.16 05:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.28 23:17:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 23:46:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.11.03 19:18:13 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2010.03.02 15:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2010.01.21 19:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.01.15 12:40:22 | 000,316,784 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.20 23:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.11 09:19:28 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
MOD - [2013.01.11 09:10:50 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll
MOD - [2013.01.11 09:10:38 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll
MOD - [2013.01.11 09:10:31 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 13:41:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 13:41:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.09 13:41:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 13:40:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 13:40:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 13:40:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 13:40:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 13:40:38 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 03:09:23 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.09 03:09:10 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.09 03:09:06 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\af7e2da8fcdb0d788cea0638e157c54b\System.Windows.Forms.ni.dll
MOD - [2013.01.09 03:09:02 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.09 03:08:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 03:08:57 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.09 03:08:56 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 03:08:55 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll
MOD - [2013.01.09 03:08:54 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.09 03:08:53 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 03:08:47 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.11.03 12:15:14 | 000,115,137 | ---- | M] () -- C:\Users\quattro\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012.07.27 21:51:54 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.07.16 05:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2013.02.12 13:47:26 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.26 15:06:19 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.29 16:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.12.21 13:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.12.01 10:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.06.28 23:17:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 23:46:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.10.12 15:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 15:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.10 08:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 08:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.08.11 07:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.12 16:15:40 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.01.20 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.25 03:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.11.25 03:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.09.04 18:31:22 | 000,180,224 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.09 20:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.21 03:09:00 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.21 03:09:00 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.28 23:17:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 23:17:10 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 11:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.28 18:47:59 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32)
DRV:64bit: - [2010.09.04 18:45:49 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.12 12:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010.07.12 12:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010.06.10 00:01:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.21 13:33:26 | 000,014,848 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBTUSB.sys -- (VBTUSB)
DRV:64bit: - [2010.03.20 11:06:18 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.19 11:03:49 | 000,093,184 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.03.19 11:03:46 | 000,077,312 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.03.18 21:47:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.03.18 21:47:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.03.18 21:47:38 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.03.18 21:47:37 | 000,334,888 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.18 21:47:03 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.03.18 10:16:10 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.03.17 21:02:57 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.03.03 23:56:59 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.11 20:19:26 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.20 16:02:25 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.10.02 09:58:38 | 000,514,144 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF9035BDA)
DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.09.11 20:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009.09.11 20:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009.09.11 20:48:58 | 000,036,872 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2009.09.11 20:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.09.11 20:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 18:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.06.29 18:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.04.09 13:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.11.05 07:45:04 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2010.09.28 18:47:59 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.04 18:26:38 | 000,039,968 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVED&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://173.194.39.31/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109989&babsrc=SP_ss&mntrId=8691acc50000000000000023146e12f9
IE - HKCU\..\SearchScopes\{2CE158D4-EE07-4617-B928-E265FAE44C67}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{6171C49C-DB3D-480F-99DC-FCA0B3E49BC1}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVED_enDE387
IE - HKCU\..\SearchScopes\{96EFFCFC-600F-49AA-B9E9-A00BED2A04E9}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{FB9D43BE-5103-4A4B-A4AE-029FCA311004}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.07.10 20:40:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.09.23 14:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.23 13:55:52 | 000,000,000 | ---D | M]
 
[2010.04.27 16:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.29 22:46:38 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=SVED&bmod=SVED
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\quattro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Core Temp] C:\Program Files\Core temp Überwachung\Core Temp.exe ()
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\quattro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\quattro\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{156753FC-EEA4-48E1-BFA6-A89C74B07CB6}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7778BCE7-2A10-4702-9287-4D6B9F0A21F5}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9F53EC-CA10-40D8-B7C0-543D3FA66BF5}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c634049b-8b70-11df-bf5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c634049b-8b70-11df-bf5b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\GtrEvolution_Setup_EGFIS.exe
O33 - MountPoints2\{febaf4d9-3197-11e2-a9ac-544249171a04}\Shell - "" = AutoRun
O33 - MountPoints2\{febaf4d9-3197-11e2-a9ac-544249171a04}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{febaf53c-3197-11e2-a9ac-544249171a04}\Shell - "" = AutoRun
O33 - MountPoints2\{febaf53c-3197-11e2-a9ac-544249171a04}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.12 13:40:14 | 000,000,000 | ---D | C] -- C:\Users\quattro\AppData\Roaming\Malwarebytes
[2013.02.12 13:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.12 13:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.12 13:40:03 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.12 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.12 13:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012.03.19 19:04:50 | 000,479,744 | ---- | C] (www.lfs-tweak.com) -- C:\Users\quattro\LFS-Tweak.com+0.6B+Pro+Tweaker.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\quattro\Documents\*.tmp files -> C:\Users\quattro\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.12 13:47:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.12 13:43:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 13:43:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.12 13:40:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.12 13:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.12 13:36:13 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.12 13:35:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.12 13:35:39 | 522,760,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 13:34:48 | 000,000,202 | ---- | M] () -- C:\Users\quattro\defogger_reenable
[2013.02.12 13:04:14 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.12 13:04:14 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.01.16 18:09:53 | 000,000,456 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for quattro.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\quattro\Documents\*.tmp files -> C:\Users\quattro\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.12 13:40:08 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.12 13:34:47 | 000,000,202 | ---- | C] () -- C:\Users\quattro\defogger_reenable
[2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.05.04 15:21:59 | 000,000,959 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.03.19 19:32:37 | 001,733,554 | ---- | C] () -- C:\Users\quattro\winrar-x64-411d.exe
[2012.03.19 19:19:19 | 000,000,132 | ---- | C] () -- C:\Users\quattro\XFG_BL1_thf_hot.set
[2012.03.19 19:19:03 | 000,000,132 | ---- | C] () -- C:\Users\quattro\XRG_Stan+0.4+BW.set
[2012.03.19 19:18:49 | 000,000,132 | ---- | C] () -- C:\Users\quattro\XFG_Stan+0.8+BW.set
[2012.03.19 19:18:34 | 000,000,132 | ---- | C] () -- C:\Users\quattro\XFG_Stan+0.7+BW.set
[2012.03.19 19:18:15 | 000,000,132 | ---- | C] () -- C:\Users\quattro\FBM_Stan+0.1+BW.set
[2012.03.19 19:13:11 | 015,222,633 | ---- | C] () -- C:\Users\quattro\sssskins.rar
[2012.03.19 19:12:44 | 006,905,384 | ---- | C] () -- C:\Users\quattro\lx.rar
[2012.03.19 19:12:21 | 002,235,173 | ---- | C] () -- C:\Users\quattro\skinny.rar
[2012.03.19 19:11:36 | 008,598,974 | ---- | C] () -- C:\Users\quattro\fxo.rar
[2012.03.19 19:08:55 | 000,004,950 | ---- | C] () -- C:\Users\quattro\Stansofttweak.lfs-pro-tweaker-0-6B-conf-all
[2012.03.19 19:06:07 | 000,004,974 | ---- | C] () -- C:\Users\quattro\Stan+001.lfs-pro-tweaker-0-6B-conf-all
[2010.08.10 21:02:43 | 000,007,597 | ---- | C] () -- C:\Users\quattro\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.06.24 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\apm
[2012.01.18 18:28:39 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Auslogics
[2012.02.29 22:46:32 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Babylon
[2010.07.11 13:36:33 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\BitZipper
[2010.09.04 19:03:39 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Canneverbe Limited
[2012.09.23 15:45:16 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\DVDVideoSoft
[2011.03.13 15:01:09 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.08 20:18:02 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Nokia
[2012.09.23 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\OpenCandy
[2011.05.29 10:31:45 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\PC Suite
[2012.11.24 23:34:56 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\pdfforge
[2012.06.24 16:21:35 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Samsung
[2012.05.09 18:48:03 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\SoftGrid Client
[2012.06.24 16:56:40 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Temp
[2010.07.11 11:50:57 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\TerraTec
[2010.10.17 14:42:42 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\TP
[2012.06.17 13:07:56 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\TuneUp Software
[2012.11.18 16:57:27 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Vodafone
[2010.08.04 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\quattro\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.02.2013 13:51:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\quattro\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,14 Gb Available Physical Memory | 69,13% Memory free
11,96 Gb Paging File | 9,61 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,40 Gb Total Space | 303,06 Gb Free Space | 66,55% Space Free | Partition Type: NTFS
 
