Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AntiVir meldet TR/Rogue.kdv.901925

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.03.2013, 15:54   #1
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



Hallo Ihr Lieben,

mein AntiVir hat eben bei einem RoutineScan das Virus TR/Rogue.kdv.901925.
Ich habe nur gelesen bisher, dass es sich um einen gefährlichen Trojaner handelt. Da ich gerade meine Bachelorarbeit schreibe und wirklich alles auf meinem Rechner ist benötige ich dringend Hilfe und hoffe dass ihr mir helfen könnt den Virus zu beseitigen ohne dass ich meine Festplatte löschen muss

Danke und liebe Grüße

Sandra

Alt 18.03.2013, 15:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



Hallo und

Wo bitte sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 18.03.2013, 16:05   #3
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



der anfängerfehler tut mir leid, hab ein bisschen panik =(
hoffe so ist es für den Anfang ok?


Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 18. März 2013  13:14

Es wird nach 5219869 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : ***
Computername   : ***

Versionsinformationen:
BUILD.DAT      : 12.1.9.1236          Bytes  11.10.2012 15:29:00
AVSCAN.EXE     : 12.3.0.48     468256 Bytes  14.11.2012 14:04:00
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  07.09.2012 18:26:03
LUKE.DLL       : 12.3.0.15      68304 Bytes  07.09.2012 18:25:59
AVSCPLR.DLL    : 12.3.0.27      97064 Bytes  07.09.2012 18:25:55
AVREG.DLL      : 12.3.0.33     232232 Bytes  07.09.2012 18:25:55
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:22:12
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 23:31:36
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 22:37:35
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 18:26:03
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 18:37:27
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 06:11:38
VBASE008.VDF   : 7.11.60.10   6627328 Bytes  07.02.2013 18:48:09
VBASE009.VDF   : 7.11.60.11      2048 Bytes  07.02.2013 18:48:09
VBASE010.VDF   : 7.11.60.12      2048 Bytes  07.02.2013 18:48:09
VBASE011.VDF   : 7.11.60.13      2048 Bytes  07.02.2013 18:48:09
VBASE012.VDF   : 7.11.60.14      2048 Bytes  07.02.2013 18:48:09
VBASE013.VDF   : 7.11.60.62    351232 Bytes  08.02.2013 08:42:40
VBASE014.VDF   : 7.11.60.115   190976 Bytes  09.02.2013 08:42:40
VBASE015.VDF   : 7.11.60.177   282624 Bytes  11.02.2013 08:46:04
VBASE016.VDF   : 7.11.60.249   215552 Bytes  13.02.2013 16:07:56
VBASE017.VDF   : 7.11.61.65    151040 Bytes  15.02.2013 17:36:05
VBASE018.VDF   : 7.11.61.135   159232 Bytes  18.02.2013 22:43:38
VBASE019.VDF   : 7.11.61.163   152064 Bytes  18.02.2013 22:43:39
VBASE020.VDF   : 7.11.61.207   164352 Bytes  19.02.2013 18:01:35
VBASE021.VDF   : 7.11.62.43    206336 Bytes  21.02.2013 18:33:24
VBASE022.VDF   : 7.11.64.106  1510912 Bytes  11.03.2013 19:11:26
VBASE023.VDF   : 7.11.64.157   137216 Bytes  12.03.2013 19:11:25
VBASE024.VDF   : 7.11.64.233   159744 Bytes  14.03.2013 19:11:33
VBASE025.VDF   : 7.11.65.19    143360 Bytes  15.03.2013 19:11:28
VBASE026.VDF   : 7.11.65.63    150528 Bytes  17.03.2013 12:14:06
VBASE027.VDF   : 7.11.65.64      2048 Bytes  17.03.2013 12:14:06
VBASE028.VDF   : 7.11.65.65      2048 Bytes  17.03.2013 12:14:06
VBASE029.VDF   : 7.11.65.66      2048 Bytes  17.03.2013 12:14:06
VBASE030.VDF   : 7.11.65.67      2048 Bytes  17.03.2013 12:14:06
VBASE031.VDF   : 7.11.65.74     47104 Bytes  18.03.2013 12:14:07
Engineversion  : 8.2.12.16 
AEVDF.DLL      : 8.1.2.10      102772 Bytes  07.09.2012 18:25:51
AESCRIPT.DLL   : 8.1.4.98      475516 Bytes  14.03.2013 19:11:45
AESCN.DLL      : 8.1.10.0      131445 Bytes  15.12.2012 10:12:30
AESBX.DLL      : 8.2.5.12      606578 Bytes  07.09.2012 18:25:51
AERDL.DLL      : 8.2.0.88      643444 Bytes  10.01.2013 18:19:25
AEPACK.DLL     : 8.3.2.2       827767 Bytes  14.03.2013 19:11:44
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 18:33:55
AEHEUR.DLL     : 8.1.4.248    5804409 Bytes  14.03.2013 19:11:43
AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 15:07:05
AEGEN.DLL      : 8.1.6.16      434549 Bytes  25.01.2013 17:25:41
AEEXP.DLL      : 8.4.0.12      192886 Bytes  14.03.2013 19:11:45
AEEMU.DLL      : 8.1.3.2       393587 Bytes  07.09.2012 18:25:49
AECORE.DLL     : 8.1.31.2      201080 Bytes  20.02.2013 18:01:36
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 15:38:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  07.09.2012 18:25:56
AVPREF.DLL     : 12.3.0.32      50720 Bytes  14.11.2012 14:03:59
AVREP.DLL      : 12.3.0.15     179208 Bytes  07.09.2012 18:25:55
AVARKT.DLL     : 12.3.0.33     209696 Bytes  14.11.2012 14:03:58
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  07.09.2012 18:25:54
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  07.09.2012 18:26:01
AVSMTP.DLL     : 12.3.0.32      63480 Bytes  07.09.2012 18:25:55
NETNT.DLL      : 12.3.0.15      17104 Bytes  07.09.2012 18:25:59
RCIMAGE.DLL    : 12.3.0.31    4444408 Bytes  07.09.2012 18:26:04
RCTEXT.DLL     : 12.3.0.32      98848 Bytes  14.11.2012 14:03:47

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 18. März 2013  13:14

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'listener.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBVolumeWatcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\***\AppData\Roaming\ie_util.exe
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.901925

Die Registry wurde durchsucht ( '2942' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\Local\Temp\tmp8191d721\34.exe
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.901925
C:\Users\***\AppData\Roaming\ie_util.exe
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.901925

Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\tmp8191d721\34.exe
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.901925
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54d18883.qua' verschoben!
Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich entfernt.
C:\Users\***\AppData\Roaming\ie_util.exe
  [FUND]      Ist das Trojanische Pferd TR/Rogue.kdv.901925
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4c95a715.qua' verschoben!
  [WARNUNG]   Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> konnte nicht repariert werden.
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
  [HINWEIS]   Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert.


Ende des Suchlaufs: Montag, 18. März 2013  15:58
Benötigte Zeit:  2:29:12 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  35328 Verzeichnisse wurden überprüft
 1999678 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1999675 Dateien ohne Befall
   7143 Archive wurden durchsucht
      1 Warnungen
      2 Hinweise
         
__________________

Alt 18.03.2013, 16:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.03.2013, 16:50   #5
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



erledigt.. hier die Logs:

Code:
ATTFilter
OTL Extras logfile created on: 18.03.2013 16:14:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 48,87% Memory free
7,71 Gb Paging File | 5,57 Gb Available in Paging File | 72,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,29 Gb Total Space | 362,35 Gb Free Space | 80,11% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C57163B-5F2F-43BB-8458-C0BA9DCE612A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{13003616-553B-4D83-9565-2875E741596C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5185D5FF-EA84-4ABC-98EC-C9F7D040AAB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5583077A-66D0-4648-9C18-CEF8F72E653E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{59746162-EDEA-42FC-B5BB-A2D1B534CF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6613FF3F-19E3-4258-9091-409695B96DC8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{68ED5855-7F29-422B-8A98-C85335690D61}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{727EEC4C-DA92-4E67-8562-4D03F051DC8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F9A1B7C-AF6C-41CB-B4DF-C43FA918D545}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8E2DEA7A-2FCF-45F5-855D-2A003237F688}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9B837533-FB98-4A30-B1BD-8F90D9AFC7F7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A042F7F4-A360-4D33-9478-811F1022D30E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A22095BB-B1CF-412D-9675-45E8359E700F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4DA65B9-87C8-4AFA-906E-979A6A3C9B12}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A60A6F0E-7F62-4AF1-92F3-B065688DAAA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFAD6D2A-F151-4FA4-BE10-201AD95F52C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B6ADB83D-B14C-4515-9C73-D9F1FF5B9328}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B92DBD7D-B35F-4C91-A42B-E585E5812A7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0339EE6-EB1C-463C-BD7A-A48BEE004E83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C577AF0C-C835-4208-A256-CB25FFF5BEAE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5FD4150-E3CA-499B-95D9-56D7CD8921F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C9912A56-EE10-4848-A98A-F9DFD1160B0F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EF5A756B-C8F0-430C-8409-78063C771F07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F13E3F99-B71C-4FF4-9C52-ACC0AA806F9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FAC6EB77-4258-4749-BB05-6B464AAB0B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD1B919-8351-4F13-9666-B24A4C48D81A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10C57118-DEFB-4D65-A2DE-D8BE280B29E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{12C2E9CF-77A3-459C-8C10-D279A80775C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2432F66B-2838-4295-92C6-674F6E379284}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2609F2F3-4E75-4D82-B111-4D1796049279}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{29FDFE04-3D4E-45A4-A01F-F0E99ACF707F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2D1111E4-28CF-46FB-83AD-F696AB5F8967}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{35888EE2-381A-47F4-9BD9-418C8230FB54}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3776A326-283E-4268-A545-2208E8CD8A30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{452221AF-70F1-4216-80C2-EBD82E9CDE77}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4A801EF0-3A18-4FB5-A818-072678066BB8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5104AF8D-4EB3-4A67-A448-03D1FE84B1A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54C1E70F-7F5B-4A05-AAC4-3A6C3D953A59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{59DA9F60-43F8-4AD8-9BBD-20DD5833BA73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E7BBECD-EECE-4AF0-A642-D1868F7FCA5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61815BB3-8697-4D67-BDFC-3088F2A17FF2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{65011983-B5BC-4D77-9B68-51315AD64027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{699234E4-D765-4A78-B289-8B990F7C0191}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D3AC6D7-DB32-4E47-95F1-A878779F4C37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{71C6A8F6-1334-42EC-A769-F5C79DE260FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{75695691-51F7-4C7E-B6A7-16BCB31D3D44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7F78F448-A522-4C73-989F-8343AA559710}" = protocol=6 | dir=out | app=system | 
"{7FF1CECF-82D7-4886-B781-81FDB7DDAEE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{88EF47C0-AA63-4DB8-A20D-2191014F3EE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8E8F95C6-D7D9-4074-B1DE-DF83ABEBF250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98CB5CAC-DEFB-4243-9221-C5DCED6F7BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A3D7C341-FA02-47E2-8567-3DA1E7276A9F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B4E8F4A0-5981-4B97-BD12-86940F071033}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B81EB3B0-46D3-4E17-BE20-D6130C587E49}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BD7BD756-462E-4F1F-80FA-5652EEAD7C61}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D358106E-0FC2-4542-B122-09001DD5211D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFBF3223-21CE-4ADB-B5B6-C694AD1A7A31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E674EF7F-67D7-46F5-BCFB-0257397AB64F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E986BC44-1E9C-4FF7-AFC6-F3A5E77650C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F21AEC34-D175-478A-8615-F6D0C9C4A6FC}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2F7DFB21-184B-4959-B23A-18070B3D3B45}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"TCP Query User{38EE2315-0374-40CD-9162-F65E7515E93F}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{3EDB9376-6479-4D1A-8235-009E55011B9A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{60B68C0C-356D-4735-83B2-74C62DCD312D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{627DE985-DA09-4547-9184-12E1B8B99D92}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe | 
"TCP Query User{7F62A073-9A3F-4CD8-9F82-F4DB5BB65D0F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{D72A20BD-E1D9-4AF6-84FD-C8E41B6D8252}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{FCC016DB-4334-4042-9E36-D8593C26DAF3}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"UDP Query User{04AA899B-87CB-4A90-855F-15289511D72B}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0868BA7E-6B33-4822-8417-C5C5936069BA}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe | 
"UDP Query User{16F4CC8D-822D-4F17-B57E-EE0BC1FCCCC0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{301515C5-6124-45AA-BD2C-1E627671592A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{88BB1EC1-0A05-4D72-B19B-D2F752B9A43B}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"UDP Query User{B0D8D767-4E06-4394-9736-9DCC4CDFD2E5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B7746CDA-611B-4E1F-97AB-1632087A03FD}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"UDP Query User{D546018A-D0D8-44C4-822E-9EFE48DD20FB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A43014F4-44F8-4539-8F87-C8471CB810B1}" = Cisco AnyConnect Secure Mobility Client
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B87F4F22-611D-403C-A2A0-55426DE07509}" = pdfforge Toolbar v6.1
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.3.2
"KaloMa_is1" = KaloMa 5.00beta20100607
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"McAfee Security Scan" = McAfee Security Scan Plus
"MozBackup" = MozBackup 1.5
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PremElem80" = Adobe Premiere Elements 8.0
"RealPlayer 12.0" = RealPlayer
"splashtop" = VAIO Quick Web Access
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO screensaver" = VAIO screensaver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.8
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.04.2012 12:08:09 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.04.2012 12:08:09 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
 
Error - 23.04.2012 12:08:09 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error - 23.04.2012 12:08:10 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.04.2012 12:08:10 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012
 
Error - 23.04.2012 12:08:10 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error - 23.04.2012 12:08:11 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 23.04.2012 12:08:11 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
 
Error - 23.04.2012 12:08:11 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error - 23.04.2012 12:08:12 | Computer Name = ***-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 18.03.2013 08:05:13 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391725
 (0xFE210013) Description: CERTIFICATE_ERROR_VERIFY_NAME_FAILED server name: 132.176.101.101
 
Error - 18.03.2013 08:05:48 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 18.03.2013 08:06:35 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 18.03.2013 08:06:38 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1336 NULL object. Cannot establish a connection at this time.
 
Error - 18.03.2013 08:10:08 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 18.03.2013 08:10:08 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 18.03.2013 08:10:08 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
Error - 18.03.2013 11:12:51 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CVerifyServerName::VerifyCertName File: .\Certificates\VerifyServerName.cpp
Line:
 150 Certificate name verification has failed.  Server Name: 132.176.101.101 Common Name(s):
webvpn.fernuni-hagen.de
 
Error - 18.03.2013 11:12:51 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: COpenSSLCertUtils::VerifyCertName File: .\Certificates\OpenSSLCertUtils.cpp
Line:
 1310 Invoked Function: CVerifyServerName::VerifyCertName Return Code: -31391725 (0xFE210013)
Description:
 CERTIFICATE_ERROR_VERIFY_NAME_FAILED 
 
Error - 18.03.2013 11:12:51 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391725
 (0xFE210013) Description: CERTIFICATE_ERROR_VERIFY_NAME_FAILED server name: 132.176.101.101
 
[ OSession Events ]
Error - 02.03.2013 05:44:41 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 56203
 seconds with 7620 seconds of active time.  This session ended with a crash.
 