Computer Name: QUATTRO-VAIO | User Name: quattro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069A98C8-ED56-417E-8FE3-F2BF3C574BC7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{109AEA62-F9CF-4EEA-97E1-C7C1CCDF44B8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{120EEA25-68B4-4A8D-81BA-33105029E519}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{17EC6399-8096-4D1F-912F-FD597832AD0D}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{1C694B84-2B29-42BD-B51D-CF241295B1AD}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{2261D577-147C-4199-B00C-CB573412DD18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B7CF6AE-E08B-4708-97B0-D5BDEE804BF3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2C72593F-B785-478B-8B26-B5DC2210A293}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E32E1A9-B224-4D4D-BFF6-736770D5A84B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{40850DEC-92F0-4086-AF66-6CFAD00BDC48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B25E2BA-DEDB-4F25-AA2D-EEB92DF52DA4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4CD11DE1-FB17-4AD7-AC5A-54DEE4E967BB}" = lport=3888 | protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | 
"{4CE55796-0A1F-4858-9EB1-09877AD6B84B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5A43FBB6-8281-4724-8307-38C35B7EBFB4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5A452CB1-F390-4598-AF06-CCBA1B971C25}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5E10F78E-8967-48A0-8BA5-34221206BFD9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5ECFBCE3-165F-417C-8C11-3A9AFA25189C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{634EBFFB-9C68-49CE-9E2F-C88B77F5EF68}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{64092FAF-F231-46F4-BF99-7D92F30E1467}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{691D9BDE-C3DF-4C10-9206-3D90C6DA0E36}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6DA59F8A-5C11-4852-971D-DF9C8C4593A7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7034E2A5-126B-4FD7-962A-B6D3AA296106}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{74B4F0EC-D15C-48FC-BEFB-B5169B6318B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7CF7175B-7A81-4A3B-A3C7-DA380C87FAF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7D4A7EEE-B007-42D8-8728-81FC65E72EA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7DCDF860-33B5-441C-8B07-CC75F67F650B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A52909B-E557-478E-82DA-2B067A14F9CC}" = lport=3880 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | 
"{8B2F3E71-CF7E-47F7-9678-01E2BE053919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{958F6BF3-B478-4512-A3CF-E309947D4938}" = lport=3888 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | 
"{A4051759-3D89-48A8-B7E8-EA5666EA1156}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8340884-08CF-48C5-B40F-B3A558C4D1E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B9F312D7-B76E-4870-943E-ACED6DE7F7FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C04721C3-E594-41D7-BEDC-4687EAF454FA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C1A4E341-ADD1-4C0E-B35A-A286947F2700}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E3FD1774-6943-4632-8DDA-507382BDF251}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E6796A15-318A-4534-9A69-A8A40099DDA0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{EB1B259C-5F67-4A4A-9E51-050D21F50608}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F700BB72-638E-4E77-B45D-80AF2FC085E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FA14395E-E5AF-45C5-A0DC-5F0D78ECC406}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCC7FEBE-03BE-4A21-B2C6-7EFF563F5875}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0329A174-8C4C-44F1-8818-FE0829FA315B}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{03EDF49B-0BB1-4DC9-A4CB-A278B6BDA638}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{0FB2E6BF-2DE5-41EE-9E07-71016E493438}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{1C42E151-5153-49A4-A64C-7C8193869B57}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{1C9AE28D-E5BE-4C98-AE63-D73D7D1BCF8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1DFD0E3C-3ACC-4F3A-A2E0-603D80E74156}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{1E4A7BE5-B9DC-42FC-82DD-B0B4D909313D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{24E194CB-A345-401B-87F8-4FE8F35527BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{297A2B49-40FE-4E63-B345-10C038D8E853}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2AC51AEB-FD58-49CA-B990-552F903AE923}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{3509E336-B8B7-42E9-B950-28E91F548F3A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3623AB0D-4756-456B-9421-D916162A0D50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{39390665-2A20-4CA2-95AA-5F8758866B79}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{40432892-156F-43EA-B112-CD8B7C7FA526}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4319D185-3E93-4128-BE2F-D959E5F008B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{437C4481-894F-4418-BF1A-375B653C102D}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe | 
"{437C64F1-9885-4D2F-9F87-25B89748050B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5AA17942-4115-4139-9DF2-72BCE8459BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\getitsnapit\race 07\steamexpansionapp.exe | 
"{5ABF1B63-F83E-41A3-862F-043BCFD75AAB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5F0CB84B-4875-49C6-B82F-94DDDB7E2914}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{6F745A14-0EB3-40DF-8886-29C000DE28E7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77E96A92-2EB5-47F6-84E1-906FF51B4DC1}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe | 
"{8293F90A-11AD-45B4-B286-AF13AD628D4F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83445A92-4B54-48BB-9393-9243E6DFD64C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83C60065-0225-410B-9F54-A58C64B14E85}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\getitsnapit\race 07\steamexpansionapp.exe | 
"{870E94F9-1EAB-440B-B5A7-F125C2DD873F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{92DD28C9-A6A6-481B-831E-EB3899D2243C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{93ED7A23-ED7C-49AA-B6AA-6C110C4DE7EF}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{A1325700-F52A-4FE8-BA67-76F51545CF2A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A5DC5097-513E-48D5-AB66-12353A2762B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B2FD1F70-F5FE-43AA-8706-B7D70A99D2EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B43E172A-48B6-48FD-A0ED-63A67CAE7285}" = protocol=6 | dir=in | app=c:\users\quattro\appdata\local\temp\{097766b8-4eb7-45c6-9d2c-f5e6e4f5ab67}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{B93612FB-9ACD-481E-9323-1C57E3506A1C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BAF189DB-BFBB-4EED-B7A4-B0C57F4E3E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | 
"{BEB799AF-2C9A-47C3-8662-4FF375254CCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C78DDDF6-304E-4BE9-ADA7-1B6697C097AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D3919710-EE32-4CB5-A281-50B3E09B2F85}" = protocol=17 | dir=in | app=c:\users\quattro\appdata\local\temp\{097766b8-4eb7-45c6-9d2c-f5e6e4f5ab67}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{D4127E1A-4C74-4C31-AA97-E99D648C58FA}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\kies\kies.exe | 
"{DF22FFAD-C961-4A95-A1A2-ADC1AE6EE1F1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{E6FA59E4-D593-440D-8702-E780D92BA27E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E90B15BB-4825-44C5-8E86-36D0161F0F09}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EAB99287-9349-4AE2-BABD-1A0BE57356CF}" = protocol=6 | dir=out | app=system | 
"{EABE10A9-4BA2-414E-BCBE-4CCE082A0A10}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F6D5CDF1-2A7B-4491-B5F0-569AEAD6CB91}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FA59D121-5E2E-4B39-9B34-A1E06BF8173F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FAF72051-80C3-48D3-8EA0-3E89AD39A070}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{FBD8CBDB-6E3F-442B-950C-8DEED53DCBF0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCD91311-BAC0-49F8-99D9-2889CAE30348}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{FF69209C-1A60-4ADA-945A-1BCD021866BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{B13EC21A-1571-4A09-98AD-DA8C83F7D300}C:\users\quattro\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\quattro\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{12DFD532-B0DB-49B6-BEC0-C70A52261E5E}C:\users\quattro\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\quattro\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery MergeModules x64
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PlayMemories Home Plug-in
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VMp MergeModule x64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{7BF099BD-10EE-4B04-A195-CAE2742C943E}" = Setup_VEP_x64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F1BA99-300F-4DD5-A26B-788EF63B53B1}" = Logitech Gaming Software 5.08
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows-Treiberpaket - Broadcom HIDClass  (09/11/2009 6.3.0.1500)
"C3D0C7A1290AAA6A45D0D0422262CE3370E27BE5" = Windows-Treiberpaket - Broadcom Corporation (BTHUSB) Bluetooth  (02/12/2010 6.3.0.3820)
"D9022850BCF278EAFBF9EDC8741DC09A1AE20B6B" = Windows-Treiberpaket - Broadcom Corporation (BTHUSB) Bluetooth  (02/28/2010 6.3.0.3850)
"F2D626F9A8E5C6126BED6EBD3E3504D0B2AB8443" = Windows-Treiberpaket - Ross-Tech USB Driver Package (06/16/2010 2.06.02)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{127C8955-B5C5-4682-9428-B8243EC4E6AE}" = Remote Play with PlayStation 3
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AA8FB9F-A36E-4232-A1ED-86B2A177C35E}" = PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92443D78-4C75-4320-BFC6-47D75122625F}" = Captcha Brotherhood
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98F2FA0E-923A-48C2-8EC7-62BD97E38FC0}" = VAIO Data Restore Tool
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{C416CBB4-00BA-4E78-878A-590C5FD4A7A1}" = VAIO Media plus
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}" = Captcha Brotherhood
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D18AF23E-AB28-4040-9396-28413B2C3B41}" = Microsoft Works 4 Converter
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBA1469-E0DA-4825-96AB-12B2988E9A28}" = Media Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9395F3D-4198-476C-8C41-63D0B5B51E35}" = PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitZipper_is1" = BitZipper 2010
"DivX Setup" = DivX-Setup
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{6AA8FB9F-A36E-4232-A1ED-86B2A177C35E}" = PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{F9395F3D-4198-476C-8C41-63D0B5B51E35}" = VAIO - PlayMemories Home Plug-in
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"NSS" = Norton Security Scan
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RaceRoom The Game_is1" = RaceRoom The Game
"SpeedFan" = SpeedFan (remove only)
"Steam App 8600" = RACE 07
"Steam App 8660" = GTR Evolution
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Troyton Raceway for rFactor" = Troyton Raceway for rFactor
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.11.2012 18:22:48 | Computer Name = quattro-VAIO | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 24.11.2012 18:23:16 | Computer Name = quattro-VAIO | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 24.11.2012 18:30:12 | Computer Name = quattro-VAIO | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Vodafone Mobile Connect Service" konnte
 nicht neu gestartet werden.
 
Error - 12.12.2012 08:34:02 | Computer Name = quattro-VAIO | Source = Application Virtualization Client | ID = 3159
Description = {hap=12:app=OfficeVirt 9014006604070000:tid=D5C} Die Anwendung kann
 nicht heruntergefahren werden (der Startthread ist noch aktiv).
 
Error - 12.12.2012 08:34:08 | Computer Name = quattro-VAIO | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 29.12.2012 10:34:48 | Computer Name = quattro-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: SSCORE.DLL,
 Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9ec  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000000000000146d  ID des fehlerhaften Prozesses: 0x464  Startzeit der fehlerhaften
 Anwendung: 0x01cde5d19af0b661  Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\SSCORE.DLL  Berichtskennung: e52b7e70-51c4-11e2-96e0-544249171a04
 
Error - 02.01.2013 19:04:24 | Computer Name = quattro-VAIO | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "VUAgent" konnte nicht neu gestartet
 werden.
 
Error - 11.01.2013 03:58:48 | Computer Name = quattro-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VAIO Gate.exe, Version: 2.4.1.9230,
 Zeitstempel: 0x4e7b30b2  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2e32e  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000042686
ID
 des fehlerhaften Prozesses: 0x1394  Startzeit der fehlerhaften Anwendung: 0x01cdefd13d18f2f3
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
Berichtskennung:
 ba49d5c3-5bc4-11e2-951a-544249171a04
 
Error - 11.01.2013 07:41:17 | Computer Name = quattro-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VAIO Gate.exe, Version: 2.4.1.9230,
 Zeitstempel: 0x4e7b30b2  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2e32e  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000042686
ID
 des fehlerhaften Prozesses: 0x1334  Startzeit der fehlerhaften Anwendung: 0x01cdeff0629d87f2
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
Berichtskennung:
 ced63b6e-5be3-11e2-9588-544249171a04
 
Error - 12.01.2013 04:12:25 | Computer Name = quattro-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VAIO Gate.exe, Version: 2.4.1.9230,
 Zeitstempel: 0x4e7b30b2  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.4940,
 Zeitstempel: 0x4ca2e32e  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000042686
ID
 des fehlerhaften Prozesses: 0xb64  Startzeit der fehlerhaften Anwendung: 0x01cdf09c63f4622f
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
Berichtskennung:
 cb952de4-5c8f-11e2-a1f1-544249171a04
 
[ System Events ]
Error - 12.02.2013 07:43:57 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2013 07:43:57 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2013 07:43:57 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2013 07:43:57 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2013 07:49:26 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2013 07:49:31 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2013 07:49:57 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 12.02.2013 07:53:30 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 12.02.2013 07:56:46 | Computer Name = quattro-VAIO | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 12.02.2013 08:38:33 | Computer Name = quattro-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
 
< End of report >
         
--- --- ---
Ich bedanke mich schon mal im Vorraus.