Error - 02.03.2013 14:05:06 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30004
 seconds with 5760 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 20.02.2013 14:26:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 20.02.2013 14:26:20 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.02.2013 08:39:23 | Computer Name = ***-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?02.?2013 um 13:38:23 unerwartet heruntergefahren.
 
Error - 24.02.2013 08:39:38 | Computer Name = ***-VAIO | Source = BugCheck | ID = 1001
Description = 
 
Error - 18.03.2013 08:04:21 | Computer Name = ***-VAIO | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:   %%1062
 
Error - 18.03.2013 10:44:56 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.03.2013 10:44:57 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.03.2013 10:44:57 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.03.2013 10:44:58 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 18.03.2013 10:44:58 | Computer Name = ***-VAIO | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 18.03.2013 16:14:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 48,87% Memory free
7,71 Gb Paging File | 5,57 Gb Available in Paging File | 72,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,29 Gb Total Space | 362,35 Gb Free Space | 80,11% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{31CF5488-1282-4CE7-BACF-DAC2D6103B66}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{4D7AE340-6731-4EE4-B8C1-DD73BA39A597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{7A28250A-EF45-4C6E-A2D2-9245F92B8167}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{8A139173-D5C3-4BB4-98C2-927617F6E246}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: firenes%40facundo.zaldo:2.0.2
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: firenes@facundo.zaldo:2.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.13.184
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.07 09:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.07 09:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.07.15 15:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.10.24 17:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M]
 
[2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.15 09:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions
[2013.03.15 09:20:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2013.03.01 18:10:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.27 08:04:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.03.29 16:07:43 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\bkmrksync@nokia.com
[2011.08.20 12:27:20 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\firefox@tvunetworks.com
[2011.03.29 16:07:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\moveplayer@movenetworks.com
[2011.06.16 09:02:15 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\toolbar@ask.com
[2011.11.15 09:58:43 | 000,071,254 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\firenes@facundo.zaldo.xpi
[2012.12.12 10:52:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.08 13:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 13:02:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 13:02:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.07 11:28:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 16:55:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.07 11:28:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.07 11:28:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.07 11:28:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.07 11:28:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [Ywizanl] C:\Users\***\AppData\Roaming\Qoeg\ysow.exe (Корпорация  Майкрософт)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 172.16.16.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c86757fc-59ed-11e0-9272-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c86757fc-59ed-11e0-9272-806e6f6e6963}\Shell\AutoRun\command - "" = D:\KODAK_Create@Home_Software(dm).exe
O33 - MountPoints2\{df3cf012-f1a7-11e0-b537-889ffaddf14e}\Shell - "" = AutoRun
O33 - MountPoints2\{df3cf012-f1a7-11e0-b537-889ffaddf14e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.18 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner
[2013.03.16 16:46:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uvhiam
[2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qoeg
[2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Okynro
[2013.03.14 22:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.13 16:16:01 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 16:15:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 16:15:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 16:15:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 16:15:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 16:15:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 16:15:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 16:15:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 16:15:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 16:15:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 16:15:54 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 16:15:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 16:15:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 16:15:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 16:15:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.12 10:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.08 13:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.21 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.18 16:12:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.18 16:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.18 15:26:13 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.18 15:26:13 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.18 15:26:13 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.18 15:26:13 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.18 15:26:13 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.18 13:12:59 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 13:12:59 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.18 13:04:41 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.15 09:03:24 | 000,673,298 | ---- | M] () -- C:\Users\***\Desktop\Diagnostik .pdf
[2013.03.12 22:04:44 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.12 22:04:44 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.04 09:34:19 | 000,182,348 | ---- | M] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf
[2013.03.02 22:29:57 | 000,113,872 | ---- | M] () -- C:\Users\***\Desktop\statistik im text.pdf
[2013.02.28 20:34:23 | 000,118,681 | ---- | M] () -- C:\test.xml
[2013.02.28 17:34:33 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.28 17:34:10 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.28 17:34:08 | 000,736,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.28 17:34:03 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.28 17:34:01 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.28 17:34:01 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.28 17:33:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.28 17:16:41 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.28 17:16:16 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.28 17:16:10 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.28 17:16:07 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.28 17:16:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.28 17:15:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.28 16:12:49 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.28 15:51:56 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.25 19:50:56 | 000,036,931 | ---- | M] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf
[2013.02.25 18:47:50 | 007,918,036 | ---- | M] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf
[2013.02.24 13:39:21 | 543,977,074 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.23 13:56:30 | 012,474,944 | ---- | M] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf
[2013.02.23 12:27:53 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.15 09:03:22 | 000,673,298 | ---- | C] () -- C:\Users\***\Desktop\Diagnostik .pdf
[2013.03.04 09:34:19 | 000,182,348 | ---- | C] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf
[2013.03.02 22:29:57 | 000,113,872 | ---- | C] () -- C:\Users\***\Desktop\statistik im text.pdf
[2013.02.25 19:50:53 | 000,036,931 | ---- | C] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf
[2013.02.25 18:47:45 | 007,918,036 | ---- | C] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf
[2013.02.23 09:19:29 | 012,474,944 | ---- | C] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf
[2012.09.23 17:13:04 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.16 08:53:28 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.06 17:54:08 | 000,000,041 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2011.05.08 21:08:00 | 000,005,264 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.04.05 21:41:20 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.29 22:22:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         


Alt 18.03.2013, 16:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> AntiVir meldet TR/Rogue.kdv.901925

Alt 18.03.2013, 18:50   #7
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



So hier die nächsten Logs

Gmer:

Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-18 17:19:16
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\***\AppData\Local\Temp\fgtyrpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000751f1465 2 bytes [1F, 75]
.text   C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000751f14bb 2 bytes [1F, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      00000000751f1465 2 bytes [1F, 75]
.text   C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000751f14bb 2 bytes [1F, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess           00000000775508ac 4 bytes [68, A0, CF, 63]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5       00000000775508b1 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W          000000007756260d 6 bytes [68, BD, 57, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                    000000007756c4aa 6 bytes [68, CB, D0, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A          0000000077572a93 6 bytes [68, 03, 58, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W          0000000077594170 6 bytes [68, 49, 58, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A          000000007759e6b5 6 bytes [68, 8F, 58, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\KERNEL32.dll!GetFileAttributesExW       0000000076c132f2 6 bytes [68, 34, D3, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\KERNEL32.dll!ExitProcess                0000000076c1734e 6 bytes [68, F3, D2, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW       0000000076a5bbdb 6 bytes [68, B1, D3, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA       0000000076a914fd 6 bytes [68, 9A, D3, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDC                        0000000075107246 4 bytes [68, 92, 18, 63]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDC + 5                    000000007510724b 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!ReleaseDC                    000000007510730e 6 bytes [68, 10, 19, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetWindowDC                  00000000751079d8 4 bytes [68, D1, 18, 63]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5              00000000751079dd 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!TranslateMessage             0000000075107d79 6 bytes [68, A5, 5D, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetMessageW                  0000000075107e92 6 bytes [68, 22, DE, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetMessageA                  000000007510811b 6 bytes [68, 4A, DE, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassW               0000000075108bd6 6 bytes [68, C1, 5A, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassExW             0000000075109ed3 6 bytes [68, 5B, 5B, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassExA             000000007510dd6d 6 bytes [68, AD, 5B, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!PeekMessageW                 0000000075110112 6 bytes [68, 72, DE, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!CallWindowProcW              0000000075110abb 6 bytes [68, F3, 59, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetCursorPos                 0000000075110e0d 6 bytes [68, 55, DC, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!EndPaint                     0000000075110e9a 4 bytes [68, F7, 17, 63]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!EndPaint + 5                 0000000075110e9f 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!BeginPaint                   0000000075110eba 4 bytes [68, 87, 17, 63]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!BeginPaint + 5               0000000075110ebf 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetMessagePos                0000000075112bc7 6 bytes [68, 23, DC, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetCapture                   0000000075112dbd 6 bytes [68, 83, DD, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!ReleaseCapture               0000000075112ec4 6 bytes [68, 33, DD, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SetCapture                   0000000075112ed1 4 bytes [68, D9, DC, 63]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SetCapture + 5               0000000075112ed6 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDCEx                      0000000075113001 4 bytes [68, 37, 18, 63]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                  0000000075113006 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!RegisterClassA               0000000075114b80 6 bytes [68, 0E, 5B, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!CallWindowProcA              0000000075117af4 6 bytes [68, 3C, 5A, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefFrameProcA                000000007511808f 6 bytes [68, 1E, 59, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA             00000000751181e0 6 bytes [68, AD, 59, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefFrameProcW                0000000075118632 6 bytes [68, D5, 58, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW             0000000075118807 6 bytes [68, 67, 59, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!PeekMessageA                 000000007512ed58 6 bytes [68, 9D, DE, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                 000000007512f1fe 6 bytes [68, E3, 19, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetUpdateRect                000000007513011b 6 bytes [68, 50, 19, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SwitchDesktop                00000000751497e4 6 bytes [68, 9F, 57, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!SetCursorPos                 0000000075149c8d 6 bytes [68, 9C, DC, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!GetClipboardData             0000000075149f3b 6 bytes [68, 54, 5F, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!OpenInputDesktop             000000007516895b 4 bytes [68, 4F, 57, 64]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5         0000000075168960 1 byte [C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!closesocket                  00000000760e3bed 6 bytes [68, 27, E3, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                  00000000760e6737 6 bytes [68, 38, DF, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!WSASend                      00000000760e68a7 6 bytes [68, 80, E3, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!send                         00000000760ec4c8 6 bytes [68, 5F, E3, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WS2_32.dll!gethostbyname                00000000760f7133 6 bytes [68, C8, DE, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore          00000000766112b0 6 bytes [68, 89, 7E, 63, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetCloseHandle         000000007670c83e 6 bytes [68, DC, 08, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA              000000007670cbc2 6 bytes [68, 7C, 0A, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetReadFile            000000007670e264 6 bytes [68, 49, 09, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestW            000000007670eeb3 6 bytes [68, 62, 06, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA            0000000076710352 6 bytes [68, 1E, 06, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW            000000007671052b 6 bytes [68, DA, 05, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable  00000000767140df 6 bytes [68, 50, 0A, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW          0000000076728e24 6 bytes [68, 0C, 07, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpEndRequestA             0000000076728f4f 6 bytes [68, 46, 08, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetReadFileExA         0000000076731301 6 bytes [68, 77, 09, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer      000000007676d2b3 6 bytes [68, F6, 09, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA          000000007678059a 6 bytes [68, A9, 07, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpEndRequestW             000000007678061d 6 bytes [68, 91, 08, 64, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\WININET.dll!HttpSendRequestA            0000000076780680 6 bytes [68, B7, 06, 64, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                                      00000000775508ac 4 bytes [68, A0, CF, 84]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                                  00000000775508b1 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                                     000000007756260d 6 bytes [68, BD, 57, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                               000000007756c4aa 6 bytes [68, CB, D0, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                                     0000000077572a93 6 bytes [68, 03, 58, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                                     0000000077594170 6 bytes [68, 49, 58, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                                     000000007759e6b5 6 bytes [68, 8F, 58, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                                  0000000076c132f2 6 bytes [68, 34, D3, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\kernel32.dll!ExitProcess                                           0000000076c1734e 6 bytes [68, F3, D2, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                                  0000000076a5bbdb 6 bytes [68, B1, D3, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                                  0000000076a914fd 6 bytes [68, 9A, D3, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDC                                                   0000000075107246 4 bytes [68, 92, 18, 84]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDC + 5                                               000000007510724b 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!ReleaseDC                                               000000007510730e 6 bytes [68, 10, 19, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetWindowDC                                             00000000751079d8 4 bytes [68, D1, 18, 84]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                                         00000000751079dd 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!TranslateMessage                                        0000000075107d79 6 bytes [68, A5, 5D, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetMessageW                                             0000000075107e92 6 bytes [68, 22, DE, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetMessageA                                             000000007510811b 6 bytes [68, 4A, DE, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassW                                          0000000075108bd6 6 bytes [68, C1, 5A, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassExW                                        0000000075109ed3 6 bytes [68, 5B, 5B, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassExA                                        000000007510dd6d 6 bytes [68, AD, 5B, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!PeekMessageW                                            0000000075110112 6 bytes [68, 72, DE, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!CallWindowProcW                                         0000000075110abb 6 bytes [68, F3, 59, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetCursorPos                                            0000000075110e0d 6 bytes [68, 55, DC, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!EndPaint                                                0000000075110e9a 4 bytes [68, F7, 17, 84]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                            0000000075110e9f 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!BeginPaint                                              0000000075110eba 4 bytes [68, 87, 17, 84]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                                          0000000075110ebf 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetMessagePos                                           0000000075112bc7 6 bytes [68, 23, DC, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetCapture                                              0000000075112dbd 6 bytes [68, 83, DD, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!ReleaseCapture                                          0000000075112ec4 6 bytes [68, 33, DD, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SetCapture                                              0000000075112ed1 4 bytes [68, D9, DC, 84]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SetCapture + 5                                          0000000075112ed6 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDCEx                                                 0000000075113001 4 bytes [68, 37, 18, 84]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                             0000000075113006 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!RegisterClassA                                          0000000075114b80 6 bytes [68, 0E, 5B, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!CallWindowProcA                                         0000000075117af4 6 bytes [68, 3C, 5A, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefFrameProcA                                           000000007511808f 6 bytes [68, 1E, 59, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                                        00000000751181e0 6 bytes [68, AD, 59, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefFrameProcW                                           0000000075118632 6 bytes [68, D5, 58, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                                        0000000075118807 6 bytes [68, 67, 59, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!PeekMessageA                                            000000007512ed58 6 bytes [68, 9D, DE, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                            000000007512f1fe 6 bytes [68, E3, 19, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetUpdateRect                                           000000007513011b 6 bytes [68, 50, 19, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SwitchDesktop                                           00000000751497e4 6 bytes [68, 9F, 57, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!SetCursorPos                                            0000000075149c8d 6 bytes [68, 9C, DC, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!GetClipboardData                                        0000000075149f3b 6 bytes [68, 54, 5F, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                                        000000007516895b 4 bytes [68, 4F, 57, 85]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                                    0000000075168960 1 byte [C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                                     00000000766112b0 6 bytes [68, 89, 7E, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!closesocket                                             00000000760e3bed 6 bytes [68, 27, E3, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                             00000000760e6737 6 bytes [68, 38, DF, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!WSASend                                                 00000000760e68a7 6 bytes [68, 80, E3, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!send                                                    00000000760ec4c8 6 bytes [68, 5F, E3, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WS2_32.dll!gethostbyname                                           00000000760f7133 6 bytes [68, C8, DE, 84, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                                    000000007670c83e 6 bytes [68, DC, 08, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                                         000000007670cbc2 6 bytes [68, 7C, 0A, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetReadFile                                       000000007670e264 6 bytes [68, 49, 09, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                                       000000007670eeb3 6 bytes [68, 62, 06, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                                       0000000076710352 6 bytes [68, 1E, 06, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                                       000000007671052b 6 bytes [68, DA, 05, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                             00000000767140df 6 bytes [68, 50, 0A, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                                     0000000076728e24 6 bytes [68, 0C, 07, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                                        0000000076728f4f 6 bytes [68, 46, 08, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                                    0000000076731301 6 bytes [68, 77, 09, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                                 000000007676d2b3 6 bytes [68, F6, 09, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                                     000000007678059a 6 bytes [68, A9, 07, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                                        000000007678061d 6 bytes [68, 91, 08, 85, 00, C3]
.text   C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[3292] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                                       0000000076780680 6 bytes [68, B7, 06, 85, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                          00000000775508ac 4 bytes [68, A0, CF, 98]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                      00000000775508b1 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                         000000007756260d 6 bytes [68, BD, 57, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                   000000007756c4aa 6 bytes [68, CB, D0, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                         0000000077572a93 6 bytes [68, 03, 58, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                         0000000077594170 6 bytes [68, 49, 58, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                         000000007759e6b5 6 bytes [68, 8F, 58, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                      0000000076c132f2 6 bytes [68, 34, D3, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\kernel32.dll!ExitProcess                               0000000076c1734e 6 bytes [68, F3, D2, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                      0000000076a5bbdb 6 bytes [68, B1, D3, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                      0000000076a914fd 6 bytes [68, 9A, D3, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDC                                       0000000075107246 4 bytes [68, 92, 18, 98]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDC + 5                                   000000007510724b 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!ReleaseDC                                   000000007510730e 6 bytes [68, 10, 19, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetWindowDC                                 00000000751079d8 4 bytes [68, D1, 18, 98]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                             00000000751079dd 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!TranslateMessage                            0000000075107d79 6 bytes [68, A5, 5D, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetMessageW                                 0000000075107e92 6 bytes [68, 22, DE, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetMessageA                                 000000007510811b 6 bytes [68, 4A, DE, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassW                              0000000075108bd6 6 bytes [68, C1, 5A, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassExW                            0000000075109ed3 6 bytes [68, 5B, 5B, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassExA                            000000007510dd6d 6 bytes [68, AD, 5B, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!PeekMessageW                                0000000075110112 6 bytes [68, 72, DE, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!CallWindowProcW                             0000000075110abb 6 bytes [68, F3, 59, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetCursorPos                                0000000075110e0d 6 bytes [68, 55, DC, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!EndPaint                                    0000000075110e9a 4 bytes [68, F7, 17, 98]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!EndPaint + 5                                0000000075110e9f 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!BeginPaint                                  0000000075110eba 4 bytes [68, 87, 17, 98]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                              0000000075110ebf 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetMessagePos                               0000000075112bc7 6 bytes [68, 23, DC, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetCapture                                  0000000075112dbd 6 bytes [68, 83, DD, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!ReleaseCapture                              0000000075112ec4 6 bytes [68, 33, DD, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SetCapture                                  0000000075112ed1 4 bytes [68, D9, DC, 98]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SetCapture + 5                              0000000075112ed6 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDCEx                                     0000000075113001 4 bytes [68, 37, 18, 98]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                                 0000000075113006 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!RegisterClassA                              0000000075114b80 6 bytes [68, 0E, 5B, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!CallWindowProcA                             0000000075117af4 6 bytes [68, 3C, 5A, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefFrameProcA                               000000007511808f 6 bytes [68, 1E, 59, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                            00000000751181e0 6 bytes [68, AD, 59, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefFrameProcW                               0000000075118632 6 bytes [68, D5, 58, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                            0000000075118807 6 bytes [68, 67, 59, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!PeekMessageA                                000000007512ed58 6 bytes [68, 9D, DE, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                                000000007512f1fe 6 bytes [68, E3, 19, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetUpdateRect                               000000007513011b 6 bytes [68, 50, 19, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SwitchDesktop                               00000000751497e4 6 bytes [68, 9F, 57, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!SetCursorPos                                0000000075149c8d 6 bytes [68, 9C, DC, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!GetClipboardData                            0000000075149f3b 6 bytes [68, 54, 5F, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                            000000007516895b 4 bytes [68, 4F, 57, 99]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                        0000000075168960 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    00000000751f1465 2 bytes [1F, 75]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000751f14bb 2 bytes [1F, 75]
.text   ...                                                                                                                                             * 2
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                        000000007670c83e 6 bytes [68, DC, 08, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                             000000007670cbc2 6 bytes [68, 7C, 0A, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetReadFile                           000000007670e264 6 bytes [68, 49, 09, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                           000000007670eeb3 6 bytes [68, 62, 06, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                           0000000076710352 6 bytes [68, 1E, 06, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                           000000007671052b 6 bytes [68, DA, 05, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable                 00000000767140df 6 bytes [68, 50, 0A, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                         0000000076728e24 6 bytes [68, 0C, 07, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                            0000000076728f4f 6 bytes [68, 46, 08, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                        0000000076731301 6 bytes [68, 77, 09, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                     000000007676d2b3 6 bytes [68, F6, 09, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                         000000007678059a 6 bytes [68, A9, 07, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                            000000007678061d 6 bytes [68, 91, 08, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                           0000000076780680 6 bytes [68, B7, 06, 99, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                         00000000766112b0 6 bytes [68, 89, 7E, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!closesocket                                 00000000760e3bed 6 bytes [68, 27, E3, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                                 00000000760e6737 6 bytes [68, 38, DF, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!WSASend                                     00000000760e68a7 6 bytes [68, 80, E3, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!send                                        00000000760ec4c8 6 bytes [68, 5F, E3, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[1700] C:\Windows\syswow64\WS2_32.dll!gethostbyname                               00000000760f7133 6 bytes [68, C8, DE, 98, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess                        00000000775508ac 4 bytes [68, A0, CF, 3D]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess + 5                    00000000775508b1 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W                       000000007756260d 6 bytes [68, BD, 57, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                 000000007756c4aa 6 bytes [68, CB, D0, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A                       0000000077572a93 6 bytes [68, 03, 58, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_W                       0000000077594170 6 bytes [68, 49, 58, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\SysWOW64\ntdll.dll!NtdllDialogWndProc_A                       000000007759e6b5 6 bytes [68, 8F, 58, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\kernel32.dll!GetFileAttributesExW                    0000000076c132f2 6 bytes [68, 34, D3, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\kernel32.dll!ExitProcess                             0000000076c1734e 6 bytes [68, F3, D2, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserW                    0000000076a5bbdb 6 bytes [68, B1, D3, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA                    0000000076a914fd 6 bytes [68, 9A, D3, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDC                                     0000000075107246 4 bytes [68, 92, 18, 3D]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDC + 5                                 000000007510724b 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!ReleaseDC                                 000000007510730e 6 bytes [68, 10, 19, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetWindowDC                               00000000751079d8 4 bytes [68, D1, 18, 3D]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetWindowDC + 5                           00000000751079dd 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!TranslateMessage                          0000000075107d79 6 bytes [68, A5, 5D, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessageW                               0000000075107e92 6 bytes [68, 22, DE, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessageA                               000000007510811b 6 bytes [68, 4A, DE, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassW                            0000000075108bd6 6 bytes [68, C1, 5A, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassExW                          0000000075109ed3 6 bytes [68, 5B, 5B, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassExA                          000000007510dd6d 6 bytes [68, AD, 5B, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!PeekMessageW                              0000000075110112 6 bytes [68, 72, DE, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!CallWindowProcW                           0000000075110abb 6 bytes [68, F3, 59, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetCursorPos                              0000000075110e0d 6 bytes [68, 55, DC, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!EndPaint                                  0000000075110e9a 4 bytes [68, F7, 17, 3D]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!EndPaint + 5                              0000000075110e9f 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!BeginPaint                                0000000075110eba 4 bytes [68, 87, 17, 3D]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!BeginPaint + 5                            0000000075110ebf 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetMessagePos                             0000000075112bc7 6 bytes [68, 23, DC, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetCapture                                0000000075112dbd 6 bytes [68, 83, DD, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!ReleaseCapture                            0000000075112ec4 6 bytes [68, 33, DD, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SetCapture                                0000000075112ed1 4 bytes [68, D9, DC, 3D]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SetCapture + 5                            0000000075112ed6 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDCEx                                   0000000075113001 4 bytes [68, 37, 18, 3D]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetDCEx + 5                               0000000075113006 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!RegisterClassA                            0000000075114b80 6 bytes [68, 0E, 5B, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!CallWindowProcA                           0000000075117af4 6 bytes [68, 3C, 5A, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefFrameProcA                             000000007511808f 6 bytes [68, 1E, 59, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefMDIChildProcA                          00000000751181e0 6 bytes [68, AD, 59, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefFrameProcW                             0000000075118632 6 bytes [68, D5, 58, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!DefMDIChildProcW                          0000000075118807 6 bytes [68, 67, 59, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!PeekMessageA                              000000007512ed58 6 bytes [68, 9D, DE, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetUpdateRgn                              000000007512f1fe 6 bytes [68, E3, 19, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetUpdateRect                             000000007513011b 6 bytes [68, 50, 19, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SwitchDesktop                             00000000751497e4 6 bytes [68, 9F, 57, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!SetCursorPos                              0000000075149c8d 6 bytes [68, 9C, DC, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!GetClipboardData                          0000000075149f3b 6 bytes [68, 54, 5F, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!OpenInputDesktop                          000000007516895b 4 bytes [68, 4F, 57, 3E]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\USER32.dll!OpenInputDesktop + 5                      0000000075168960 1 byte [C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetCloseHandle                      000000007670c83e 6 bytes [68, DC, 08, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA                           000000007670cbc2 6 bytes [68, 7C, 0A, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetReadFile                         000000007670e264 6 bytes [68, 49, 09, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestW                         000000007670eeb3 6 bytes [68, 62, 06, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA                         0000000076710352 6 bytes [68, 1E, 06, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpOpenRequestW                         000000007671052b 6 bytes [68, DA, 05, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable               00000000767140df 6 bytes [68, 50, 0A, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestExW                       0000000076728e24 6 bytes [68, 0C, 07, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpEndRequestA                          0000000076728f4f 6 bytes [68, 46, 08, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetReadFileExA                      0000000076731301 6 bytes [68, 77, 09, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!InternetSetFilePointer                   000000007676d2b3 6 bytes [68, F6, 09, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestExA                       000000007678059a 6 bytes [68, A9, 07, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpEndRequestW                          000000007678061d 6 bytes [68, 91, 08, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WININET.dll!HttpSendRequestA                         0000000076780680 6 bytes [68, B7, 06, 3E, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore                       00000000766112b0 6 bytes [68, 89, 7E, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!closesocket                               00000000760e3bed 6 bytes [68, 27, E3, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!getaddrinfo                               00000000760e6737 6 bytes [68, 38, DF, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!WSASend                                   00000000760e68a7 6 bytes [68, 80, E3, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!send                                      00000000760ec4c8 6 bytes [68, 5F, E3, 3D, 00, C3]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3952] C:\Windows\syswow64\WS2_32.dll!gethostbyname                             00000000760f7133 6 bytes [68, C8, DE, 3D, 00, C3]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    00000000751f1465 2 bytes [1F, 75]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155   00000000751f14bb 2 bytes [1F, 75]
.text   ...                                                                                                                                             * 2

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:5396]                                                                                  000007fefb962a88
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:5412]                                                                                  000007feec4dc0b0
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:5216]                                                                                  000007fef9345124
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:2612]                                                                                  000007feec449e68
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [4704:3068]                                                                                  000007feec4dc0b0

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27b11                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaddf14e                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaddf14e@f8db7ff96252                                                        0xFC 0x76 0xF8 0x1A ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38ed02c9                                                                     
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27b11 (not active ControlSet)                                                 
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaddf14e (not active ControlSet)                                                 
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaddf14e@f8db7ff96252                                                            0xFC 0x76 0xF8 0x1A ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38ed02c9 (not active ControlSet)                                                 

---- EOF - GMER 2.1 ----
         
mbar 1. Durchgang:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-VAIO [administrator]

18.03.2013 17:42:35
mbar-log-2013-03-18 (17-42-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31359
Time elapsed: 19 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ywizanl (Trojan.Zbot) -> Data: C:\Users\***\AppData\Roaming\Qoeg\ysow.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\***\AppData\Roaming\Qoeg\ysow.exe (Trojan.Zbot) -> Delete on reboot.

(end)
         
mbar 2. Durchgang:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.18.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
*** :: ***-VAIO [administrator]

18.03.2013 18:35:58
mbar-log-2013-03-18 (18-35-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31323
Time elapsed: 21 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 18.03.2013, 23:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 08:50   #9
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



so dann hier mal aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 07:52:45
-----------------------------
07:52:45.873    OS Version: Windows x64 6.1.7600 
07:52:45.873    Number of processors: 4 586 0x2505
07:52:45.873    ComputerName: ***-VAIO  UserName: ***
07:52:47.402    Initialize success
07:53:55.145    AVAST engine defs: 13031801
07:54:16.969    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:54:16.969    Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
07:54:17.109    Disk 0 MBR read successfully
07:54:17.109    Disk 0 MBR scan
07:54:17.125    Disk 0 Windows 7 default MBR code
07:54:17.141    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13693 MB offset 2048
07:54:17.172    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 28045312
07:54:17.187    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       463145 MB offset 28250112
07:54:17.312    Disk 0 scanning C:\Windows\system32\drivers
07:54:34.582    Service scanning
07:55:07.967    Modules scanning
07:55:07.967    Disk 0 trace - called modules:
07:55:08.014    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
07:55:08.014    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006389060]
07:55:08.014    3 CLASSPNP.SYS[fffff88001ad943f] -> nt!IofCallDriver -> [0xfffffa80043438e0]
07:55:08.030    5 ACPI.sys[fffff88000eec781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004346050]
07:55:10.807    AVAST engine scan C:\Windows
07:55:13.973    AVAST engine scan C:\Windows\system32
08:00:54.790    AVAST engine scan C:\Windows\system32\drivers
08:01:14.604    AVAST engine scan C:\Users\***
08:19:45.145    AVAST engine scan C:\ProgramData
08:23:59.727    Scan finished successfully
08:30:04.240    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
08:30:04.256    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
         
und dann noch TDSSKiller:

Code:
ATTFilter
08:31:31.0239 3924  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:31:31.0427 3924  ============================================================
08:31:31.0427 3924  Current date / time: 2013/03/19 08:31:31.0427
08:31:31.0427 3924  SystemInfo:
08:31:31.0427 3924  
08:31:31.0427 3924  OS Version: 6.1.7600 ServicePack: 0.0
08:31:31.0427 3924  Product type: Workstation
08:31:31.0427 3924  ComputerName: ***-VAIO
08:31:31.0427 3924  UserName: ***
08:31:31.0427 3924  Windows directory: C:\Windows
08:31:31.0427 3924  System windows directory: C:\Windows
08:31:31.0427 3924  Running under WOW64
08:31:31.0427 3924  Processor architecture: Intel x64
08:31:31.0427 3924  Number of processors: 4
08:31:31.0427 3924  Page size: 0x1000
08:31:31.0427 3924  Boot type: Normal boot
08:31:31.0427 3924  ============================================================
08:31:32.0004 3924  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:31:32.0019 3924  ============================================================
08:31:32.0019 3924  \Device\Harddisk0\DR0:
08:31:32.0019 3924  MBR partitions:
08:31:32.0019 3924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1ABF000, BlocksNum 0x32000
08:31:32.0019 3924  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1000, BlocksNum 0x38894830
08:31:32.0019 3924  ============================================================
08:31:32.0035 3924  C: <-> \Device\Harddisk0\DR0\Partition2
08:31:32.0035 3924  ============================================================
08:31:32.0035 3924  Initialize success
08:31:32.0035 3924  ============================================================
08:32:02.0939 3160  ============================================================
08:32:02.0939 3160  Scan started
08:32:02.0939 3160  Mode: Manual; SigCheck; TDLFS; 
08:32:02.0939 3160  ============================================================
08:32:04.0265 3160  ================ Scan system memory ========================
08:32:04.0265 3160  System memory - ok
08:32:04.0265 3160  ================ Scan services =============================
08:32:04.0670 3160  [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:32:04.0889 3160  1394ohci - ok
08:32:04.0967 3160  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:32:05.0029 3160  ACDaemon - ok
08:32:05.0076 3160  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:32:05.0107 3160  ACPI - ok
08:32:05.0138 3160  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:32:05.0248 3160  AcpiPmi - ok
08:32:05.0326 3160  [ 5AE65DCD983077278A6173C2872BCA99 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
08:32:05.0357 3160  acsock - ok
08:32:05.0435 3160  [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
08:32:05.0450 3160  AdobeActiveFileMonitor8.0 - ok
08:32:05.0544 3160  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:32:05.0560 3160  AdobeARMservice - ok
08:32:05.0700 3160  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:32:05.0731 3160  AdobeFlashPlayerUpdateSvc - ok
08:32:05.0794 3160  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:32:05.0840 3160  adp94xx - ok
08:32:05.0872 3160  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:32:05.0903 3160  adpahci - ok
08:32:05.0918 3160  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:32:05.0934 3160  adpu320 - ok
08:32:05.0965 3160  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:32:06.0168 3160  AeLookupSvc - ok
08:32:06.0262 3160  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
08:32:06.0386 3160  AFD - ok
08:32:06.0418 3160  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
08:32:06.0449 3160  agp440 - ok
08:32:06.0480 3160  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
08:32:06.0542 3160  ALG - ok
08:32:06.0574 3160  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:32:06.0589 3160  aliide - ok
08:32:06.0620 3160  [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:32:06.0714 3160  AMD External Events Utility - ok
08:32:06.0776 3160  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
08:32:06.0792 3160  amdide - ok
08:32:06.0823 3160  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
08:32:06.0901 3160  AmdK8 - ok
08:32:07.0088 3160  [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:32:07.0369 3160  amdkmdag - ok
08:32:07.0432 3160  [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
08:32:07.0464 3160  amdkmdap - ok
08:32:07.0479 3160  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
08:32:07.0542 3160  AmdPPM - ok
08:32:07.0573 3160  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:32:07.0589 3160  amdsata - ok
08:32:07.0635 3160  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
08:32:07.0667 3160  amdsbs - ok
08:32:07.0713 3160  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:32:07.0729 3160  amdxata - ok
08:32:07.0807 3160  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:32:07.0854 3160  AntiVirSchedulerService - ok
08:32:07.0885 3160  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:32:07.0901 3160  AntiVirService - ok
08:32:07.0963 3160  [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService  C:\Windows\system32\drivers\Apfiltr.sys
08:32:07.0994 3160  ApfiltrService - ok
08:32:08.0041 3160  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
08:32:08.0166 3160  AppID - ok
08:32:08.0181 3160  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:32:08.0244 3160  AppIDSvc - ok
08:32:08.0259 3160  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
08:32:08.0322 3160  Appinfo - ok
08:32:08.0400 3160  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:32:08.0415 3160  Apple Mobile Device - ok
08:32:08.0447 3160  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
08:32:08.0479 3160  arc - ok
08:32:08.0510 3160  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
08:32:08.0541 3160  arcsas - ok
08:32:08.0588 3160  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
08:32:08.0604 3160  ArcSoftKsUFilter - ok
08:32:08.0713 3160  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:32:08.0760 3160  aspnet_state - ok
08:32:08.0806 3160  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:32:08.0884 3160  AsyncMac - ok
08:32:08.0947 3160  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
08:32:08.0962 3160  atapi - ok
08:32:09.0040 3160  [ CCA705CDF038D5BC243203CE4416B345 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
08:32:09.0150 3160  athr - ok
08:32:09.0352 3160  [ EA244A8B88DE8B5986BF3B7903B063AF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
08:32:09.0430 3160  atikmdag - ok
08:32:09.0477 3160  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:32:09.0586 3160  AudioEndpointBuilder - ok
08:32:09.0602 3160  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:32:09.0633 3160  AudioSrv - ok
08:32:09.0664 3160  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
08:32:09.0664 3160  avgntflt - ok
08:32:09.0727 3160  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
08:32:09.0742 3160  avipbb - ok
08:32:09.0758 3160  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
08:32:09.0774 3160  avkmgr - ok
08:32:09.0836 3160  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:32:09.0945 3160  AxInstSV - ok
08:32:10.0008 3160  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
08:32:10.0070 3160  b06bdrv - ok
08:32:10.0117 3160  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:32:10.0179 3160  b57nd60a - ok
08:32:10.0210 3160  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:32:10.0273 3160  BDESVC - ok
08:32:10.0304 3160  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:32:10.0429 3160  Beep - ok
08:32:10.0476 3160  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
08:32:10.0522 3160  BFE - ok
08:32:10.0569 3160  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
08:32:10.0694 3160  BITS - ok
08:32:10.0725 3160  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
08:32:10.0756 3160  blbdrive - ok
08:32:10.0834 3160  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:32:10.0881 3160  Bonjour Service - ok
08:32:10.0897 3160  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:32:10.0975 3160  bowser - ok
08:32:11.0022 3160  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
08:32:11.0068 3160  BrFiltLo - ok
08:32:11.0084 3160  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
08:32:11.0100 3160  BrFiltUp - ok
08:32:11.0131 3160  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
08:32:11.0209 3160  Browser - ok
08:32:11.0256 3160  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:32:11.0334 3160  Brserid - ok
08:32:11.0349 3160  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:32:11.0380 3160  BrSerWdm - ok
08:32:11.0412 3160  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:32:11.0443 3160  BrUsbMdm - ok
08:32:11.0458 3160  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:32:11.0474 3160  BrUsbSer - ok
08:32:11.0505 3160  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
08:32:11.0599 3160  BthEnum - ok
08:32:11.0630 3160  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
08:32:11.0677 3160  BTHMODEM - ok
08:32:11.0708 3160  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
08:32:11.0739 3160  BthPan - ok
08:32:11.0802 3160  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
08:32:11.0864 3160  BTHPORT - ok
08:32:11.0880 3160  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
08:32:11.0942 3160  bthserv - ok
08:32:11.0973 3160  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
08:32:11.0989 3160  BTHUSB - ok
08:32:12.0020 3160  [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
08:32:12.0051 3160  btwampfl - ok
08:32:12.0067 3160  [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
08:32:12.0082 3160  btwaudio - ok
08:32:12.0114 3160  [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
08:32:12.0129 3160  btwavdt - ok
08:32:12.0223 3160  [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:32:12.0301 3160  btwdins - ok
08:32:12.0316 3160  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
08:32:12.0332 3160  btwl2cap - ok
08:32:12.0363 3160  [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
08:32:12.0363 3160  btwrchid - ok
08:32:12.0394 3160  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:32:12.0535 3160  cdfs - ok
08:32:12.0566 3160  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:32:12.0582 3160  cdrom - ok
08:32:12.0628 3160  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
08:32:12.0691 3160  CertPropSvc - ok
08:32:12.0706 3160  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
08:32:12.0738 3160  circlass - ok
08:32:12.0753 3160  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
08:32:12.0769 3160  CLFS - ok
08:32:12.0800 3160  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:32:12.0816 3160  clr_optimization_v2.0.50727_32 - ok
08:32:12.0862 3160  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:32:12.0878 3160  clr_optimization_v2.0.50727_64 - ok
08:32:12.0940 3160  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:32:13.0018 3160  clr_optimization_v4.0.30319_32 - ok
08:32:13.0050 3160  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:32:13.0081 3160  clr_optimization_v4.0.30319_64 - ok
08:32:13.0096 3160  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
08:32:13.0128 3160  CmBatt - ok
08:32:13.0159 3160  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:32:13.0174 3160  cmdide - ok
08:32:13.0221 3160  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
08:32:13.0284 3160  CNG - ok
08:32:13.0315 3160  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
08:32:13.0330 3160  Compbatt - ok
08:32:13.0346 3160  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:32:13.0377 3160  CompositeBus - ok
08:32:13.0393 3160  COMSysApp - ok
08:32:13.0408 3160  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
08:32:13.0440 3160  crcdisk - ok
08:32:13.0486 3160  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:32:13.0549 3160  CryptSvc - ok
08:32:13.0580 3160  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:32:13.0705 3160  DcomLaunch - ok
08:32:13.0752 3160  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
08:32:13.0814 3160  defragsvc - ok
08:32:13.0845 3160  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:32:13.0923 3160  DfsC - ok
08:32:13.0954 3160  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:32:14.0095 3160  Dhcp - ok
08:32:14.0126 3160  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
08:32:14.0188 3160  discache - ok
08:32:14.0235 3160  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
08:32:14.0266 3160  Disk - ok
08:32:14.0298 3160  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:32:14.0344 3160  Dnscache - ok
08:32:14.0391 3160  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
08:32:14.0485 3160  dot3svc - ok
08:32:14.0500 3160  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
08:32:14.0547 3160  DPS - ok
08:32:14.0563 3160  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:32:14.0578 3160  drmkaud - ok
08:32:14.0625 3160  [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
08:32:14.0656 3160  dtsoftbus01 - ok
08:32:14.0703 3160  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:32:14.0750 3160  DXGKrnl - ok
08:32:14.0781 3160  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
08:32:14.0844 3160  EapHost - ok
08:32:14.0953 3160  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
08:32:15.0078 3160  ebdrv - ok
08:32:15.0109 3160  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
08:32:15.0187 3160  EFS - ok
08:32:15.0234 3160  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:32:15.0312 3160  ehRecvr - ok
08:32:15.0343 3160  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
08:32:15.0405 3160  ehSched - ok
08:32:15.0452 3160  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
08:32:15.0468 3160  elxstor - ok
08:32:15.0499 3160  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:32:15.0514 3160  ErrDev - ok
08:32:15.0577 3160  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
08:32:15.0639 3160  EventSystem - ok
08:32:15.0670 3160  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
08:32:15.0733 3160  exfat - ok
08:32:15.0748 3160  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:32:15.0826 3160  fastfat - ok
08:32:15.0873 3160  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
08:32:15.0967 3160  Fax - ok
08:32:15.0982 3160  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
08:32:15.0998 3160  fdc - ok
08:32:16.0014 3160  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
08:32:16.0076 3160  fdPHost - ok
08:32:16.0092 3160  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:32:16.0138 3160  FDResPub - ok
08:32:16.0154 3160  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:32:16.0170 3160  FileInfo - ok
08:32:16.0185 3160  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:32:16.0216 3160  Filetrace - ok
08:32:16.0263 3160  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:32:16.0310 3160  FLEXnet Licensing Service - ok
08:32:16.0341 3160  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
08:32:16.0357 3160  flpydisk - ok
08:32:16.0404 3160  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:32:16.0435 3160  FltMgr - ok
08:32:16.0482 3160  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
08:32:16.0560 3160  FontCache - ok
08:32:16.0606 3160  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:32:16.0638 3160  FontCache3.0.0.0 - ok
08:32:16.0638 3160  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:32:16.0653 3160  FsDepends - ok
08:32:16.0700 3160  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
08:32:16.0716 3160  fssfltr - ok
08:32:16.0809 3160  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
08:32:16.0887 3160  fsssvc - ok
08:32:16.0918 3160  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:32:16.0934 3160  Fs_Rec - ok
08:32:16.0981 3160  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:32:16.0996 3160  fvevol - ok
08:32:17.0012 3160  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
08:32:17.0028 3160  gagp30kx - ok
08:32:17.0059 3160  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:32:17.0074 3160  GEARAspiWDM - ok
08:32:17.0106 3160  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
08:32:17.0199 3160  gpsvc - ok
08:32:17.0215 3160  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:32:17.0308 3160  hcw85cir - ok
08:32:17.0340 3160  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:32:17.0386 3160  HdAudAddService - ok
08:32:17.0418 3160  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:32:17.0464 3160  HDAudBus - ok
08:32:17.0496 3160  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
08:32:17.0496 3160  HECIx64 - ok
08:32:17.0511 3160  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
08:32:17.0542 3160  HidBatt - ok
08:32:17.0558 3160  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
08:32:17.0589 3160  HidBth - ok
08:32:17.0620 3160  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
08:32:17.0636 3160  HidIr - ok
08:32:17.0652 3160  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
08:32:17.0698 3160  hidserv - ok
08:32:17.0761 3160  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
08:32:17.0808 3160  HidUsb - ok
08:32:17.0839 3160  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:32:17.0917 3160  hkmsvc - ok
08:32:17.0932 3160  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:32:17.0995 3160  HomeGroupListener - ok
08:32:18.0010 3160  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:32:18.0042 3160  HomeGroupProvider - ok
08:32:18.0073 3160  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:32:18.0088 3160  HpSAMD - ok
08:32:18.0120 3160  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:32:18.0198 3160  HTTP - ok
08:32:18.0213 3160  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:32:18.0229 3160  hwpolicy - ok
08:32:18.0260 3160  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:32:18.0276 3160  i8042prt - ok
08:32:18.0322 3160  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
08:32:18.0338 3160  iaStor - ok
08:32:18.0400 3160  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:32:18.0416 3160  IAStorDataMgrSvc - ok
08:32:18.0447 3160  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:32:18.0494 3160  iaStorV - ok
08:32:18.0541 3160  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:32:18.0588 3160  idsvc - ok
08:32:18.0806 3160  [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:32:19.0118 3160  igfx ( UnsignedFile.Multi.Generic ) - warning
08:32:19.0118 3160  igfx - detected UnsignedFile.Multi.Generic (1)
08:32:19.0149 3160  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
08:32:19.0165 3160  iirsp - ok