Mfg
sennics

Alt 12.02.2013, 15:21   #2
sennics
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Hier noch die gmer.txt datei

GMER Logfile:
Code:
ATTFilter
GMER 2.0.18454 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-02-12 15:15:35
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0002 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\quattro\AppData\Local\Temp\fftiykow.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                       0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                         0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                       0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                       0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                          0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                   0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                          0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                   0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                         0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                              0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                       0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                         0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                            0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                         0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                       0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                   0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                   0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                            0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                              0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                            0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                            0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                               0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                        0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                               0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                        0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                              0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                   0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                            0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                              0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                 0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                              0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                            0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                        0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2596] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                        0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                          0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                            0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                          0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                          0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                             0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                      0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                             0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                      0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                            0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                 0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                          0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                            0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                               0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                            0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                          0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                      0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                      0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                       0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                         0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                       0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                       0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                          0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                   0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                          0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                   0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                         0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                              0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                       0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                         0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                            0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                         0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                       0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                   0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                   0000000075d416bd 2 bytes [D4, 75]
?      C:\Windows\system32\mssprxy.dll [2928] entry point in ".rdata" section                                                                                                                             00000000682d71e6
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                         0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                           0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                         0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                         0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                            0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                     0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                            0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                     0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                           0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                         0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                           0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                              0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                           0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                         0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                     0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                     0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                               0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                 0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                               0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                               0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                  0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                           0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                  0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                           0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                 0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                      0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                               0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                 0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                    0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                 0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                               0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                           0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                           0000000075d416bd 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                             0000000075d41401 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                               0000000075d41419 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                             0000000075d41431 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                             0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                0000000075d414dd 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                         0000000075d414f5 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                0000000075d4150d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                         0000000075d41525 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                               0000000075d4153d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                    0000000075d41555 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                             0000000075d4156d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                               0000000075d41585 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                  0000000075d4159d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                               0000000075d415b5 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                             0000000075d415cd 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                         0000000075d416b2 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[4692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                         0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                                    000000007726f85a 1 byte [C3]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll!getJit + 32                                                00000000686e9380 4 bytes [C8, 10, 01, 10]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                             0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                               0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                             0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                             0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                         0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                         0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                               0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                    0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                             0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                               0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                  0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                               0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                             0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                         0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                         0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                         0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                           0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                         0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                         0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                            0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                     0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                            0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                     0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                           0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                         0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                           0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                              0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                           0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                         0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                     0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[4720] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                     0000000075d416bd 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                             0000000075d41401 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                               0000000075d41419 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                             0000000075d41431 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                             0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                0000000075d414dd 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                         0000000075d414f5 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                0000000075d4150d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                         0000000075d41525 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                               0000000075d4153d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                    0000000075d41555 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                             0000000075d4156d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                               0000000075d41585 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                  0000000075d4159d 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                               0000000075d415b5 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                             0000000075d415cd 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                         0000000075d416b2 2 bytes [D4, 75]
.text  C:\Users\quattro\AppData\Local\Akamai\netsession_win.exe[5116] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                         0000000075d416bd 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                     0000000075d41401 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                       0000000075d41419 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                     0000000075d41431 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                     0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                        0000000075d414dd 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                                 0000000075d414f5 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                        0000000075d4150d 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                                 0000000075d41525 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                       0000000075d4153d 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                            0000000075d41555 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                     0000000075d4156d 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                       0000000075d41585 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                          0000000075d4159d 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                       0000000075d415b5 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                     0000000075d415cd 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                                 0000000075d416b2 2 bytes [D4, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[3872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                                 0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                       0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                         0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                       0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                       0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                          0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                   0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                          0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                   0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                         0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                              0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                       0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                         0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                            0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                         0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                       0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                   0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4256] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                   0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                               0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                 0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                               0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                               0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                  0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                           0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                  0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                           0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                 0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                      0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                               0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                 0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                    0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                 0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                               0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                           0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                           0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            0000000075d416bd 2 bytes [D4, 75]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4860] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007fefefc4ed0 9 bytes [68, 78, 03, 47, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4860] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefba65c54 7 bytes [68, 08, 03, 47, 03, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4860] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefba65c64 9 bytes [68, 40, 03, 47, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4860] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007fefea217a0 9 bytes [68, B0, 03, 47, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A                                                                                           000000007700f548 7 bytes JMP 00000001031f0570
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W                                                                                           000000007701b0ac 7 bytes JMP 00000001031f05a8
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\kernel32.dll!CreateThread                                                                                                0000000076926580 9 bytes JMP 00000001031f04c8
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                                                              000007fefeea75f0 7 bytes [68, E0, 05, 1F, 03, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                                                                000007fefef61180 10 bytes [68, C0, 06, 1F, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                                                               000007fefef61320 7 bytes [68, 50, 06, 1F, 03, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                                                       000007fefef64450 6 bytes [68, 18, 06, 1F, 03, C3]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                                                           000007fefef66720 10 bytes [68, 88, 06, 1F, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007fefefc4ed0 9 bytes [68, 78, 03, 1F, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefba65c54 7 bytes [68, 08, 03, 1F, 03, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefba65c64 9 bytes [68, 40, 03, 1F, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6260] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007fefea217a0 9 bytes [68, B0, 03, 1F, 03, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A                                                                                           000000007700f548 7 bytes JMP 0000000100160570
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W                                                                                           000000007701b0ac 7 bytes JMP 00000001001605a8
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\kernel32.dll!CreateThread                                                                                                0000000076926580 9 bytes JMP 00000001001604c8
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                                                              000007fefeea75f0 7 bytes [68, E0, 05, 16, 00, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                                                                000007fefef61180 10 bytes [68, C0, 06, 16, 00, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                                                               000007fefef61320 7 bytes [68, 50, 06, 16, 00, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                                                       000007fefef64450 6 bytes [68, 18, 06, 16, 00, C3]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                                                           000007fefef66720 10 bytes [68, 88, 06, 16, 00, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007fefefc4ed0 9 bytes [68, 78, 03, 16, 00, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefba65c54 7 bytes [68, 08, 03, 16, 00, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefba65c64 9 bytes [68, 40, 03, 16, 00, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[6964] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007fefea217a0 9 bytes [68, B0, 03, 16, 00, C3, CC, ...]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                    0000000075d41401 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                      0000000075d41419 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                    0000000075d41431 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                    0000000075d4144a 2 bytes [D4, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                       0000000075d414dd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                0000000075d414f5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                       0000000075d4150d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                0000000075d41525 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                      0000000075d4153d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                           0000000075d41555 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                    0000000075d4156d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                      0000000075d41585 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                         0000000075d4159d 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                      0000000075d415b5 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                    0000000075d415cd 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                0000000075d416b2 2 bytes [D4, 75]
.text  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[5360] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                0000000075d416bd 2 bytes [D4, 75]

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{899AC219-B98D-4F9D-888A-DBC607A847AF}\Connection@Name                                                        isatap.{51968437-3AE1-44ED-9E01-4B5B7C6CBADE}
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind                                                           \Device\{5AFD0BE6-94F9-4B98-8D93-C79959A53CDE}?\Device\{5D0C2C20-C4CD-46D3-9143-00A096646DD5}?\Device\{899AC219-B98D-4F9D-888A-DBC607A847AF}?\Device\{06687E1E-DAC5-4BD3-AA00-AE97E4B99C6E}?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route                                                          "{5AFD0BE6-94F9-4B98-8D93-C79959A53CDE}"?"{5D0C2C20-C4CD-46D3-9143-00A096646DD5}"?"{899AC219-B98D-4F9D-888A-DBC607A847AF}"?"{06687E1E-DAC5-4BD3-AA00-AE97E4B99C6E}"?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export                                                         \Device\TCPIP6TUNNEL_{5AFD0BE6-94F9-4B98-8D93-C79959A53CDE}?\Device\TCPIP6TUNNEL_{5D0C2C20-C4CD-46D3-9143-00A096646DD5}?\Device\TCPIP6TUNNEL_{899AC219-B98D-4F9D-888A-DBC607A847AF}?\Device\TCPIP6TUNNEL_{06687E1E-DAC5-4BD3-AA00-AE97E4B99C6E}?
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076d49816                                                                                                                        
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\5063139febda                                                                                                                        
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd8dc7c                                                                                                                        
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbd8dc7c@184617609b53                                                                                                           0xA3 0x4B 0x40 0x92 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{899AC219-B98D-4F9D-888A-DBC607A847AF}@InterfaceName                                                                             isatap.{51968437-3AE1-44ED-9E01-4B5B7C6CBADE}
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{899AC219-B98D-4F9D-888A-DBC607A847AF}@ReusableType                                                                              0
Reg    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                                                                                   9532
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                             0x47 0x97 0xEB 0xD2 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                                          
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                       0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                    0x87 0x5A 0x9E 0x2C ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                             0xDE 0x48 0xEC 0x8A ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076d49816 (not active ControlSet)                                                                                                    
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\5063139febda (not active ControlSet)                                                                                                    
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd8dc7c (not active ControlSet)                                                                                                    
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbd8dc7c@184617609b53                                                                                                               0xA3 0x4B 0x40 0x92 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                                    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                                    0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                                 0x47 0x97 0xEB 0xD2 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                      
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                           0x20 0x01 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                        0x87 0x5A 0x9E 0x2C ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                                 0xDE 0x48 0xEC 0x8A ...

---- EOF - GMER 2.0 ----
         
--- --- ---
__________________


Alt 14.02.2013, 07:43   #3
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

IE - HKCU\..\SearchScopes\{FB9D43BE-5103-4A4B-A4AE-029FCA311004}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; 
[2012.05.23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\quattro\*.tmp
C:\Users\quattro\AppData\Local\Temp\*.exe
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________

Alt 14.02.2013, 13:00   #4
sennics
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Hallo,

vielen dank schon mal im vorraus

Anbei die angefordeten Log.files

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FB9D43BE-5103-4A4B-A4AE-029FCA311004}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB9D43BE-5103-4A4B-A4AE-029FCA311004}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\quattro\*.tmp not found.
C:\Users\quattro\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe moved successfully.
C:\Users\quattro\AppData\Local\Temp\SecurityScan_Release.exe moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\quattro\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\quattro\Downloads\cmd.bat deleted successfully.
C:\Users\quattro\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: quattro
->Temp folder emptied: 2493746 bytes
->Temporary Internet Files folder emptied: 265821157 bytes
->Google Chrome cache emptied: 16804322 bytes
->Flash cache emptied: 5585 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143520290 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 737121 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 410,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02142013_115906

Files\Folders moved on Reboot...
C:\Users\quattro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\quattro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\quattro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSUXN2E2\130952-tr-crypt-zpack-gen8-c-users-quattro-wgsdgsdgdsgsd-exe-gefunden-pc-war-gesperrt[1].htm moved successfully.
C:\Users\quattro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSUXN2E2\si[1].htm moved successfully.
C:\Users\quattro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GLY5QRL\si[2].htm moved successfully.
C:\Users\quattro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99HZDRVD\ads[2].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
quattro :: QUATTRO-VAIO [administrator]

14.02.2013 12:19:12
mbar-log-2013-02-14 (12-19-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31260
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Ke13:ys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_application (Hijacker.Application) -> Data: hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> Delete on reboot.