08:32:19.0212 3160  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
08:32:19.0290 3160  IKEEXT - ok
08:32:19.0352 3160  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
08:32:19.0414 3160  Impcd - ok
08:32:19.0508 3160  [ 526E482AFB586CB1CDD687869DECF686 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:32:19.0617 3160  IntcAzAudAddService - ok
08:32:19.0648 3160  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
08:32:19.0664 3160  IntcDAud ( UnsignedFile.Multi.Generic ) - warning
08:32:19.0664 3160  IntcDAud - detected UnsignedFile.Multi.Generic (1)
08:32:19.0695 3160  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
08:32:19.0711 3160  intelide - ok
08:32:19.0726 3160  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
08:32:19.0758 3160  intelppm - ok
08:32:19.0773 3160  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:32:19.0804 3160  IPBusEnum - ok
08:32:19.0820 3160  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:32:19.0867 3160  IpFilterDriver - ok
08:32:19.0882 3160  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:32:19.0945 3160  iphlpsvc - ok
08:32:19.0960 3160  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:32:20.0007 3160  IPMIDRV - ok
08:32:20.0038 3160  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:32:20.0101 3160  IPNAT - ok
08:32:20.0148 3160  [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:32:20.0210 3160  iPod Service - ok
08:32:20.0241 3160  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:32:20.0257 3160  IRENUM - ok
08:32:20.0288 3160  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:32:20.0288 3160  isapnp - ok
08:32:20.0319 3160  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:32:20.0366 3160  iScsiPrt - ok
08:32:20.0382 3160  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
08:32:20.0397 3160  kbdclass - ok
08:32:20.0413 3160  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:32:20.0460 3160  kbdhid - ok
08:32:20.0475 3160  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
08:32:20.0491 3160  KeyIso - ok
08:32:20.0522 3160  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:32:20.0553 3160  KSecDD - ok
08:32:20.0569 3160  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:32:20.0584 3160  KSecPkg - ok
08:32:20.0616 3160  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:32:20.0694 3160  ksthunk - ok
08:32:20.0725 3160  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:32:20.0787 3160  KtmRm - ok
08:32:20.0818 3160  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
08:32:20.0881 3160  LanmanServer - ok
08:32:20.0912 3160  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:32:20.0974 3160  LanmanWorkstation - ok
08:32:20.0990 3160  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:32:21.0037 3160  lltdio - ok
08:32:21.0068 3160  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:32:21.0115 3160  lltdsvc - ok
08:32:21.0146 3160  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:32:21.0177 3160  lmhosts - ok
08:32:21.0255 3160  [ 3D23191672D83E90D1CF63927EE98136 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:32:21.0286 3160  LMS - ok
08:32:21.0318 3160  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
08:32:21.0349 3160  LSI_FC - ok
08:32:21.0380 3160  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
08:32:21.0411 3160  LSI_SAS - ok
08:32:21.0411 3160  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
08:32:21.0427 3160  LSI_SAS2 - ok
08:32:21.0442 3160  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
08:32:21.0458 3160  LSI_SCSI - ok
08:32:21.0489 3160  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
08:32:21.0520 3160  luafv - ok
08:32:21.0661 3160  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
08:32:21.0692 3160  McComponentHostService - ok
08:32:21.0723 3160  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:32:21.0754 3160  Mcx2Svc - ok
08:32:21.0770 3160  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
08:32:21.0786 3160  megasas - ok
08:32:21.0817 3160  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
08:32:21.0832 3160  MegaSR - ok
08:32:21.0848 3160  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
08:32:21.0910 3160  MMCSS - ok
08:32:21.0926 3160  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
08:32:21.0973 3160  Modem - ok
08:32:22.0020 3160  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:32:22.0066 3160  monitor - ok
08:32:22.0082 3160  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
08:32:22.0098 3160  mouclass - ok
08:32:22.0113 3160  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
08:32:22.0144 3160  mouhid - ok
08:32:22.0160 3160  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:32:22.0176 3160  mountmgr - ok
08:32:22.0238 3160  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:32:22.0269 3160  MozillaMaintenance - ok
08:32:22.0300 3160  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\drivers\mpio.sys
08:32:22.0316 3160  mpio - ok
08:32:22.0332 3160  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:32:22.0378 3160  mpsdrv - ok
08:32:22.0410 3160  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:32:22.0488 3160  MpsSvc - ok
08:32:22.0519 3160  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:32:22.0550 3160  MRxDAV - ok
08:32:22.0581 3160  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:32:22.0659 3160  mrxsmb - ok
08:32:22.0675 3160  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:32:22.0722 3160  mrxsmb10 - ok
08:32:22.0753 3160  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:32:22.0784 3160  mrxsmb20 - ok
08:32:22.0800 3160  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:32:22.0815 3160  msahci - ok
08:32:22.0846 3160  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:32:22.0862 3160  msdsm - ok
08:32:22.0862 3160  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
08:32:22.0893 3160  MSDTC - ok
08:32:22.0924 3160  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:32:22.0956 3160  Msfs - ok
08:32:22.0971 3160  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:32:23.0018 3160  mshidkmdf - ok
08:32:23.0018 3160  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:32:23.0034 3160  msisadrv - ok
08:32:23.0080 3160  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:32:23.0127 3160  MSiSCSI - ok
08:32:23.0127 3160  msiserver - ok
08:32:23.0158 3160  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:32:23.0221 3160  MSKSSRV - ok
08:32:23.0236 3160  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:32:23.0283 3160  MSPCLOCK - ok
08:32:23.0299 3160  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:32:23.0346 3160  MSPQM - ok
08:32:23.0377 3160  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:32:23.0392 3160  MsRPC - ok
08:32:23.0408 3160  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:32:23.0408 3160  mssmbios - ok
08:32:23.0439 3160  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:32:23.0486 3160  MSTEE - ok
08:32:23.0502 3160  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
08:32:23.0533 3160  MTConfig - ok
08:32:23.0548 3160  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
08:32:23.0564 3160  Mup - ok
08:32:23.0580 3160  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
08:32:23.0642 3160  napagent - ok
08:32:23.0673 3160  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:32:23.0704 3160  NativeWifiP - ok
08:32:23.0751 3160  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:32:23.0845 3160  NDIS - ok
08:32:23.0860 3160  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:32:23.0923 3160  NdisCap - ok
08:32:23.0954 3160  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:32:24.0016 3160  NdisTapi - ok
08:32:24.0032 3160  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:32:24.0079 3160  Ndisuio - ok
08:32:24.0094 3160  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:32:24.0141 3160  NdisWan - ok
08:32:24.0157 3160  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:32:24.0204 3160  NDProxy - ok
08:32:24.0219 3160  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:32:24.0266 3160  NetBIOS - ok
08:32:24.0282 3160  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:32:24.0328 3160  NetBT - ok
08:32:24.0344 3160  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
08:32:24.0344 3160  Netlogon - ok
08:32:24.0391 3160  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
08:32:24.0438 3160  Netman - ok
08:32:24.0500 3160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0547 3160  NetMsmqActivator - ok
08:32:24.0562 3160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0578 3160  NetPipeActivator - ok
08:32:24.0609 3160  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
08:32:24.0672 3160  netprofm - ok
08:32:24.0687 3160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0703 3160  NetTcpActivator - ok
08:32:24.0718 3160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:32:24.0718 3160  NetTcpPortSharing - ok
08:32:24.0765 3160  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
08:32:24.0781 3160  nfrd960 - ok
08:32:24.0828 3160  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:32:24.0921 3160  NlaSvc - ok
08:32:24.0952 3160  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:32:24.0999 3160  Npfs - ok
08:32:24.0999 3160  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
08:32:25.0062 3160  nsi - ok
08:32:25.0077 3160  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:32:25.0108 3160  nsiproxy - ok
08:32:25.0186 3160  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:32:25.0280 3160  Ntfs - ok
08:32:25.0311 3160  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
08:32:25.0405 3160  Null - ok
08:32:25.0467 3160  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:32:25.0498 3160  nvraid - ok
08:32:25.0514 3160  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:32:25.0530 3160  nvstor - ok
08:32:25.0545 3160  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:32:25.0561 3160  nv_agp - ok
08:32:25.0654 3160  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:32:25.0686 3160  odserv - ok
08:32:25.0732 3160  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:32:25.0779 3160  ohci1394 - ok
08:32:25.0826 3160  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:32:25.0842 3160  ose - ok
08:32:25.0888 3160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:32:25.0935 3160  p2pimsvc - ok
08:32:25.0966 3160  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
08:32:25.0982 3160  p2psvc - ok
08:32:26.0013 3160  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
08:32:26.0029 3160  Parport - ok
08:32:26.0060 3160  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:32:26.0076 3160  partmgr - ok
08:32:26.0091 3160  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:32:26.0122 3160  PcaSvc - ok
08:32:26.0154 3160  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\drivers\pci.sys
08:32:26.0169 3160  pci - ok
08:32:26.0200 3160  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
08:32:26.0216 3160  pciide - ok
08:32:26.0232 3160  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
08:32:26.0247 3160  pcmcia - ok
08:32:26.0278 3160  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:32:26.0278 3160  pcw - ok
08:32:26.0310 3160  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:32:26.0356 3160  PEAUTH - ok
08:32:26.0419 3160  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:32:26.0450 3160  PerfHost - ok
08:32:26.0497 3160  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
08:32:26.0590 3160  pla - ok
08:32:26.0622 3160  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:32:26.0653 3160  PlugPlay - ok
08:32:26.0715 3160  [ 80E85394D8CD7F84340B1C6F4B9D698F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
08:32:26.0762 3160  PMBDeviceInfoProvider - ok
08:32:26.0793 3160  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:32:26.0809 3160  PNRPAutoReg - ok
08:32:26.0840 3160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:32:26.0856 3160  PNRPsvc - ok
08:32:26.0887 3160  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:32:26.0949 3160  PolicyAgent - ok
08:32:26.0980 3160  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
08:32:27.0027 3160  Power - ok
08:32:27.0074 3160  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:32:27.0152 3160  PptpMiniport - ok
08:32:27.0168 3160  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
08:32:27.0183 3160  Processor - ok
08:32:27.0230 3160  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
08:32:27.0308 3160  ProfSvc - ok
08:32:27.0324 3160  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:32:27.0339 3160  ProtectedStorage - ok
08:32:27.0355 3160  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:32:27.0402 3160  Psched - ok
08:32:27.0433 3160  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
08:32:27.0448 3160  PxHlpa64 - ok
08:32:27.0495 3160  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
08:32:27.0558 3160  ql2300 - ok
08:32:27.0573 3160  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
08:32:27.0589 3160  ql40xx - ok
08:32:27.0620 3160  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
08:32:27.0651 3160  QWAVE - ok
08:32:27.0682 3160  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:32:27.0698 3160  QWAVEdrv - ok
08:32:27.0714 3160  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:32:27.0760 3160  RasAcd - ok
08:32:27.0776 3160  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:32:27.0823 3160  RasAgileVpn - ok
08:32:27.0838 3160  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
08:32:27.0885 3160  RasAuto - ok
08:32:27.0916 3160  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:32:27.0963 3160  Rasl2tp - ok
08:32:27.0994 3160  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
08:32:28.0041 3160  RasMan - ok
08:32:28.0057 3160  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:32:28.0104 3160  RasPppoe - ok
08:32:28.0119 3160  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:32:28.0166 3160  RasSstp - ok
08:32:28.0197 3160  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:32:28.0228 3160  rdbss - ok
08:32:28.0244 3160  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
08:32:28.0275 3160  rdpbus - ok
08:32:28.0275 3160  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:32:28.0322 3160  RDPCDD - ok
08:32:28.0338 3160  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:32:28.0384 3160  RDPENCDD - ok
08:32:28.0400 3160  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:32:28.0431 3160  RDPREFMP - ok
08:32:28.0462 3160  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:32:28.0525 3160  RDPWD - ok
08:32:28.0572 3160  [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:32:28.0603 3160  rdyboost - ok
08:32:28.0618 3160  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:32:28.0696 3160  RemoteAccess - ok
08:32:28.0712 3160  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:32:28.0774 3160  RemoteRegistry - ok
08:32:28.0806 3160  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
08:32:28.0852 3160  RFCOMM - ok
08:32:28.0884 3160  [ FA6ABC06B629DA29634D31F1FE0347BD ] rimspci         C:\Windows\system32\drivers\rimssne64.sys
08:32:28.0915 3160  rimspci - ok
08:32:28.0962 3160  [ 8F8539A7F5C117D4407B2985995671F2 ] risdsnpe        C:\Windows\system32\drivers\risdsne64.sys
08:32:28.0977 3160  risdsnpe - ok
08:32:29.0008 3160  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:32:29.0055 3160  RpcEptMapper - ok
08:32:29.0086 3160  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
08:32:29.0102 3160  RpcLocator - ok
08:32:29.0118 3160  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
08:32:29.0164 3160  RpcSs - ok
08:32:29.0196 3160  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:32:29.0242 3160  rspndr - ok
08:32:29.0289 3160  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
08:32:29.0305 3160  RTHDMIAzAudService - ok
08:32:29.0352 3160  [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
08:32:29.0367 3160  s0017bus - ok
08:32:29.0398 3160  [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
08:32:29.0430 3160  s0017mdfl - ok
08:32:29.0445 3160  [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
08:32:29.0461 3160  s0017mdm - ok
08:32:29.0476 3160  [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
08:32:29.0492 3160  s0017mgmt - ok
08:32:29.0523 3160  [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
08:32:29.0523 3160  s0017nd5 - ok
08:32:29.0539 3160  [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
08:32:29.0554 3160  s0017obex - ok
08:32:29.0570 3160  [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
08:32:29.0586 3160  s0017unic - ok
08:32:29.0617 3160  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
08:32:29.0632 3160  SamSs - ok
08:32:29.0648 3160  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:32:29.0664 3160  sbp2port - ok
08:32:29.0695 3160  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:32:29.0742 3160  SCardSvr - ok
08:32:29.0757 3160  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:32:29.0804 3160  scfilter - ok
08:32:29.0835 3160  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
08:32:29.0913 3160  Schedule - ok
08:32:29.0944 3160  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:32:29.0976 3160  SCPolicySvc - ok
08:32:30.0007 3160  [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
08:32:30.0069 3160  sdbus - ok
08:32:30.0100 3160  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:32:30.0163 3160  SDRSVC - ok
08:32:30.0194 3160  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:32:30.0272 3160  secdrv - ok
08:32:30.0272 3160  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
08:32:30.0319 3160  seclogon - ok
08:32:30.0334 3160  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
08:32:30.0381 3160  SENS - ok
08:32:30.0412 3160  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:32:30.0459 3160  SensrSvc - ok
08:32:30.0490 3160  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
08:32:30.0506 3160  Serenum - ok
08:32:30.0553 3160  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
08:32:30.0600 3160  Serial - ok
08:32:30.0631 3160  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
08:32:30.0662 3160  sermouse - ok
08:32:30.0709 3160  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
08:32:30.0771 3160  SessionEnv - ok
08:32:30.0802 3160  [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
08:32:30.0849 3160  SFEP - ok
08:32:30.0865 3160  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:32:30.0896 3160  sffdisk - ok
08:32:30.0912 3160  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:32:30.0943 3160  sffp_mmc - ok
08:32:30.0958 3160  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:32:30.0990 3160  sffp_sd - ok