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 14/02/2013 um 12:49:22 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : quattro - QUATTRO-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\quattro\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\quattro\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\quattro\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\quattro\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\quattro\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\quattro\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\quattro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4422 octets] - [14/02/2013 12:48:15]
AdwCleaner[R2].txt - [4482 octets] - [14/02/2013 12:49:15]
AdwCleaner[S1].txt - [4135 octets] - [14/02/2013 12:49:22]

########## EOF - C:\AdwCleaner[S1].txt - [4195 octets] ##########
         
--- --- ---

mbar und adware haben allerdings nach dem jeweiligen prozess keinen neustart veranlasst. Ich habe beide programme als Administrator ausgeführt. Die neustarts habe ich dann einfach selbst ausgeführt.






Mit freundlichen grüßen
sennics

Geändert von sennics (14.02.2013 um 13:11 Uhr)

Alt 15.02.2013, 12:09   #5
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

__________________
Mfg, t'john
Das TB unterstützen

Alt 16.02.2013, 00:34   #6
sennics
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Hallo,

ich bin verblüfft mit welcher Sorgfalt sie sich meinem Problem widmen. Vielen Vielen Dank !
Das ist keineswegs selbstverständlich.

Mit Avast Antirootkit gab es ein problem so das ich von Avast kein Logfile posten kann. Anbei ein Screenshot des aufgetretenen Problems.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=227aa5afb7e87244841ad4e8cecf07f9
# engine=13167
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-15 10:22:34
# local_time=2013-02-15 11:22:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 16304 97503810 9093 0
# compatibility_mode=5893 16776573 100 94 16155 112596804 0 0
# scanned=308597
# found=0
# cleaned=0
# scan_time=10351


Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
Java(TM) 6 Update 37
Java version out of Date!
Adobe Flash Player 11.5.502.149
Adobe Reader 10.1.5 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Miniaturansicht angehängter Grafiken
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.-20130215_200535.jpg  

Alt 16.02.2013, 02:10   #7
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 13 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 16.02.2013, 13:48   #8
sennics
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Hallo,