08:32:31.0005 3160  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
08:32:31.0036 3160  sfloppy - ok
08:32:31.0068 3160  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:32:31.0146 3160  SharedAccess - ok
08:32:31.0177 3160  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:32:31.0208 3160  ShellHWDetection - ok
08:32:31.0239 3160  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
08:32:31.0255 3160  SiSRaid2 - ok
08:32:31.0270 3160  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
08:32:31.0302 3160  SiSRaid4 - ok
08:32:31.0333 3160  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:32:31.0411 3160  Smb - ok
08:32:31.0442 3160  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:32:31.0473 3160  SNMPTRAP - ok
08:32:31.0536 3160  [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
08:32:31.0567 3160  SOHCImp - ok
08:32:31.0582 3160  [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
08:32:31.0614 3160  SOHDms - ok
08:32:31.0629 3160  [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
08:32:31.0629 3160  SOHDs - ok
08:32:31.0707 3160  [ 5449FC97476F52E027409E703791E6A9 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
08:32:31.0738 3160  SpfService - ok
08:32:31.0754 3160  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:32:31.0770 3160  spldr - ok
08:32:31.0801 3160  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
08:32:31.0894 3160  Spooler - ok
08:32:32.0004 3160  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:32:32.0144 3160  sppsvc - ok
08:32:32.0160 3160  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:32:32.0206 3160  sppuinotify - ok
08:32:32.0238 3160  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:32:32.0316 3160  srv - ok
08:32:32.0331 3160  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:32:32.0362 3160  srv2 - ok
08:32:32.0378 3160  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:32:32.0409 3160  srvnet - ok
08:32:32.0440 3160  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:32:32.0534 3160  SSDPSRV - ok
08:32:32.0550 3160  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:32:32.0581 3160  SstpSvc - ok
08:32:32.0612 3160  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
08:32:32.0628 3160  stexstor - ok
08:32:32.0659 3160  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
08:32:32.0674 3160  stisvc - ok
08:32:32.0690 3160  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:32:32.0706 3160  swenum - ok
08:32:32.0721 3160  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
08:32:32.0784 3160  swprv - ok
08:32:32.0830 3160  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
08:32:32.0940 3160  SysMain - ok
08:32:32.0955 3160  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:32:32.0971 3160  TabletInputService - ok
08:32:32.0986 3160  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:32:33.0033 3160  TapiSrv - ok
08:32:33.0049 3160  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
08:32:33.0096 3160  TBS - ok
08:32:33.0174 3160  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:32:33.0283 3160  Tcpip - ok
08:32:33.0345 3160  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:32:33.0376 3160  TCPIP6 - ok
08:32:33.0408 3160  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:32:33.0439 3160  tcpipreg - ok
08:32:33.0454 3160  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:32:33.0517 3160  TDPIPE - ok
08:32:33.0548 3160  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:32:33.0579 3160  TDTCP - ok
08:32:33.0610 3160  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:32:33.0673 3160  tdx - ok
08:32:33.0688 3160  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:32:33.0704 3160  TermDD - ok
08:32:33.0735 3160  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
08:32:33.0844 3160  TermService - ok
08:32:33.0860 3160  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
08:32:33.0876 3160  Themes - ok
08:32:33.0907 3160  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
08:32:33.0938 3160  THREADORDER - ok
08:32:33.0969 3160  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
08:32:34.0016 3160  TrkWks - ok
08:32:34.0063 3160  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:32:34.0110 3160  TrustedInstaller - ok
08:32:34.0125 3160  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:32:34.0203 3160  tssecsrv - ok
08:32:34.0219 3160  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:32:34.0266 3160  tunnel - ok
08:32:34.0281 3160  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
08:32:34.0281 3160  uagp35 - ok
08:32:34.0328 3160  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
08:32:34.0344 3160  uCamMonitor - ok
08:32:34.0359 3160  [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:32:34.0453 3160  udfs - ok
08:32:34.0484 3160  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:32:34.0500 3160  UI0Detect - ok
08:32:34.0515 3160  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:32:34.0531 3160  uliagpkx - ok
08:32:34.0546 3160  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:32:34.0593 3160  umbus - ok
08:32:34.0640 3160  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
08:32:34.0671 3160  UmPass - ok
08:32:34.0780 3160  [ 11A559E0F10CC5E788984023DF400A6F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:32:34.0890 3160  UNS - ok
08:32:34.0921 3160  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
08:32:35.0014 3160  upnphost - ok
08:32:35.0046 3160  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
08:32:35.0077 3160  USBAAPL64 - ok
08:32:35.0124 3160  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
08:32:35.0170 3160  usbaudio - ok
08:32:35.0202 3160  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:32:35.0264 3160  usbccgp - ok
08:32:35.0280 3160  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:32:35.0311 3160  usbcir - ok
08:32:35.0326 3160  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
08:32:35.0342 3160  usbehci - ok
08:32:35.0373 3160  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:32:35.0404 3160  usbhub - ok
08:32:35.0420 3160  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:32:35.0436 3160  usbohci - ok
08:32:35.0467 3160  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:32:35.0514 3160  usbprint - ok
08:32:35.0545 3160  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:32:35.0607 3160  USBSTOR - ok
08:32:35.0623 3160  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:32:35.0654 3160  usbuhci - ok
08:32:35.0701 3160  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
08:32:35.0763 3160  usbvideo - ok
08:32:35.0779 3160  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
08:32:35.0826 3160  UxSms - ok
08:32:35.0857 3160  [ A60605FC66552B421EE1F3D4EBB9A4E0 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
08:32:35.0888 3160  VAIO Event Service - ok
08:32:35.0950 3160  [ D469BE2723F79CF4B384680B1FDC577D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
08:32:36.0013 3160  VAIO Power Management - ok
08:32:36.0028 3160  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
08:32:36.0044 3160  VaultSvc - ok
08:32:36.0091 3160  [ 96EFA2698D6B9E2931609A3EA73FC5DC ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
08:32:36.0153 3160  VCFw - ok
08:32:36.0216 3160  [ 7BEBF6A5285FFC03C34A7297A4E177CB ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
08:32:36.0262 3160  VcmIAlzMgr - ok
08:32:36.0278 3160  [ E005B04DFCA99F5880C5111933194CA9 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
08:32:36.0309 3160  VcmINSMgr - ok
08:32:36.0340 3160  [ 829A32FD1334F72429CA0515760EB7A7 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
08:32:36.0340 3160  VcmXmlIfHelper - ok
08:32:36.0403 3160  [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
08:32:36.0418 3160  VCService - ok
08:32:36.0450 3160  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:32:36.0465 3160  vdrvroot - ok
08:32:36.0496 3160  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
08:32:36.0512 3160  vds - ok
08:32:36.0543 3160  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:32:36.0559 3160  vga - ok
08:32:36.0574 3160  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:32:36.0621 3160  VgaSave - ok
08:32:36.0652 3160  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:32:36.0668 3160  vhdmp - ok
08:32:36.0684 3160  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:32:36.0699 3160  viaide - ok
08:32:36.0730 3160  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:32:36.0746 3160  volmgr - ok
08:32:36.0762 3160  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:32:36.0777 3160  volmgrx - ok
08:32:36.0824 3160  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:32:36.0855 3160  volsnap - ok
08:32:36.0933 3160  [ B671E1CE912B85478DAC11C7A210B6F6 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
08:32:36.0980 3160  vpnagent - ok
08:32:37.0042 3160  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
08:32:37.0058 3160  vpnva - ok
08:32:37.0105 3160  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
08:32:37.0136 3160  vsmraid - ok
08:32:37.0198 3160  [ A7EB62C664A03901165290A714BD48D0 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
08:32:37.0261 3160  VSNService ( UnsignedFile.Multi.Generic ) - warning
08:32:37.0261 3160  VSNService - detected UnsignedFile.Multi.Generic (1)
08:32:37.0323 3160  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
08:32:37.0417 3160  VSS - ok
08:32:37.0573 3160  [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
08:32:37.0698 3160  VUAgent - ok
08:32:37.0713 3160  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:32:37.0729 3160  vwifibus - ok
08:32:37.0760 3160  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:32:37.0791 3160  vwififlt - ok
08:32:37.0838 3160  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:32:37.0854 3160  vwifimp - ok
08:32:37.0885 3160  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
08:32:37.0947 3160  W32Time - ok
08:32:37.0978 3160  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
08:32:37.0994 3160  WacomPen - ok
08:32:38.0010 3160  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:32:38.0072 3160  WANARP - ok
08:32:38.0072 3160  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:32:38.0103 3160  Wanarpv6 - ok
08:32:38.0150 3160  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
08:32:38.0228 3160  wbengine - ok
08:32:38.0259 3160  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:32:38.0275 3160  WbioSrvc - ok
08:32:38.0306 3160  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:32:38.0337 3160  wcncsvc - ok
08:32:38.0353 3160  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:32:38.0400 3160  WcsPlugInService - ok
08:32:38.0431 3160  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
08:32:38.0446 3160  Wd - ok
08:32:38.0493 3160  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:32:38.0540 3160  Wdf01000 - ok
08:32:38.0556 3160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:32:38.0587 3160  WdiServiceHost - ok
08:32:38.0587 3160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:32:38.0602 3160  WdiSystemHost - ok
08:32:38.0634 3160  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
08:32:38.0680 3160  WebClient - ok
08:32:38.0696 3160  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:32:38.0743 3160  Wecsvc - ok
08:32:38.0774 3160  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:32:38.0868 3160  wercplsupport - ok
08:32:38.0883 3160  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:32:38.0946 3160  WerSvc - ok
08:32:38.0977 3160  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:32:39.0008 3160  WfpLwf - ok
08:32:39.0024 3160  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:32:39.0039 3160  WIMMount - ok
08:32:39.0055 3160  WinDefend - ok
08:32:39.0055 3160  WinHttpAutoProxySvc - ok
08:32:39.0102 3160  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:32:39.0148 3160  Winmgmt - ok
08:32:39.0211 3160  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:32:39.0351 3160  WinRM - ok
08:32:39.0398 3160  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:32:39.0429 3160  WinUsb - ok
08:32:39.0476 3160  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:32:39.0523 3160  Wlansvc - ok
08:32:39.0601 3160  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:32:39.0616 3160  wlcrasvc - ok
08:32:39.0710 3160  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:32:39.0819 3160  wlidsvc - ok
08:32:39.0850 3160  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:32:39.0850 3160  WmiAcpi - ok
08:32:39.0897 3160  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:32:39.0928 3160  wmiApSrv - ok
08:32:39.0960 3160  WMPNetworkSvc - ok
08:32:40.0069 3160  [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      c:\Program Files\Zune\WMZuneComm.exe
08:32:40.0116 3160  WMZuneComm - ok
08:32:40.0147 3160  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:32:40.0194 3160  WPCSvc - ok
08:32:40.0209 3160  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:32:40.0256 3160  WPDBusEnum - ok
08:32:40.0272 3160  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:32:40.0334 3160  ws2ifsl - ok
08:32:40.0365 3160  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
08:32:40.0381 3160  wscsvc - ok
08:32:40.0396 3160  WSearch - ok
08:32:40.0459 3160  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:32:40.0552 3160  wuauserv - ok
08:32:40.0568 3160  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:32:40.0615 3160  WudfPf - ok
08:32:40.0662 3160  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:32:40.0708 3160  WUDFRd - ok
08:32:40.0740 3160  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:32:40.0786 3160  wudfsvc - ok
08:32:40.0818 3160  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:32:40.0849 3160  WwanSvc - ok
08:32:40.0896 3160  [ 5250193EF8E173AA7491250F00EB367F ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
08:32:40.0927 3160  yukonw7 - ok
08:32:41.0145 3160  [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc  c:\Program Files\Zune\ZuneNss.exe
08:32:41.0426 3160  ZuneNetworkSvc - ok
08:32:41.0488 3160  [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc  c:\Program Files\Zune\ZuneWlanCfgSvc.exe
08:32:41.0535 3160  ZuneWlanCfgSvc - ok
08:32:41.0598 3160  ================ Scan global ===============================
08:32:41.0613 3160  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:32:41.0660 3160  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
08:32:41.0738 3160  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
08:32:41.0785 3160  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:32:41.0816 3160  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:32:41.0832 3160  [Global] - ok
08:32:41.0832 3160  ================ Scan MBR ==================================
08:32:41.0847 3160  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:32:42.0300 3160  \Device\Harddisk0\DR0 - ok
08:32:42.0300 3160  ================ Scan VBR ==================================
08:32:42.0300 3160  [ 25FBBBDC5860CDB4FBDFEF6F7339852D ] \Device\Harddisk0\DR0\Partition1
08:32:42.0300 3160  \Device\Harddisk0\DR0\Partition1 - ok
08:32:42.0346 3160  [ F531585E13AAC193649EB59B87534786 ] \Device\Harddisk0\DR0\Partition2
08:32:42.0346 3160  \Device\Harddisk0\DR0\Partition2 - ok
08:32:42.0346 3160  ============================================================
08:32:42.0346 3160  Scan finished
08:32:42.0346 3160  ============================================================
08:32:42.0362 1128  Detected object count: 3
08:32:42.0362 1128  Actual detected object count: 3
08:34:30.0081 1128  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
08:34:30.0081 1128  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:34:30.0081 1128  IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
08:34:30.0081 1128  IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:34:30.0081 1128  VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
08:34:30.0081 1128  VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
08:34:40.0898 2388  ============================================================
08:34:40.0898 2388  Scan started
08:34:40.0898 2388  Mode: Manual; SigCheck; TDLFS; 
08:34:40.0898 2388  ============================================================
08:34:41.0226 2388  ================ Scan system memory ========================
08:34:41.0226 2388  System memory - ok
08:34:41.0226 2388  ================ Scan services =============================
08:34:41.0413 2388  [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:34:41.0476 2388  1394ohci - ok
08:34:41.0569 2388  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:34:41.0585 2388  ACDaemon - ok
08:34:41.0632 2388  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:34:41.0663 2388  ACPI - ok
08:34:41.0678 2388  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:34:41.0694 2388  AcpiPmi - ok
08:34:41.0725 2388  [ 5AE65DCD983077278A6173C2872BCA99 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
08:34:41.0725 2388  acsock - ok
08:34:41.0866 2388  [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
08:34:41.0881 2388  AdobeActiveFileMonitor8.0 - ok
08:34:41.0944 2388  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:34:41.0959 2388  AdobeARMservice - ok
08:34:42.0053 2388  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:34:42.0084 2388  AdobeFlashPlayerUpdateSvc - ok
08:34:42.0131 2388  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
08:34:42.0146 2388  adp94xx - ok
08:34:42.0178 2388  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
08:34:42.0193 2388  adpahci - ok
08:34:42.0224 2388  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
08:34:42.0240 2388  adpu320 - ok
08:34:42.0256 2388  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:34:42.0287 2388  AeLookupSvc - ok
08:34:42.0349 2388  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
08:34:42.0380 2388  AFD - ok
08:34:42.0380 2388  Scan interrupted by user!
08:34:42.0380 2388  ================ Scan global ===============================
08:34:42.0380 2388  Scan interrupted by user!
08:34:42.0380 2388  ================ Scan MBR ==================================
08:34:42.0380 2388  Scan interrupted by user!
08:34:42.0380 2388  ================ Scan VBR ==================================
08:34:42.0380 2388  Scan interrupted by user!
08:34:42.0380 2388  ============================================================
08:34:42.0380 2388  Scan finished
08:34:42.0380 2388  ============================================================
08:34:42.0396 4172  Detected object count: 0
08:34:42.0396 4172  Actual detected object count: 0
08:34:44.0393 5964  Deinitialize success
         