13:21:52.0391 2832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:21:52.0657 2832 ============================================================
13:21:52.0657 2832 Current date / time: 2013/02/16 13:21:52.0657
13:21:52.0657 2832 SystemInfo:
13:21:52.0657 2832
13:21:52.0657 2832 OS Version: 6.1.7601 ServicePack: 1.0
13:21:52.0657 2832 Product type: Workstation
13:21:52.0657 2832 ComputerName: QUATTRO-VAIO
13:21:52.0672 2832 UserName: quattro
13:21:52.0672 2832 Windows directory: C:\Windows
13:21:52.0672 2832 System windows directory: C:\Windows
13:21:52.0672 2832 Running under WOW64
13:21:52.0672 2832 Processor architecture: Intel x64
13:21:52.0672 2832 Number of processors: 8
13:21:52.0672 2832 Page size: 0x1000
13:21:52.0672 2832 Boot type: Normal boot
13:21:52.0672 2832 ============================================================
13:21:53.0483 2832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:21:53.0499 2832 ============================================================
13:21:53.0499 2832 \Device\Harddisk0\DR0:
13:21:53.0499 2832 MBR partitions:
13:21:53.0499 2832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1487800, BlocksNum 0x32000
13:21:53.0499 2832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14B9800, BlocksNum 0x38ECC030
13:21:53.0499 2832 ============================================================
13:21:53.0546 2832 C: <-> \Device\Harddisk0\DR0\Partition2
13:21:53.0546 2832 ============================================================
13:21:53.0546 2832 Initialize success
13:21:53.0546 2832 ============================================================
13:22:12.0500 9048 ============================================================
13:22:12.0500 9048 Scan started
13:22:12.0500 9048 Mode: Manual; SigCheck; TDLFS;
13:22:12.0500 9048 ============================================================
13:22:13.0685 9048 ================ Scan system memory ========================
13:22:13.0685 9048 System memory - ok
13:22:13.0685 9048 ================ Scan services =============================
13:22:13.0935 9048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:22:14.0060 9048 1394ohci - ok
13:22:14.0153 9048 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:22:14.0200 9048 ACDaemon - ok
13:22:14.0247 9048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:22:14.0278 9048 ACPI - ok
13:22:14.0294 9048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:22:14.0325 9048 AcpiPmi - ok
13:22:14.0434 9048 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:22:14.0450 9048 AdobeARMservice - ok
13:22:14.0575 9048 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:22:14.0590 9048 AdobeFlashPlayerUpdateSvc - ok
13:22:14.0621 9048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:22:14.0637 9048 adp94xx - ok
13:22:14.0653 9048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:22:14.0668 9048 adpahci - ok
13:22:14.0684 9048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:22:14.0699 9048 adpu320 - ok
13:22:14.0715 9048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:22:14.0777 9048 AeLookupSvc - ok
13:22:14.0809 9048 [ 65F8D71074FCE72B6C491F63535FEDC6 ] AF9035BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
13:22:14.0824 9048 AF9035BDA - ok
13:22:14.0887 9048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:22:14.0949 9048 AFD - ok
13:22:14.0980 9048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:22:14.0996 9048 agp440 - ok
13:22:15.0011 9048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:22:15.0058 9048 ALG - ok
13:22:15.0074 9048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:22:15.0074 9048 aliide - ok
13:22:15.0214 9048 ALSysIO - ok
13:22:15.0230 9048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:22:15.0245 9048 amdide - ok
13:22:15.0277 9048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:22:15.0292 9048 AmdK8 - ok
13:22:15.0323 9048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:22:15.0355 9048 AmdPPM - ok
13:22:15.0386 9048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:22:15.0401 9048 amdsata - ok
13:22:15.0433 9048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:22:15.0448 9048 amdsbs - ok
13:22:15.0464 9048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:22:15.0479 9048 amdxata - ok
13:22:15.0526 9048 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:22:15.0589 9048 AntiVirSchedulerService - ok
13:22:15.0604 9048 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:22:15.0604 9048 AntiVirService - ok
13:22:15.0635 9048 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
13:22:15.0651 9048 ApfiltrService - ok
13:22:15.0698 9048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:22:15.0760 9048 AppID - ok
13:22:15.0776 9048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:22:15.0823 9048 AppIDSvc - ok
13:22:15.0869 9048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:22:15.0916 9048 Appinfo - ok
13:22:15.0994 9048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:22:16.0010 9048 arc - ok
13:22:16.0025 9048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:22:16.0041 9048 arcsas - ok
13:22:16.0057 9048 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
13:22:16.0072 9048 ArcSoftKsUFilter - ok
13:22:16.0181 9048 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:22:16.0197 9048 aspnet_state - ok
13:22:16.0213 9048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:22:16.0259 9048 AsyncMac - ok
13:22:16.0291 9048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:22:16.0306 9048 atapi - ok
13:22:16.0353 9048 [ 08BAAA2432E81031A6C3B11AD5A67E2B ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:22:16.0447 9048 athr - ok
13:22:16.0493 9048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:22:16.0556 9048 AudioEndpointBuilder - ok
13:22:16.0587 9048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:22:16.0634 9048 AudioSrv - ok
13:22:16.0634 9048 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:22:16.0649 9048 avgntflt - ok
13:22:16.0681 9048 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:22:16.0696 9048 avipbb - ok
13:22:16.0743 9048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:22:16.0759 9048 AxInstSV - ok
13:22:16.0790 9048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:22:16.0837 9048 b06bdrv - ok
13:22:16.0852 9048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:22:16.0883 9048 b57nd60a - ok
13:22:16.0899 9048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:22:16.0946 9048 BDESVC - ok
13:22:16.0946 9048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:22:16.0993 9048 Beep - ok
13:22:17.0039 9048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:22:17.0102 9048 BFE - ok
13:22:17.0164 9048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:22:17.0227 9048 BITS - ok
13:22:17.0242 9048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:22:17.0273 9048 blbdrive - ok
13:22:17.0305 9048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:22:17.0320 9048 bowser - ok
13:22:17.0336 9048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:22:17.0367 9048 BrFiltLo - ok
13:22:17.0383 9048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:22:17.0398 9048 BrFiltUp - ok
13:22:17.0445 9048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:22:17.0476 9048 Browser - ok
13:22:17.0492 9048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:22:17.0570 9048 Brserid - ok
13:22:17.0585 9048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:22:17.0617 9048 BrSerWdm - ok
13:22:17.0632 9048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:22:17.0648 9048 BrUsbMdm - ok
13:22:17.0663 9048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:22:17.0679 9048 BrUsbSer - ok
13:22:17.0726 9048 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:22:17.0757 9048 BthEnum - ok
13:22:17.0773 9048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:22:17.0804 9048 BTHMODEM - ok
13:22:17.0819 9048 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:22:17.0851 9048 BthPan - ok
13:22:17.0882 9048 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:22:17.0929 9048 BTHPORT - ok
13:22:17.0960 9048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:22:18.0007 9048 bthserv - ok
13:22:18.0022 9048 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:22:18.0053 9048 BTHUSB - ok
13:22:18.0131 9048 [ 71A07B6FC98030935E60EDBFFE9E9C85 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
13:22:18.0147 9048 btwampfl - ok
13:22:18.0178 9048 [ BA5622F5544C6C445DFF1A05ACC8B19D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:22:18.0194 9048 btwaudio - ok
13:22:18.0209 9048 [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
13:22:18.0225 9048 btwavdt - ok
13:22:18.0287 9048 [ 1AF4ADB12E5EC25041166DA38C3B42C9 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:22:18.0334 9048 btwdins - ok
13:22:18.0334 9048 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
13:22:18.0350 9048 btwl2cap - ok
13:22:18.0365 9048 [ BD776F32D64EC615BE4563DC2747224E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:22:18.0365 9048 btwrchid - ok
13:22:18.0381 9048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:22:18.0443 9048 cdfs - ok
13:22:18.0490 9048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:22:18.0521 9048 cdrom - ok
13:22:18.0553 9048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:22:18.0599 9048 CertPropSvc - ok
13:22:18.0631 9048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:22:18.0646 9048 circlass - ok
13:22:18.0677 9048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:22:18.0709 9048 CLFS - ok
13:22:18.0755 9048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:22:18.0755 9048 clr_optimization_v2.0.50727_32 - ok
13:22:18.0787 9048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:22:18.0787 9048 clr_optimization_v2.0.50727_64 - ok
13:22:18.0865 9048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:22:18.0865 9048 clr_optimization_v4.0.30319_32 - ok
13:22:18.0880 9048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:22:18.0880 9048 clr_optimization_v4.0.30319_64 - ok
13:22:18.0896 9048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:22:18.0927 9048 CmBatt - ok
13:22:18.0958 9048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:22:18.0958 9048 cmdide - ok
13:22:19.0021 9048 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
13:22:19.0052 9048 CNG - ok
13:22:19.0083 9048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:22:19.0083 9048 Compbatt - ok
13:22:19.0130 9048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:22:19.0161 9048 CompositeBus - ok
13:22:19.0161 9048 COMSysApp - ok
13:22:19.0192 9048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:22:19.0208 9048 crcdisk - ok
13:22:19.0239 9048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:22:19.0286 9048 CryptSvc - ok
13:22:19.0379 9048 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:22:19.0426 9048 cvhsvc - ok
13:22:19.0457 9048 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:22:19.0457 9048 dc3d - ok
13:22:19.0504 9048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:22:19.0551 9048 DcomLaunch - ok
13:22:19.0582 9048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:22:19.0613 9048 defragsvc - ok
13:22:19.0660 9048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:22:19.0723 9048 DfsC - ok
13:22:19.0754 9048 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:22:19.0754 9048 dg_ssudbus - ok
13:22:19.0801 9048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:22:19.0832 9048 Dhcp - ok
13:22:19.0863 9048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:22:19.0894 9048 discache - ok
13:22:19.0910 9048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:22:19.0925 9048 Disk - ok
13:22:19.0957 9048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:22:20.0003 9048 Dnscache - ok
13:22:20.0035 9048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:22:20.0097 9048 dot3svc - ok
13:22:20.0144 9048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:22:20.0191 9048 DPS - ok
13:22:20.0206 9048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:22:20.0222 9048 drmkaud - ok
13:22:20.0269 9048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:22:20.0331 9048 DXGKrnl - ok
13:22:20.0347 9048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:22:20.0393 9048 EapHost - ok
13:22:20.0456 9048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:22:20.0549 9048 ebdrv - ok
13:22:20.0581 9048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:22:20.0627 9048 EFS - ok
13:22:20.0659 9048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:22:20.0721 9048 ehRecvr - ok
13:22:20.0752 9048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:22:20.0783 9048 ehSched - ok
13:22:20.0815 9048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:22:20.0830 9048 elxstor - ok
13:22:20.0861 9048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:22:20.0877 9048 ErrDev - ok
13:22:20.0924 9048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:22:20.0955 9048 EventSystem - ok
13:22:21.0033 9048 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:22:21.0095 9048 EvtEng - ok
13:22:21.0142 9048 [ 251AF86E0A4DDF3A6B181ED5103B06B1 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
13:22:21.0189 9048 ewusbnet - ok
13:22:21.0205 9048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:22:21.0267 9048 exfat - ok
13:22:21.0283 9048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:22:21.0345 9048 fastfat - ok
13:22:21.0376 9048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:22:21.0454 9048 Fax - ok
13:22:21.0470 9048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:22:21.0485 9048 fdc - ok
13:22:21.0517 9048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:22:21.0548 9048 fdPHost - ok
13:22:21.0563 9048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:22:21.0610 9048 FDResPub - ok
13:22:21.0626 9048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:22:21.0626 9048 FileInfo - ok
13:22:21.0641 9048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:22:21.0673 9048 Filetrace - ok
13:22:21.0673 9048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:22:21.0704 9048 flpydisk - ok
13:22:21.0751 9048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:22:21.0766 9048 FltMgr - ok
13:22:21.0829 9048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:22:21.0907 9048 FontCache - ok
13:22:21.0953 9048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:22:21.0969 9048 FontCache3.0.0.0 - ok
13:22:21.0985 9048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:22:22.0000 9048 FsDepends - ok
13:22:22.0016 9048 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
13:22:22.0031 9048 fssfltr - ok
13:22:22.0125 9048 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:22:22.0141 9048 fsssvc - ok
13:22:22.0172 9048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:22:22.0187 9048 Fs_Rec - ok
13:22:22.0234 9048 [ ED07200CFF78FACFB66EBB0B89F503A4 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
13:22:22.0234 9048 FTDIBUS - ok
13:22:22.0250 9048 [ 9980E7584484A009E77E9BFA14C0C18A ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
13:22:22.0250 9048 FTSER2K - ok
13:22:22.0297 9048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:22:22.0328 9048 fvevol - ok
13:22:22.0328 9048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:22:22.0343 9048 gagp30kx - ok
13:22:22.0390 9048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:22:22.0468 9048 gpsvc - ok
13:22:22.0515 9048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:22:22.0515 9048 gupdate - ok
13:22:22.0531 9048 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:22:22.0546 9048 gupdatem - ok
13:22:22.0562 9048 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:22:22.0577 9048 gusvc - ok
13:22:22.0593 9048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:22:22.0624 9048 hcw85cir - ok
13:22:22.0671 9048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:22:22.0702 9048 HdAudAddService - ok
13:22:22.0702 9048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:22:22.0733 9048 HDAudBus - ok
13:22:22.0765 9048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:22:22.0780 9048 HidBatt - ok
13:22:22.0796 9048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:22:22.0811 9048 HidBth - ok
13:22:22.0811 9048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:22:22.0843 9048 HidIr - ok
13:22:22.0874 9048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:22:22.0905 9048 hidserv - ok
13:22:22.0952 9048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:22:22.0967 9048 HidUsb - ok
13:22:23.0014 9048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:22:23.0045 9048 hkmsvc - ok
13:22:23.0092 9048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:22:23.0139 9048 HomeGroupListener - ok
13:22:23.0186 9048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:22:23.0217 9048 HomeGroupProvider - ok
13:22:23.0248 9048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:22:23.0264 9048 HpSAMD - ok
13:22:23.0311 9048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:22:23.0373 9048 HTTP - ok
13:22:23.0435 9048 [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:22:23.0451 9048 hwdatacard - ok
13:22:23.0498 9048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:22:23.0513 9048 hwpolicy - ok
13:22:23.0545 9048 [ 9C13A2691AC410CC7469F298684DCA5D ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
13:22:23.0576 9048 hwusbfake - ok
13:22:23.0623 9048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:22:23.0654 9048 i8042prt - ok
13:22:23.0685 9048 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys
13:22:23.0685 9048 iaStor - ok
13:22:23.0732 9048 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:22:23.0747 9048 IAStorDataMgrSvc - ok
13:22:23.0779 9048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:22:23.0794 9048 iaStorV - ok
13:22:23.0841 9048 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:22:23.0857 9048 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:22:23.0857 9048 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:22:23.0903 9048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:22:23.0919 9048 idsvc - ok
13:22:23.0950 9048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:22:23.0950 9048 iirsp - ok
13:22:23.0997 9048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:22:24.0091 9048 IKEEXT - ok
13:22:24.0106 9048 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\drivers\Impcd.sys
13:22:24.0137 9048 Impcd - ok
13:22:24.0184 9048 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:22:24.0262 9048 IntcAzAudAddService - ok
13:22:24.0278 9048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:22:24.0293 9048 intelide - ok
13:22:24.0293 9048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:22:24.0325 9048 intelppm - ok
13:22:24.0356 9048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:22:24.0387 9048 IPBusEnum - ok
13:22:24.0418 9048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:22:24.0465 9048 IpFilterDriver - ok
13:22:24.0512 9048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:22:24.0559 9048 iphlpsvc - ok
13:22:24.0605 9048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:22:24.0605 9048 IPMIDRV - ok
13:22:24.0621 9048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:22:24.0668 9048 IPNAT - ok
13:22:24.0683 9048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:22:24.0715 9048 IRENUM - ok
13:22:24.0746 9048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:22:24.0777 9048 isapnp - ok
13:22:24.0793 9048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:22:24.0808 9048 iScsiPrt - ok
13:22:24.0839 9048 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
13:22:24.0871 9048 IviRegMgr - ok
13:22:24.0902 9048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:22:24.0902 9048 kbdclass - ok
13:22:24.0917 9048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:22:24.0933 9048 kbdhid - ok
13:22:24.0949 9048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:22:24.0949 9048 KeyIso - ok
13:22:24.0980 9048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:22:24.0995 9048 KSecDD - ok
13:22:25.0027 9048 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:22:25.0042 9048 KSecPkg - ok
13:22:25.0058 9048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:22:25.0120 9048 ksthunk - ok
13:22:25.0136 9048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:22:25.0214 9048 KtmRm - ok
13:22:25.0245 9048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:22:25.0307 9048 LanmanServer - ok
13:22:25.0339 9048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:22:25.0385 9048 LanmanWorkstation - ok
13:22:25.0401 9048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:22:25.0448 9048 lltdio - ok
13:22:25.0479 9048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:22:25.0526 9048 lltdsvc - ok
13:22:25.0541 9048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:22:25.0573 9048 lmhosts - ok
13:22:25.0588 9048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:22:25.0604 9048 LSI_FC - ok
13:22:25.0635 9048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:22:25.0635 9048 LSI_SAS - ok
13:22:25.0651 9048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:22:25.0666 9048 LSI_SAS2 - ok
13:22:25.0682 9048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:22:25.0697 9048 LSI_SCSI - ok
13:22:25.0729 9048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:22:25.0775 9048 luafv - ok
13:22:25.0807 9048 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:22:25.0807 9048 MBAMProtector - ok
13:22:25.0869 9048 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:22:25.0916 9048 MBAMScheduler - ok
13:22:25.0978 9048 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:22:26.0025 9048 MBAMService - ok
13:22:26.0103 9048 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
13:22:26.0119 9048 McComponentHostService - ok
13:22:26.0243 9048 [ 85B847819DAB74EFC23D5D3A8AC15A11 ] McComponentHostServiceSony C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe
13:22:26.0259 9048 McComponentHostServiceSony - ok
13:22:26.0306 9048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:22:26.0321 9048 Mcx2Svc - ok
13:22:26.0353 9048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:22:26.0368 9048 megasas - ok
13:22:26.0384 9048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:22:26.0399 9048 MegaSR - ok
13:22:26.0431 9048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:22:26.0477 9048 MMCSS - ok
13:22:26.0509 9048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:22:26.0540 9048 Modem - ok
13:22:26.0571 9048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:22:26.0602 9048 monitor - ok
13:22:26.0618 9048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:22:26.0618 9048 mouclass - ok
13:22:26.0633 9048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:22:26.0665 9048 mouhid - ok
13:22:26.0696 9048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:22:26.0711 9048 mountmgr - ok
13:22:26.0774 9048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:22:26.0789 9048 mpio - ok
13:22:26.0789 9048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:22:26.0836 9048 mpsdrv - ok
13:22:26.0883 9048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:22:26.0945 9048 MpsSvc - ok
13:22:26.0977 9048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:22:27.0008 9048 MRxDAV - ok
13:22:27.0039 9048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:22:27.0070 9048 mrxsmb - ok
13:22:27.0117 9048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:22:27.0164 9048 mrxsmb10 - ok
13:22:27.0164 9048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:22:27.0195 9048 mrxsmb20 - ok
13:22:27.0226 9048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:22:27.0242 9048 msahci - ok
13:22:27.0289 9048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:22:27.0304 9048 msdsm - ok
13:22:27.0320 9048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:22:27.0351 9048 MSDTC - ok
13:22:27.0367 9048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:22:27.0398 9048 Msfs - ok
13:22:27.0413 9048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:22:27.0460 9048 mshidkmdf - ok
13:22:27.0476 9048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:22:27.0491 9048 msisadrv - ok
13:22:27.0507 9048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:22:27.0554 9048 MSiSCSI - ok
13:22:27.0554 9048 msiserver - ok
13:22:27.0569 9048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:22:27.0616 9048 MSKSSRV - ok
13:22:27.0632 9048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:22:27.0663 9048 MSPCLOCK - ok
13:22:27.0679 9048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:22:27.0725 9048 MSPQM - ok
13:22:27.0772 9048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:22:27.0803 9048 MsRPC - ok
13:22:27.0819 9048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:22:27.0819 9048 mssmbios - ok
13:22:27.0835 9048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:22:27.0881 9048 MSTEE - ok
13:22:27.0913 9048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:22:27.0928 9048 MTConfig - ok
13:22:27.0959 9048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:22:27.0975 9048 Mup - ok
13:22:28.0037 9048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:22:28.0084 9048 napagent - ok
13:22:28.0115 9048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:22:28.0162 9048 NativeWifiP - ok
13:22:28.0225 9048 [ E4534BCCDD1EA7A7A256BB9D6688A5FC ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
13:22:28.0256 9048 NAUpdate - ok
13:22:28.0303 9048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:22:28.0365 9048 NDIS - ok
13:22:28.0381 9048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:22:28.0427 9048 NdisCap - ok
13:22:28.0443 9048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:22:28.0474 9048 NdisTapi - ok
13:22:28.0521 9048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:22:28.0568 9048 Ndisuio - ok
13:22:28.0599 9048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:22:28.0646 9048 NdisWan - ok
13:22:28.0677 9048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:22:28.0724 9048 NDProxy - ok
13:22:28.0739 9048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:22:28.0786 9048 NetBIOS - ok
13:22:28.0817 9048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:22:28.0880 9048 NetBT - ok
13:22:28.0895 9048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:22:28.0911 9048 Netlogon - ok
13:22:28.0942 9048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:22:29.0005 9048 Netman - ok
13:22:29.0036 9048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0051 9048 NetMsmqActivator - ok
13:22:29.0067 9048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0067 9048 NetPipeActivator - ok
13:22:29.0098 9048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:22:29.0161 9048 netprofm - ok
13:22:29.0192 9048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0207 9048 NetTcpActivator - ok
13:22:29.0207 9048 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:22:29.0223 9048 NetTcpPortSharing - ok
13:22:29.0348 9048 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
13:22:29.0504 9048 NETw5s64 - ok
13:22:29.0519 9048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:22:29.0535 9048 nfrd960 - ok
13:22:29.0566 9048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:22:29.0597 9048 NlaSvc - ok
13:22:29.0660 9048 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
13:22:29.0660 9048 NMSAccess - ok
13:22:29.0691 9048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:22:29.0722 9048 Npfs - ok
13:22:29.0753 9048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:22:29.0800 9048 nsi - ok
13:22:29.0816 9048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:22:29.0847 9048 nsiproxy - ok
13:22:29.0925 9048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:22:29.0972 9048 Ntfs - ok
13:22:30.0003 9048 nTuneService - ok
13:22:30.0034 9048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:22:30.0065 9048 Null - ok
13:22:30.0112 9048 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
13:22:30.0128 9048 NVHDA - ok
13:22:30.0299 9048 [ DB2BEE926E7DFC59896A2D6800EB13F7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:22:30.0580 9048 nvlddmkm - ok
13:22:30.0627 9048 [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev C:\Windows\nvoclk64.sys
13:22:30.0627 9048 NVR0Dev - ok
13:22:30.0674 9048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:22:30.0689 9048 nvraid - ok
13:22:30.0705 9048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:22:30.0705 9048 nvstor - ok
13:22:30.0736 9048 [ 24AB15D09A13D5A40567211A1AB9B479 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:22:30.0767 9048 nvsvc - ok
13:22:30.0799 9048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:22:30.0814 9048 nv_agp - ok
13:22:30.0830 9048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:22:30.0845 9048 ohci1394 - ok
13:22:30.0877 9048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:22:30.0892 9048 ose - ok
13:22:31.0017 9048 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:22:31.0126 9048 osppsvc - ok
13:22:31.0157 9048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:22:31.0204 9048 p2pimsvc - ok
13:22:31.0220 9048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:22:31.0251 9048 p2psvc - ok
13:22:31.0267 9048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:22:31.0282 9048 Parport - ok
13:22:31.0329 9048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:22:31.0329 9048 partmgr - ok
13:22:31.0345 9048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:22:31.0391 9048 PcaSvc - ok
13:22:31.0391 9048 pccsmcfd - ok
13:22:31.0407 9048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:22:31.0423 9048 pci - ok
13:22:31.0469 9048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:22:31.0485 9048 pciide - ok
13:22:31.0501 9048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:22:31.0516 9048 pcmcia - ok
13:22:31.0532 9048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:22:31.0547 9048 pcw - ok
13:22:31.0563 9048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:22:31.0625 9048 PEAUTH - ok
13:22:31.0719 9048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:22:31.0766 9048 PerfHost - ok
13:22:31.0828 9048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:22:31.0922 9048 pla - ok
13:22:31.0953 9048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:22:32.0000 9048 PlugPlay - ok
13:22:32.0047 9048 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
13:22:32.0078 9048 PMBDeviceInfoProvider - ok
13:22:32.0093 9048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:22:32.0125 9048 PNRPAutoReg - ok
13:22:32.0156 9048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:22:32.0156 9048 PNRPsvc - ok
13:22:32.0187 9048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:22:32.0234 9048 PolicyAgent - ok
13:22:32.0265 9048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:22:32.0312 9048 Power - ok
13:22:32.0359 9048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:22:32.0405 9048 PptpMiniport - ok
13:22:32.0421 9048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:22:32.0452 9048 Processor - ok
13:22:32.0483 9048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:22:32.0546 9048 ProfSvc - ok
13:22:32.0561 9048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:22:32.0561 9048 ProtectedStorage - ok
13:22:32.0608 9048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:22:32.0655 9048 Psched - ok
13:22:32.0686 9048 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
13:22:32.0717 9048 PSI_SVC_2 - ok
13:22:32.0749 9048 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:22:32.0764 9048 PxHlpa64 - ok
13:22:32.0795 9048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:22:32.0858 9048 ql2300 - ok
13:22:32.0889 9048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:22:32.0905 9048 ql40xx - ok
13:22:32.0920 9048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:22:32.0951 9048 QWAVE - ok
13:22:32.0967 9048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:22:33.0014 9048 QWAVEdrv - ok
13:22:33.0029 9048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:22:33.0061 9048 RasAcd - ok
13:22:33.0092 9048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:22:33.0123 9048 RasAgileVpn - ok
13:22:33.0123 9048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:22:33.0185 9048 RasAuto - ok
13:22:33.0217 9048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:22:33.0263 9048 Rasl2tp - ok
13:22:33.0310 9048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:22:33.0357 9048 RasMan - ok
13:22:33.0388 9048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:22:33.0435 9048 RasPppoe - ok
13:22:33.0451 9048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:22:33.0482 9048 RasSstp - ok
13:22:33.0529 9048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:22:33.0575 9048 rdbss - ok
13:22:33.0591 9048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:22:33.0607 9048 rdpbus - ok
13:22:33.0622 9048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:22:33.0653 9048 RDPCDD - ok
13:22:33.0669 9048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:22:33.0700 9048 RDPENCDD - ok
13:22:33.0716 9048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:22:33.0747 9048 RDPREFMP - ok
13:22:33.0794 9048 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:22:33.0825 9048 RdpVideoMiniport - ok
13:22:33.0856 9048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:22:33.0903 9048 RDPWD - ok
13:22:33.0950 9048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:22:33.0965 9048 rdyboost - ok
13:22:33.0981 9048 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys
13:22:33.0997 9048 regi - ok
13:22:34.0043 9048 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:22:34.0075 9048 RegSrvc - ok
13:22:34.0106 9048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:22:34.0153 9048 RemoteAccess - ok
13:22:34.0184 9048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:22:34.0231 9048 RemoteRegistry - ok
13:22:34.0246 9048 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:22:34.0277 9048 RFCOMM - ok
13:22:34.0324 9048 [ 6DED176A14770339F1415CFDBCC9E07F ] rimspci C:\Windows\system32\drivers\rimssne64.sys
13:22:34.0340 9048 rimspci - ok
13:22:34.0340 9048 [ DDF5F666C2A5B3729E8BEA01FB999CC0 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
13:22:34.0371 9048 risdsnpe - ok
13:22:34.0402 9048 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
13:22:34.0449 9048 RMCAST - ok
13:22:34.0480 9048 [ BA6CE930E1453677F7565AE45181AD76 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
13:22:34.0496 9048 Roxio UPnP Renderer 10 - ok
13:22:34.0511 9048 [ 3A3D707A35EA30A6CF88B9E555E3D815 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
13:22:34.0527 9048 Roxio Upnp Server 10 - ok
13:22:34.0543 9048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:22:34.0574 9048 RpcEptMapper - ok
13:22:34.0605 9048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:22:34.0636 9048 RpcLocator - ok
13:22:34.0667 9048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:22:34.0699 9048 RpcSs - ok
13:22:34.0714 9048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:22:34.0761 9048 rspndr - ok
13:22:34.0777 9048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:22:34.0792 9048 SamSs - ok
13:22:34.0823 9048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:22:34.0823 9048 sbp2port - ok
13:22:34.0855 9048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:22:34.0901 9048 SCardSvr - ok
13:22:34.0933 9048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:22:34.0979 9048 scfilter - ok
13:22:35.0026 9048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:22:35.0120 9048 Schedule - ok
13:22:35.0167 9048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:22:35.0198 9048 SCPolicySvc - ok
13:22:35.0245 9048 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:22:35.0260 9048 sdbus - ok
13:22:35.0307 9048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:22:35.0338 9048 SDRSVC - ok
13:22:35.0369 9048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:22:35.0401 9048 secdrv - ok
13:22:35.0432 9048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:22:35.0479 9048 seclogon - ok
13:22:35.0494 9048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:22:35.0525 9048 SENS - ok
13:22:35.0541 9048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:22:35.0572 9048 SensrSvc - ok
13:22:35.0572 9048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:22:35.0588 9048 Serenum - ok
13:22:35.0603 9048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:22:35.0619 9048 Serial - ok
13:22:35.0666 9048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:22:35.0697 9048 sermouse - ok
13:22:35.0744 9048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:22:35.0791 9048 SessionEnv - ok
13:22:35.0791 9048 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
13:22:35.0806 9048 SFEP - ok
13:22:35.0853 9048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:22:35.0884 9048 sffdisk - ok