Alt 19.03.2013, 12:27   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



Zitat:
08:34:42.0380 2388 Scan interrupted by user!
08:34:42.0380 2388 ================ Scan global ===============================
Was sol das, wieso brichst du den Scan ab?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 12:37   #11
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



tut mir leid ich bin ausversehen vorhin ein zweites mal auf start gegangen und habe gleich abgebrochen.. naja hab es jetzt nochmal scannen lassen..:

Code:
ATTFilter
12:34:01.0087 5648  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:34:01.0243 5648  ============================================================
12:34:01.0243 5648  Current date / time: 2013/03/19 12:34:01.0243
12:34:01.0243 5648  SystemInfo:
12:34:01.0243 5648  
12:34:01.0243 5648  OS Version: 6.1.7600 ServicePack: 0.0
12:34:01.0243 5648  Product type: Workstation
12:34:01.0243 5648  ComputerName: ***-VAIO
12:34:01.0243 5648  UserName: ***
12:34:01.0243 5648  Windows directory: C:\Windows
12:34:01.0243 5648  System windows directory: C:\Windows
12:34:01.0243 5648  Running under WOW64
12:34:01.0243 5648  Processor architecture: Intel x64
12:34:01.0243 5648  Number of processors: 4
12:34:01.0243 5648  Page size: 0x1000
12:34:01.0243 5648  Boot type: Normal boot
12:34:01.0243 5648  ============================================================
12:34:01.0789 5648  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:34:01.0805 5648  ============================================================
12:34:01.0805 5648  \Device\Harddisk0\DR0:
12:34:01.0805 5648  MBR partitions:
12:34:01.0805 5648  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1ABF000, BlocksNum 0x32000
12:34:01.0805 5648  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AF1000, BlocksNum 0x38894830
12:34:01.0805 5648  ============================================================
12:34:01.0821 5648  C: <-> \Device\Harddisk0\DR0\Partition2
12:34:01.0821 5648  ============================================================
12:34:01.0821 5648  Initialize success
12:34:01.0821 5648  ============================================================
12:34:17.0577 1760  ============================================================
12:34:17.0577 1760  Scan started
12:34:17.0577 1760  Mode: Manual; SigCheck; TDLFS; 
12:34:17.0577 1760  ============================================================
12:34:17.0967 1760  ================ Scan system memory ========================
12:34:17.0967 1760  System memory - ok
12:34:17.0967 1760  ================ Scan services =============================
12:34:18.0123 1760  [ 969C91060CBB5D17CB8440B5F78B4C51 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:34:18.0185 1760  1394ohci - ok
12:34:18.0263 1760  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:34:18.0294 1760  ACDaemon - ok
12:34:18.0341 1760  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:34:18.0357 1760  ACPI - ok
12:34:18.0388 1760  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:34:18.0403 1760  AcpiPmi - ok
12:34:18.0481 1760  [ 5AE65DCD983077278A6173C2872BCA99 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
12:34:18.0513 1760  acsock - ok
12:34:18.0575 1760  [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
12:34:18.0606 1760  AdobeActiveFileMonitor8.0 - ok
12:34:18.0700 1760  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:34:18.0731 1760  AdobeARMservice - ok
12:34:18.0840 1760  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:34:18.0871 1760  AdobeFlashPlayerUpdateSvc - ok
12:34:18.0918 1760  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:34:18.0965 1760  adp94xx - ok
12:34:18.0996 1760  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:34:19.0012 1760  adpahci - ok
12:34:19.0027 1760  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:34:19.0043 1760  adpu320 - ok
12:34:19.0059 1760  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:34:19.0090 1760  AeLookupSvc - ok
12:34:19.0152 1760  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
12:34:19.0215 1760  AFD - ok
12:34:19.0246 1760  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:34:19.0261 1760  agp440 - ok
12:34:19.0261 1760  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:34:19.0277 1760  ALG - ok
12:34:19.0308 1760  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:34:19.0324 1760  aliide - ok
12:34:19.0355 1760  [ 3F9B03B72577A6A7405BF30801CBD159 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:34:19.0355 1760  AMD External Events Utility - ok
12:34:19.0386 1760  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:34:19.0386 1760  amdide - ok
12:34:19.0417 1760  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:34:19.0433 1760  AmdK8 - ok
12:34:19.0651 1760  [ EA244A8B88DE8B5986BF3B7903B063AF ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:34:19.0729 1760  amdkmdag - ok
12:34:19.0761 1760  [ DCA6E341A4A7C31EA8A14C6166C9B249 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:34:19.0776 1760  amdkmdap - ok
12:34:19.0792 1760  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:34:19.0807 1760  AmdPPM - ok
12:34:19.0839 1760  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:34:19.0870 1760  amdsata - ok
12:34:19.0901 1760  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:34:19.0917 1760  amdsbs - ok
12:34:19.0932 1760  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:34:19.0948 1760  amdxata - ok
12:34:20.0057 1760  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:34:20.0073 1760  AntiVirSchedulerService - ok
12:34:20.0104 1760  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:34:20.0119 1760  AntiVirService - ok
12:34:20.0166 1760  [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService  C:\Windows\system32\drivers\Apfiltr.sys
12:34:20.0197 1760  ApfiltrService - ok
12:34:20.0244 1760  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
12:34:20.0275 1760  AppID - ok
12:34:20.0307 1760  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:34:20.0353 1760  AppIDSvc - ok
12:34:20.0369 1760  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
12:34:20.0385 1760  Appinfo - ok
12:34:20.0463 1760  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:34:20.0494 1760  Apple Mobile Device - ok
12:34:20.0525 1760  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:34:20.0541 1760  arc - ok
12:34:20.0572 1760  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:34:20.0587 1760  arcsas - ok
12:34:20.0603 1760  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
12:34:20.0619 1760  ArcSoftKsUFilter - ok
12:34:20.0697 1760  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:34:20.0728 1760  aspnet_state - ok
12:34:20.0759 1760  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:34:20.0806 1760  AsyncMac - ok
12:34:20.0853 1760  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:34:20.0884 1760  atapi - ok
12:34:20.0946 1760  [ CCA705CDF038D5BC243203CE4416B345 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
12:34:20.0993 1760  athr - ok
12:34:21.0196 1760  [ EA244A8B88DE8B5986BF3B7903B063AF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:34:21.0274 1760  atikmdag - ok
12:34:21.0352 1760  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:34:21.0414 1760  AudioEndpointBuilder - ok
12:34:21.0461 1760  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:34:21.0539 1760  AudioSrv - ok
12:34:21.0570 1760  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
12:34:21.0570 1760  avgntflt - ok
12:34:21.0617 1760  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
12:34:21.0648 1760  avipbb - ok
12:34:21.0648 1760  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
12:34:21.0664 1760  avkmgr - ok
12:34:21.0726 1760  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:34:21.0773 1760  AxInstSV - ok
12:34:21.0804 1760  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:34:21.0835 1760  b06bdrv - ok
12:34:21.0882 1760  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:34:21.0898 1760  b57nd60a - ok
12:34:21.0913 1760  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:34:21.0929 1760  BDESVC - ok
12:34:21.0929 1760  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:34:21.0976 1760  Beep - ok
12:34:22.0007 1760  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
12:34:22.0054 1760  BFE - ok
12:34:22.0101 1760  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
12:34:22.0163 1760  BITS - ok
12:34:22.0194 1760  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:34:22.0210 1760  blbdrive - ok
12:34:22.0272 1760  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:34:22.0303 1760  Bonjour Service - ok
12:34:22.0350 1760  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:34:22.0397 1760  bowser - ok
12:34:22.0428 1760  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:34:22.0459 1760  BrFiltLo - ok
12:34:22.0475 1760  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:34:22.0491 1760  BrFiltUp - ok
12:34:22.0537 1760  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
12:34:22.0553 1760  Browser - ok
12:34:22.0584 1760  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:34:22.0600 1760  Brserid - ok
12:34:22.0615 1760  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:34:22.0631 1760  BrSerWdm - ok
12:34:22.0662 1760  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:34:22.0678 1760  BrUsbMdm - ok
12:34:22.0678 1760  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:34:22.0693 1760  BrUsbSer - ok
12:34:22.0740 1760  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:34:22.0771 1760  BthEnum - ok
12:34:22.0803 1760  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:34:22.0849 1760  BTHMODEM - ok
12:34:22.0865 1760  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:34:22.0881 1760  BthPan - ok
12:34:22.0927 1760  [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:34:22.0943 1760  BTHPORT - ok
12:34:22.0974 1760  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:34:23.0005 1760  bthserv - ok
12:34:23.0052 1760  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:34:23.0052 1760  BTHUSB - ok
12:34:23.0099 1760  [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
12:34:23.0130 1760  btwampfl - ok
12:34:23.0161 1760  [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:34:23.0161 1760  btwaudio - ok
12:34:23.0224 1760  [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
12:34:23.0239 1760  btwavdt - ok
12:34:23.0333 1760  [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:34:23.0395 1760  btwdins - ok
12:34:23.0427 1760  [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
12:34:23.0427 1760  btwl2cap - ok
12:34:23.0458 1760  [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:34:23.0458 1760  btwrchid - ok
12:34:23.0489 1760  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:34:23.0520 1760  cdfs - ok
12:34:23.0551 1760  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:34:23.0567 1760  cdrom - ok
12:34:23.0598 1760  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:34:23.0629 1760  CertPropSvc - ok
12:34:23.0645 1760  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:34:23.0661 1760  circlass - ok
12:34:23.0692 1760  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:34:23.0707 1760  CLFS - ok
12:34:23.0739 1760  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:34:23.0770 1760  clr_optimization_v2.0.50727_32 - ok
12:34:23.0801 1760  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:34:23.0832 1760  clr_optimization_v2.0.50727_64 - ok
12:34:23.0895 1760  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:34:23.0926 1760  clr_optimization_v4.0.30319_32 - ok
12:34:23.0926 1760  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:34:23.0941 1760  clr_optimization_v4.0.30319_64 - ok
12:34:23.0973 1760  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:34:23.0973 1760  CmBatt - ok
12:34:24.0004 1760  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:34:24.0019 1760  cmdide - ok
12:34:24.0051 1760  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:34:24.0082 1760  CNG - ok
12:34:24.0113 1760  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:34:24.0129 1760  Compbatt - ok
12:34:24.0160 1760  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:34:24.0191 1760  CompositeBus - ok
12:34:24.0207 1760  COMSysApp - ok
12:34:24.0238 1760  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:34:24.0238 1760  crcdisk - ok
12:34:24.0285 1760  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:34:24.0316 1760  CryptSvc - ok
12:34:24.0347 1760  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:34:24.0394 1760  DcomLaunch - ok
12:34:24.0425 1760  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:34:24.0472 1760  defragsvc - ok
12:34:24.0519 1760  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:34:24.0550 1760  DfsC - ok
12:34:24.0581 1760  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:34:24.0612 1760  Dhcp - ok
12:34:24.0628 1760  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:34:24.0659 1760  discache - ok
12:34:24.0706 1760  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:34:24.0737 1760  Disk - ok
12:34:24.0784 1760  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:34:24.0799 1760  Dnscache - ok
12:34:24.0831 1760  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
12:34:24.0877 1760  dot3svc - ok
12:34:24.0893 1760  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
12:34:24.0940 1760  DPS - ok
12:34:24.0955 1760  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:34:24.0971 1760  drmkaud - ok
12:34:25.0002 1760  [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:34:25.0018 1760  dtsoftbus01 - ok
12:34:25.0065 1760  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:34:25.0111 1760  DXGKrnl - ok
12:34:25.0143 1760  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:34:25.0174 1760  EapHost - ok
12:34:25.0283 1760  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:34:25.0330 1760  ebdrv - ok
12:34:25.0361 1760  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
12:34:25.0377 1760  EFS - ok
12:34:25.0439 1760  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:34:25.0486 1760  ehRecvr - ok
12:34:25.0517 1760  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:34:25.0533 1760  ehSched - ok
12:34:25.0579 1760  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:34:25.0611 1760  elxstor - ok
12:34:25.0642 1760  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:34:25.0657 1760  ErrDev - ok
12:34:25.0704 1760  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:34:25.0767 1760  EventSystem - ok
12:34:25.0798 1760  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:34:25.0829 1760  exfat - ok
12:34:25.0845 1760  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:34:25.0876 1760  fastfat - ok
12:34:25.0923 1760  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
12:34:25.0938 1760  Fax - ok
12:34:25.0954 1760  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
12:34:25.0969 1760  fdc - ok
12:34:25.0969 1760  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:34:26.0016 1760  fdPHost - ok
12:34:26.0016 1760  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:34:26.0063 1760  FDResPub - ok
12:34:26.0079 1760  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:34:26.0094 1760  FileInfo - ok
12:34:26.0110 1760  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:34:26.0141 1760  Filetrace - ok
12:34:26.0188 1760  [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:34:26.0250 1760  FLEXnet Licensing Service - ok
12:34:26.0266 1760  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:34:26.0281 1760  flpydisk - ok
12:34:26.0313 1760  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:34:26.0328 1760  FltMgr - ok
12:34:26.0359 1760  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
12:34:26.0406 1760  FontCache - ok
12:34:26.0453 1760  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:34:26.0469 1760  FontCache3.0.0.0 - ok
12:34:26.0484 1760  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:34:26.0500 1760  FsDepends - ok
12:34:26.0547 1760  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
12:34:26.0562 1760  fssfltr - ok
12:34:26.0625 1760  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:34:26.0718 1760  fsssvc - ok
12:34:26.0765 1760  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:34:26.0765 1760  Fs_Rec - ok
12:34:26.0812 1760  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:34:26.0843 1760  fvevol - ok
12:34:26.0874 1760  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:34:26.0874 1760  gagp30kx - ok
12:34:26.0921 1760  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:34:26.0937 1760  GEARAspiWDM - ok
12:34:26.0983 1760  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
12:34:27.0030 1760  gpsvc - ok
12:34:27.0046 1760  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:34:27.0061 1760  hcw85cir - ok
12:34:27.0093 1760  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:34:27.0108 1760  HdAudAddService - ok
12:34:27.0124 1760  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:34:27.0139 1760  HDAudBus - ok
12:34:27.0155 1760  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\drivers\HECIx64.sys
12:34:27.0171 1760  HECIx64 - ok
12:34:27.0171 1760  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:34:27.0186 1760  HidBatt - ok
12:34:27.0202 1760  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:34:27.0217 1760  HidBth - ok
12:34:27.0249 1760  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:34:27.0264 1760  HidIr - ok
12:34:27.0280 1760  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:34:27.0327 1760  hidserv - ok
12:34:27.0373 1760  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:34:27.0389 1760  HidUsb - ok
12:34:27.0420 1760  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:34:27.0483 1760  hkmsvc - ok
12:34:27.0498 1760  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:34:27.0529 1760  HomeGroupListener - ok
12:34:27.0545 1760  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:34:27.0561 1760  HomeGroupProvider - ok
12:34:27.0576 1760  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:34:27.0592 1760  HpSAMD - ok
12:34:27.0623 1760  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:34:27.0685 1760  HTTP - ok
12:34:27.0701 1760  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:34:27.0701 1760  hwpolicy - ok
12:34:27.0748 1760  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:34:27.0779 1760  i8042prt - ok
12:34:27.0810 1760  [ ABBF174CB394F5C437410A788B7E404A ] iaStor          C:\Windows\system32\drivers\iaStor.sys
12:34:27.0826 1760  iaStor - ok
12:34:27.0888 1760  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:34:27.0904 1760  IAStorDataMgrSvc - ok