13:22:35.0915 9048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:22:35.0931 9048 sffp_mmc - ok
13:22:35.0962 9048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:22:35.0978 9048 sffp_sd - ok
13:22:35.0993 9048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:22:36.0009 9048 sfloppy - ok
13:22:36.0071 9048 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
13:22:36.0087 9048 Sftfs - ok
13:22:36.0149 9048 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:22:36.0181 9048 sftlist - ok
13:22:36.0212 9048 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:22:36.0212 9048 Sftplay - ok
13:22:36.0227 9048 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:22:36.0243 9048 Sftredir - ok
13:22:36.0259 9048 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
13:22:36.0259 9048 Sftvol - ok
13:22:36.0274 9048 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:22:36.0321 9048 sftvsa - ok
13:22:36.0368 9048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:22:36.0415 9048 SharedAccess - ok
13:22:36.0461 9048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:22:36.0508 9048 ShellHWDetection - ok
13:22:36.0524 9048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:22:36.0539 9048 SiSRaid2 - ok
13:22:36.0555 9048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:22:36.0555 9048 SiSRaid4 - ok
13:22:36.0586 9048 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:22:36.0602 9048 SkypeUpdate - ok
13:22:36.0617 9048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:22:36.0664 9048 Smb - ok
13:22:36.0695 9048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:22:36.0711 9048 SNMPTRAP - ok
13:22:36.0773 9048 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
13:22:36.0789 9048 SOHCImp - ok
13:22:36.0820 9048 [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
13:22:36.0836 9048 SOHDms - ok
13:22:36.0836 9048 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
13:22:36.0851 9048 SOHDs - ok
13:22:36.0867 9048 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
13:22:36.0883 9048 speedfan - ok
13:22:36.0961 9048 [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
13:22:36.0976 9048 SpfService - ok
13:22:36.0992 9048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:22:37.0007 9048 spldr - ok
13:22:37.0054 9048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:22:37.0101 9048 Spooler - ok
13:22:37.0210 9048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:22:37.0397 9048 sppsvc - ok
13:22:37.0429 9048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:22:37.0491 9048 sppuinotify - ok
13:22:37.0553 9048 [ 4C33F139236FD9BD14A920F60C1CB072 ] sptd C:\Windows\System32\Drivers\sptd.sys
13:22:37.0585 9048 sptd - ok
13:22:37.0631 9048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:22:37.0678 9048 srv - ok
13:22:37.0709 9048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:22:37.0772 9048 srv2 - ok
13:22:37.0787 9048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:22:37.0819 9048 srvnet - ok
13:22:37.0850 9048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:22:37.0897 9048 SSDPSRV - ok
13:22:37.0928 9048 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
13:22:37.0928 9048 SSPORT - ok
13:22:37.0959 9048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:22:37.0990 9048 SstpSvc - ok
13:22:38.0021 9048 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:22:38.0037 9048 ssudmdm - ok
13:22:38.0037 9048 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
13:22:38.0053 9048 StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:22:38.0053 9048 StarOpen - detected UnsignedFile.Multi.Generic (1)
13:22:38.0131 9048 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:22:38.0193 9048 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
13:22:38.0193 9048 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
13:22:38.0209 9048 Steam Client Service - ok
13:22:38.0240 9048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:22:38.0255 9048 stexstor - ok
13:22:38.0287 9048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:22:38.0333 9048 stisvc - ok
13:22:38.0380 9048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:22:38.0380 9048 swenum - ok
13:22:38.0411 9048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:22:38.0458 9048 swprv - ok
13:22:38.0521 9048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:22:38.0583 9048 SysMain - ok
13:22:38.0614 9048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:22:38.0645 9048 TabletInputService - ok
13:22:38.0677 9048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:22:38.0708 9048 TapiSrv - ok
13:22:38.0723 9048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:22:38.0770 9048 TBS - ok
13:22:38.0833 9048 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:22:38.0895 9048 Tcpip - ok
13:22:38.0926 9048 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:22:38.0957 9048 TCPIP6 - ok
13:22:39.0004 9048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:22:39.0020 9048 tcpipreg - ok
13:22:39.0051 9048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:22:39.0067 9048 TDPIPE - ok
13:22:39.0113 9048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:22:39.0129 9048 TDTCP - ok
13:22:39.0160 9048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:22:39.0223 9048 tdx - ok
13:22:39.0254 9048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:22:39.0285 9048 TermDD - ok
13:22:39.0301 9048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:22:39.0347 9048 TermService - ok
13:22:39.0379 9048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:22:39.0410 9048 Themes - ok
13:22:39.0441 9048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:22:39.0457 9048 THREADORDER - ok
13:22:39.0472 9048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:22:39.0519 9048 TrkWks - ok
13:22:39.0581 9048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:22:39.0613 9048 TrustedInstaller - ok
13:22:39.0659 9048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:22:39.0691 9048 tssecsrv - ok
13:22:39.0737 9048 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:22:39.0769 9048 TsUsbFlt - ok
13:22:39.0815 9048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:22:39.0862 9048 tunnel - ok
13:22:39.0893 9048 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW32 C:\Windows\system32\DRIVERS\TVICHW32.SYS
13:22:39.0909 9048 TVICHW32 - ok
13:22:39.0925 9048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:22:39.0940 9048 uagp35 - ok
13:22:39.0971 9048 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
13:22:40.0003 9048 uCamMonitor - ok
13:22:40.0049 9048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:22:40.0081 9048 udfs - ok
13:22:40.0112 9048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:22:40.0127 9048 UI0Detect - ok
13:22:40.0143 9048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:22:40.0159 9048 uliagpkx - ok
13:22:40.0190 9048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:22:40.0221 9048 umbus - ok
13:22:40.0252 9048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:22:40.0283 9048 UmPass - ok
13:22:40.0299 9048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:22:40.0346 9048 upnphost - ok
13:22:40.0377 9048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:22:40.0393 9048 usbccgp - ok
13:22:40.0424 9048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:22:40.0439 9048 usbcir - ok
13:22:40.0471 9048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:22:40.0502 9048 usbehci - ok
13:22:40.0517 9048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:22:40.0564 9048 usbhub - ok
13:22:40.0580 9048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:22:40.0595 9048 usbohci - ok
13:22:40.0627 9048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:22:40.0658 9048 usbprint - ok
13:22:40.0689 9048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:22:40.0705 9048 usbscan - ok
13:22:40.0751 9048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:22:40.0783 9048 USBSTOR - ok
13:22:40.0798 9048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:22:40.0829 9048 usbuhci - ok
13:22:40.0845 9048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:22:40.0876 9048 usbvideo - ok
13:22:40.0907 9048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:22:40.0954 9048 UxSms - ok
13:22:40.0985 9048 [ 8E68E4AA2D7ABBF7C9159D9D2A38AE0F ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
13:22:40.0985 9048 VAIO Entertainment TV Device Arbitration Service - ok
13:22:41.0063 9048 [ 218F78B39832A2A0761CE2422828A57C ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
13:22:41.0079 9048 VAIO Event Service - ok
13:22:41.0141 9048 [ 1CF1A4DD7A58C966C9014B83C7229CF3 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
13:22:41.0173 9048 VAIO Power Management - ok
13:22:41.0188 9048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:22:41.0204 9048 VaultSvc - ok
13:22:41.0251 9048 [ 85DF2C59645D374BE7E3234241761230 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:22:41.0266 9048 VBoxNetAdp - ok
13:22:41.0266 9048 VBoxNetFlt - ok
13:22:41.0297 9048 [ 70A90412F0AE18021794A0754C2D6299 ] VBTUSB C:\Windows\system32\Drivers\VBTUSB.sys
13:22:41.0313 9048 VBTUSB ( UnsignedFile.Multi.Generic ) - warning
13:22:41.0313 9048 VBTUSB - detected UnsignedFile.Multi.Generic (1)
13:22:41.0375 9048 [ ADD5A5BA64D0710E1C764A8D4DAD510E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
13:22:41.0407 9048 VCFw - ok
13:22:41.0469 9048 [ EEE5AD6FB40B35F7867C3A49B98BB4EF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
13:22:41.0500 9048 VcmIAlzMgr - ok
13:22:41.0516 9048 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
13:22:41.0531 9048 VcmINSMgr - ok
13:22:41.0578 9048 [ 9BC1F203C5604C24F345BCFCD6956BAE ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
13:22:41.0578 9048 VcmXmlIfHelper - ok
13:22:41.0656 9048 [ 8F0840FF3A11D6B3F767AD6C79AC2A40 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
13:22:41.0672 9048 VCService - ok
13:22:41.0687 9048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:22:41.0703 9048 vdrvroot - ok
13:22:41.0750 9048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:22:41.0797 9048 vds - ok
13:22:41.0812 9048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:22:41.0843 9048 vga - ok
13:22:41.0843 9048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:22:41.0890 9048 VgaSave - ok
13:22:41.0937 9048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:22:41.0968 9048 vhdmp - ok
13:22:41.0999 9048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:22:42.0015 9048 viaide - ok
13:22:42.0077 9048 [ 1B0D441D8AB264D39C2B09130CC28045 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
13:22:42.0124 9048 VMCService ( UnsignedFile.Multi.Generic ) - warning
13:22:42.0124 9048 VMCService - detected UnsignedFile.Multi.Generic (1)
13:22:42.0140 9048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:22:42.0155 9048 volmgr - ok
13:22:42.0202 9048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:22:42.0218 9048 volmgrx - ok
13:22:42.0233 9048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:22:42.0249 9048 volsnap - ok
13:22:42.0280 9048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:22:42.0296 9048 vsmraid - ok
13:22:42.0343 9048 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
13:22:42.0374 9048 VSNService ( UnsignedFile.Multi.Generic ) - warning
13:22:42.0374 9048 VSNService - detected UnsignedFile.Multi.Generic (1)
13:22:42.0436 9048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:22:42.0514 9048 VSS - ok
13:22:42.0592 9048 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
13:22:42.0639 9048 VUAgent - ok
13:22:42.0655 9048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:22:42.0686 9048 vwifibus - ok
13:22:42.0686 9048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:22:42.0717 9048 vwififlt - ok
13:22:42.0733 9048 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:22:42.0748 9048 vwifimp - ok
13:22:42.0779 9048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:22:42.0826 9048 W32Time - ok
13:22:42.0842 9048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:22:42.0873 9048 WacomPen - ok
13:22:42.0904 9048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:22:42.0951 9048 WANARP - ok
13:22:42.0951 9048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:22:42.0982 9048 Wanarpv6 - ok
13:22:43.0045 9048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:22:43.0138 9048 wbengine - ok
13:22:43.0154 9048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:22:43.0185 9048 WbioSrvc - ok
13:22:43.0216 9048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:22:43.0263 9048 wcncsvc - ok
13:22:43.0279 9048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:22:43.0310 9048 WcsPlugInService - ok
13:22:43.0325 9048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:22:43.0341 9048 Wd - ok
13:22:43.0388 9048 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:22:43.0435 9048 Wdf01000 - ok
13:22:43.0450 9048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:22:43.0466 9048 WdiServiceHost - ok
13:22:43.0481 9048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:22:43.0497 9048 WdiSystemHost - ok
13:22:43.0544 9048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:22:43.0575 9048 WebClient - ok
13:22:43.0591 9048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:22:43.0637 9048 Wecsvc - ok
13:22:43.0669 9048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:22:43.0700 9048 wercplsupport - ok
13:22:43.0731 9048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:22:43.0762 9048 WerSvc - ok
13:22:43.0793 9048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:22:43.0825 9048 WfpLwf - ok
13:22:43.0840 9048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:22:43.0856 9048 WIMMount - ok
13:22:43.0856 9048 WinDefend - ok
13:22:43.0871 9048 WinHttpAutoProxySvc - ok
13:22:43.0918 9048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:22:43.0949 9048 Winmgmt - ok
13:22:44.0090 9048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:22:44.0215 9048 WinRM - ok
13:22:44.0261 9048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:22:44.0293 9048 WinUsb - ok
13:22:44.0324 9048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:22:44.0402 9048 Wlansvc - ok
13:22:44.0480 9048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:22:44.0495 9048 wlcrasvc - ok
13:22:44.0605 9048 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:22:44.0636 9048 wlidsvc - ok
13:22:44.0683 9048 [ E7F4937B613B1E4294100C9D4EFC36A9 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
13:22:44.0698 9048 WmBEnum - ok
13:22:44.0698 9048 [ 6F6F2B263002B243D3501C7E6C8FC11D ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
13:22:44.0714 9048 WmFilter - ok
13:22:44.0729 9048 [ 1584F8D5FDFE44C03DBA85A2106B937F ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
13:22:44.0729 9048 WmHidLo - ok
13:22:44.0776 9048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:22:44.0792 9048 WmiAcpi - ok
13:22:44.0823 9048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:22:44.0854 9048 wmiApSrv - ok
13:22:44.0870 9048 WMPNetworkSvc - ok
13:22:44.0885 9048 [ 52B4FCC6AFAEC0FFD80BDA63F9B140CD ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
13:22:44.0901 9048 WmVirHid - ok
13:22:44.0901 9048 [ 395B3E7FBA81BDC4501641B3B2CF2E20 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
13:22:44.0917 9048 WmXlCore - ok
13:22:44.0948 9048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:22:44.0979 9048 WPCSvc - ok
13:22:45.0026 9048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:22:45.0041 9048 WPDBusEnum - ok
13:22:45.0073 9048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:22:45.0104 9048 ws2ifsl - ok
13:22:45.0119 9048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:22:45.0151 9048 wscsvc - ok
13:22:45.0151 9048 WSearch - ok
13:22:45.0244 9048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:22:45.0322 9048 wuauserv - ok
13:22:45.0369 9048 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:22:45.0385 9048 WudfPf - ok
13:22:45.0400 9048 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:22:45.0416 9048 WUDFRd - ok
13:22:45.0463 9048 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:22:45.0494 9048 wudfsvc - ok
13:22:45.0509 9048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:22:45.0556 9048 WwanSvc - ok
13:22:45.0587 9048 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:22:45.0619 9048 yukonw7 - ok
13:22:45.0650 9048 ================ Scan global ===============================
13:22:45.0681 9048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:22:45.0728 9048 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:22:45.0743 9048 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:22:45.0759 9048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:22:45.0775 9048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:22:45.0775 9048 [Global] - ok
13:22:45.0775 9048 ================ Scan MBR ==================================
13:22:45.0790 9048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:22:46.0321 9048 \Device\Harddisk0\DR0 - ok
13:22:46.0321 9048 ================ Scan VBR ==================================
13:22:46.0321 9048 [ 11DE3BBCC6B2860A936BD6A094AA1727 ] \Device\Harddisk0\DR0\Partition1
13:22:46.0321 9048 \Device\Harddisk0\DR0\Partition1 - ok
13:22:46.0352 9048 [ 2525F737EC61B8271157D78F6A2B4641 ] \Device\Harddisk0\DR0\Partition2
13:22:46.0352 9048 \Device\Harddisk0\DR0\Partition2 - ok
13:22:46.0352 9048 ============================================================
13:22:46.0352 9048 Scan finished
13:22:46.0352 9048 ============================================================
13:22:46.0367 9040 Detected object count: 6
13:22:46.0367 9040 Actual detected object count: 6
13:23:40.0897 9040 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:40.0897 9040 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:40.0897 9040 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:40.0897 9040 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:40.0897 9040 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:40.0897 9040 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:40.0897 9040 VBTUSB ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:40.0897 9040 VBTUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:40.0897 9040 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:40.0897 9040 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:23:40.0897 9040 VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
13:23:40.0897 9040 VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:42.0844 2140 Deinitialize success


PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.



Internet Explorer 9.0 ist aktuell

Flash (11,5,502,149) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader ist nicht installiert oder aktiviert.

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.



Internet Explorer 9.0 ist aktuell

Flash (11,5,502,149) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader ist nicht installiert oder aktiviert.

Alt 16.02.2013, 21:07   #9
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.04.2013, 19:50   #10
t'john
/// Helfer-Team
 
TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Standard

TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.
akamai, antivir, avira, bho, browser, cdburnerxp, converter, desktop, error, failed, firefox, flash player, home, homepage, install.exe, jdownloader, logfile, microsoft office starter 2010, mp3, msiexec.exe, msiinstaller, object, realtek, registry, security, server, siteadvisor, software, svchost.exe, symantec, trojaner-board



Ähnliche Themen: TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.


  1. TR/Crypt.ZPACK.Gen8 windows vista
    Plagegeister aller Art und deren Bekämpfung - 10.03.2014 (19)
  2. TR/Crypt.ZPACK.Gen8 gefunden
    Log-Analyse und Auswertung - 23.01.2014 (5)
  3. Trojaner "TR/Crypt.ZPACK.Gen8" in C:\Users\johanna\AppData\Roaming\skype.dat via Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (7)
  4. Probleme mit der Tastatur und dann TR/Crypt.ZPACK.Gen8 von Avira gefunden...
    Log-Analyse und Auswertung - 31.05.2013 (4)
  5. TR/Crypt.ZPACK.Gen8 + TR/Injector.M
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (9)
  6. C:TR/Crypt.ZPACK.Gen8
    Log-Analyse und Auswertung - 12.03.2013 (23)
  7. TR/Crypt.ZPACK.GEN8 in C:\Windows\System32\wmidxu.dll durch Avira gefunden und isoliert
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (21)
  8. TR/Crypt.ZPACK.Gen8 und zweimal Adware
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (16)
  9. TR/Crypt.XPACK.Gen8 in C:\Users\***\AppData\Roaming\Nipya\xuar.exe gefunden!
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (21)
  10. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  11. TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (24)
  12. TR/Crypt.ZPACK.Gen8 in C:\Users\XXX\AppData\Local\Temp\msimg32.dll
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (27)
  13. TR/Crypt.ZPACK.Gen2 und EXP/2012-0507.CR von Avira gefunden, Konto gesperrt.
    Log-Analyse und Auswertung - 16.08.2012 (7)
  14. TR/Crypt.ZPACK.GEN8
    Log-Analyse und Auswertung - 09.06.2012 (6)
  15. Am 1.4.2011 tr/crypt.zpack.gen8 gemeldet, heute als? TR/Offend.kdv.585087.1 gefunden
    Log-Analyse und Auswertung - 05.06.2012 (38)
  16. TR/Crypt.ZPACK.Gen8 - Virusproblem
    Log-Analyse und Auswertung - 17.05.2012 (10)
  17. TR/Crypt.ZPack.Gen8 - Entfernung
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)

Zum Thema TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. - Sehr geehrte Trojaner-Board Community, mein Sony Vaio Notebook wurde von einem Trojaner befallen. Die Vorgehensweise ist wie in dem Hilfethread. Malwarebytes Anti-Malware Bericht: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: - TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt....
Archiv
Du betrachtest: TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.