12:34:27.0935 1760  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:34:27.0966 1760  iaStorV - ok
12:34:27.0997 1760  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:34:28.0075 1760  idsvc - ok
12:34:28.0294 1760  [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:34:28.0419 1760  igfx ( UnsignedFile.Multi.Generic ) - warning
12:34:28.0419 1760  igfx - detected UnsignedFile.Multi.Generic (1)
12:34:28.0450 1760  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:34:28.0465 1760  iirsp - ok
12:34:28.0497 1760  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
12:34:28.0543 1760  IKEEXT - ok
12:34:28.0590 1760  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
12:34:28.0606 1760  Impcd - ok
12:34:28.0715 1760  [ 526E482AFB586CB1CDD687869DECF686 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:34:28.0762 1760  IntcAzAudAddService - ok
12:34:28.0809 1760  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:34:28.0809 1760  IntcDAud ( UnsignedFile.Multi.Generic ) - warning
12:34:28.0809 1760  IntcDAud - detected UnsignedFile.Multi.Generic (1)
12:34:28.0840 1760  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:34:28.0855 1760  intelide - ok
12:34:28.0871 1760  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
12:34:28.0887 1760  intelppm - ok
12:34:28.0902 1760  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:34:28.0949 1760  IPBusEnum - ok
12:34:28.0949 1760  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:34:28.0996 1760  IpFilterDriver - ok
12:34:29.0011 1760  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:34:29.0058 1760  iphlpsvc - ok
12:34:29.0089 1760  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:34:29.0089 1760  IPMIDRV - ok
12:34:29.0121 1760  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:34:29.0167 1760  IPNAT - ok
12:34:29.0214 1760  [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:34:29.0277 1760  iPod Service - ok
12:34:29.0292 1760  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:34:29.0323 1760  IRENUM - ok
12:34:29.0323 1760  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:34:29.0339 1760  isapnp - ok
12:34:29.0370 1760  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:34:29.0386 1760  iScsiPrt - ok
12:34:29.0401 1760  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
12:34:29.0417 1760  kbdclass - ok
12:34:29.0433 1760  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:34:29.0448 1760  kbdhid - ok
12:34:29.0464 1760  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
12:34:29.0479 1760  KeyIso - ok
12:34:29.0511 1760  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:34:29.0526 1760  KSecDD - ok
12:34:29.0557 1760  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:34:29.0573 1760  KSecPkg - ok
12:34:29.0604 1760  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:34:29.0635 1760  ksthunk - ok
12:34:29.0667 1760  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:34:29.0698 1760  KtmRm - ok
12:34:29.0745 1760  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:34:29.0776 1760  LanmanServer - ok
12:34:29.0807 1760  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:34:29.0854 1760  LanmanWorkstation - ok
12:34:29.0901 1760  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:34:29.0947 1760  lltdio - ok
12:34:29.0979 1760  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:34:30.0010 1760  lltdsvc - ok
12:34:30.0025 1760  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:34:30.0057 1760  lmhosts - ok
12:34:30.0119 1760  [ 3D23191672D83E90D1CF63927EE98136 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:34:30.0150 1760  LMS - ok
12:34:30.0181 1760  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:34:30.0197 1760  LSI_FC - ok
12:34:30.0213 1760  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:34:30.0228 1760  LSI_SAS - ok
12:34:30.0244 1760  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:34:30.0244 1760  LSI_SAS2 - ok
12:34:30.0259 1760  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:34:30.0275 1760  LSI_SCSI - ok
12:34:30.0291 1760  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:34:30.0337 1760  luafv - ok
12:34:30.0431 1760  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
12:34:30.0462 1760  McComponentHostService - ok
12:34:30.0493 1760  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:34:30.0509 1760  Mcx2Svc - ok
12:34:30.0525 1760  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:34:30.0540 1760  megasas - ok
12:34:30.0556 1760  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:34:30.0571 1760  MegaSR - ok
12:34:30.0603 1760  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:34:30.0634 1760  MMCSS - ok
12:34:30.0649 1760  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:34:30.0681 1760  Modem - ok
12:34:30.0712 1760  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:34:30.0727 1760  monitor - ok
12:34:30.0743 1760  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
12:34:30.0759 1760  mouclass - ok
12:34:30.0774 1760  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
12:34:30.0790 1760  mouhid - ok
12:34:30.0805 1760  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:34:30.0805 1760  mountmgr - ok
12:34:30.0883 1760  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:34:30.0915 1760  MozillaMaintenance - ok
12:34:30.0930 1760  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\drivers\mpio.sys
12:34:30.0946 1760  mpio - ok
12:34:30.0977 1760  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:34:31.0008 1760  mpsdrv - ok
12:34:31.0039 1760  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:34:31.0086 1760  MpsSvc - ok
12:34:31.0117 1760  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:34:31.0133 1760  MRxDAV - ok
12:34:31.0164 1760  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:34:31.0195 1760  mrxsmb - ok
12:34:31.0242 1760  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:34:31.0258 1760  mrxsmb10 - ok
12:34:31.0273 1760  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:34:31.0289 1760  mrxsmb20 - ok
12:34:31.0320 1760  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:34:31.0336 1760  msahci - ok
12:34:31.0351 1760  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:34:31.0367 1760  msdsm - ok
12:34:31.0383 1760  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:34:31.0398 1760  MSDTC - ok
12:34:31.0429 1760  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:34:31.0461 1760  Msfs - ok
12:34:31.0476 1760  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:34:31.0507 1760  mshidkmdf - ok
12:34:31.0523 1760  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:34:31.0523 1760  msisadrv - ok
12:34:31.0570 1760  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:34:31.0601 1760  MSiSCSI - ok
12:34:31.0617 1760  msiserver - ok
12:34:31.0632 1760  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:34:31.0679 1760  MSKSSRV - ok
12:34:31.0695 1760  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:34:31.0726 1760  MSPCLOCK - ok
12:34:31.0741 1760  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:34:31.0773 1760  MSPQM - ok
12:34:31.0788 1760  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:34:31.0804 1760  MsRPC - ok
12:34:31.0819 1760  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:34:31.0835 1760  mssmbios - ok
12:34:31.0851 1760  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:34:31.0882 1760  MSTEE - ok
12:34:31.0897 1760  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:34:31.0913 1760  MTConfig - ok
12:34:31.0929 1760  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:34:31.0944 1760  Mup - ok
12:34:31.0975 1760  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
12:34:32.0007 1760  napagent - ok
12:34:32.0038 1760  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:34:32.0053 1760  NativeWifiP - ok
12:34:32.0085 1760  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:34:32.0147 1760  NDIS - ok
12:34:32.0178 1760  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:34:32.0209 1760  NdisCap - ok
12:34:32.0241 1760  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:34:32.0272 1760  NdisTapi - ok
12:34:32.0303 1760  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:34:32.0334 1760  Ndisuio - ok
12:34:32.0350 1760  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:34:32.0397 1760  NdisWan - ok
12:34:32.0412 1760  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:34:32.0443 1760  NDProxy - ok
12:34:32.0459 1760  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:34:32.0490 1760  NetBIOS - ok
12:34:32.0506 1760  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:34:32.0553 1760  NetBT - ok
12:34:32.0553 1760  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
12:34:32.0568 1760  Netlogon - ok
12:34:32.0599 1760  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:34:32.0646 1760  Netman - ok
12:34:32.0709 1760  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0724 1760  NetMsmqActivator - ok
12:34:32.0755 1760  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0771 1760  NetPipeActivator - ok
12:34:32.0802 1760  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:34:32.0849 1760  netprofm - ok
12:34:32.0865 1760  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0880 1760  NetTcpActivator - ok
12:34:32.0880 1760  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:34:32.0896 1760  NetTcpPortSharing - ok
12:34:32.0927 1760  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:34:32.0943 1760  nfrd960 - ok
12:34:32.0989 1760  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:34:33.0052 1760  NlaSvc - ok
12:34:33.0083 1760  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:34:33.0130 1760  Npfs - ok
12:34:33.0130 1760  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:34:33.0177 1760  nsi - ok
12:34:33.0177 1760  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:34:33.0223 1760  nsiproxy - ok
12:34:33.0286 1760  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:34:33.0333 1760  Ntfs - ok
12:34:33.0364 1760  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:34:33.0395 1760  Null - ok
12:34:33.0457 1760  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:34:33.0489 1760  nvraid - ok
12:34:33.0504 1760  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:34:33.0520 1760  nvstor - ok
12:34:33.0551 1760  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:34:33.0567 1760  nv_agp - ok
12:34:33.0629 1760  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:34:33.0676 1760  odserv - ok
12:34:33.0707 1760  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:34:33.0723 1760  ohci1394 - ok
12:34:33.0769 1760  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:34:33.0801 1760  ose - ok
12:34:33.0832 1760  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:34:33.0879 1760  p2pimsvc - ok
12:34:33.0910 1760  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:34:33.0925 1760  p2psvc - ok
12:34:33.0941 1760  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:34:33.0957 1760  Parport - ok
12:34:33.0988 1760  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:34:34.0003 1760  partmgr - ok
12:34:34.0019 1760  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:34:34.0035 1760  PcaSvc - ok
12:34:34.0035 1760  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\drivers\pci.sys
12:34:34.0050 1760  pci - ok
12:34:34.0081 1760  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:34:34.0113 1760  pciide - ok
12:34:34.0128 1760  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:34:34.0144 1760  pcmcia - ok
12:34:34.0175 1760  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:34:34.0175 1760  pcw - ok
12:34:34.0206 1760  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:34:34.0237 1760  PEAUTH - ok
12:34:34.0315 1760  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:34:34.0347 1760  PerfHost - ok
12:34:34.0440 1760  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
12:34:34.0503 1760  pla - ok
12:34:34.0534 1760  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:34:34.0549 1760  PlugPlay - ok
12:34:34.0612 1760  [ 80E85394D8CD7F84340B1C6F4B9D698F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
12:34:34.0643 1760  PMBDeviceInfoProvider - ok
12:34:34.0674 1760  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:34:34.0690 1760  PNRPAutoReg - ok
12:34:34.0705 1760  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:34:34.0721 1760  PNRPsvc - ok
12:34:34.0752 1760  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:34:34.0783 1760  PolicyAgent - ok
12:34:34.0815 1760  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:34:34.0846 1760  Power - ok
12:34:34.0877 1760  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:34:34.0924 1760  PptpMiniport - ok
12:34:34.0955 1760  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:34:34.0955 1760  Processor - ok
12:34:35.0002 1760  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
12:34:35.0033 1760  ProfSvc - ok
12:34:35.0049 1760  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:34:35.0080 1760  ProtectedStorage - ok
12:34:35.0111 1760  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:34:35.0142 1760  Psched - ok
12:34:35.0189 1760  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:34:35.0189 1760  PxHlpa64 - ok
12:34:35.0251 1760  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:34:35.0314 1760  ql2300 - ok
12:34:35.0329 1760  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:34:35.0329 1760  ql40xx - ok
12:34:35.0361 1760  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:34:35.0376 1760  QWAVE - ok
12:34:35.0407 1760  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:34:35.0423 1760  QWAVEdrv - ok
12:34:35.0439 1760  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:34:35.0470 1760  RasAcd - ok
12:34:35.0485 1760  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:34:35.0532 1760  RasAgileVpn - ok
12:34:35.0532 1760  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:34:35.0579 1760  RasAuto - ok
12:34:35.0595 1760  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:34:35.0626 1760  Rasl2tp - ok
12:34:35.0641 1760  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
12:34:35.0688 1760  RasMan - ok
12:34:35.0704 1760  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:34:35.0751 1760  RasPppoe - ok
12:34:35.0766 1760  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:34:35.0797 1760  RasSstp - ok
12:34:35.0813 1760  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:34:35.0860 1760  rdbss - ok
12:34:35.0875 1760  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:34:35.0875 1760  rdpbus - ok
12:34:35.0891 1760  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:34:35.0922 1760  RDPCDD - ok
12:34:35.0953 1760  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:34:36.0000 1760  RDPENCDD - ok
12:34:36.0016 1760  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:34:36.0047 1760  RDPREFMP - ok
12:34:36.0078 1760  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:34:36.0109 1760  RDPWD - ok
12:34:36.0141 1760  [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:34:36.0172 1760  rdyboost - ok
12:34:36.0187 1760  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:34:36.0234 1760  RemoteAccess - ok
12:34:36.0265 1760  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:34:36.0297 1760  RemoteRegistry - ok
12:34:36.0328 1760  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:34:36.0343 1760  RFCOMM - ok
12:34:36.0390 1760  [ FA6ABC06B629DA29634D31F1FE0347BD ] rimspci         C:\Windows\system32\drivers\rimssne64.sys
12:34:36.0390 1760  rimspci - ok
12:34:36.0421 1760  [ 8F8539A7F5C117D4407B2985995671F2 ] risdsnpe        C:\Windows\system32\drivers\risdsne64.sys
12:34:36.0437 1760  risdsnpe - ok
12:34:36.0468 1760  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:34:36.0499 1760  RpcEptMapper - ok
12:34:36.0531 1760  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:34:36.0546 1760  RpcLocator - ok
12:34:36.0577 1760  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
12:34:36.0609 1760  RpcSs - ok
12:34:36.0655 1760  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:34:36.0718 1760  rspndr - ok
12:34:36.0749 1760  [ D6D381B76056C668679723938F06F16C ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:34:36.0765 1760  RTHDMIAzAudService - ok
12:34:36.0811 1760  [ 032F537623A7B2FB81AAA184C30B70C3 ] s0017bus        C:\Windows\system32\DRIVERS\s0017bus.sys
12:34:36.0811 1760  s0017bus - ok
12:34:36.0843 1760  [ 9964A28E569B4FF105B446EF8978FD5C ] s0017mdfl       C:\Windows\system32\DRIVERS\s0017mdfl.sys
12:34:36.0843 1760  s0017mdfl - ok
12:34:36.0858 1760  [ 06347087D274C23DCFA8C4AB5C4314DB ] s0017mdm        C:\Windows\system32\DRIVERS\s0017mdm.sys
12:34:36.0874 1760  s0017mdm - ok
12:34:36.0889 1760  [ F0F0747B3FA50272DE6B1BF575FA4700 ] s0017mgmt       C:\Windows\system32\DRIVERS\s0017mgmt.sys
12:34:36.0905 1760  s0017mgmt - ok
12:34:36.0921 1760  [ 7224412CEA2FF2DF7D4842C1B0E71045 ] s0017nd5        C:\Windows\system32\DRIVERS\s0017nd5.sys
12:34:36.0936 1760  s0017nd5 - ok
12:34:36.0952 1760  [ 3FEADBC7F09B8B596CBFB82F12ABA87F ] s0017obex       C:\Windows\system32\DRIVERS\s0017obex.sys
12:34:36.0952 1760  s0017obex - ok
12:34:36.0967 1760  [ 2B63BEA31D939888B2A8F3F14D89B5C1 ] s0017unic       C:\Windows\system32\DRIVERS\s0017unic.sys
12:34:36.0983 1760  s0017unic - ok
12:34:37.0014 1760  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
12:34:37.0030 1760  SamSs - ok
12:34:37.0045 1760  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:34:37.0045 1760  sbp2port - ok
12:34:37.0077 1760  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:34:37.0123 1760  SCardSvr - ok
12:34:37.0139 1760  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:34:37.0186 1760  scfilter - ok
12:34:37.0217 1760  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
12:34:37.0264 1760  Schedule - ok
12:34:37.0279 1760  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:34:37.0326 1760  SCPolicySvc - ok
12:34:37.0357 1760  [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:34:37.0404 1760  sdbus - ok
12:34:37.0420 1760  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:34:37.0435 1760  SDRSVC - ok
12:34:37.0467 1760  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:34:37.0513 1760  secdrv - ok
12:34:37.0529 1760  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
12:34:37.0560 1760  seclogon - ok
12:34:37.0576 1760  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:34:37.0607 1760  SENS - ok
12:34:37.0654 1760  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:34:37.0654 1760  SensrSvc - ok
12:34:37.0669 1760  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:34:37.0685 1760  Serenum - ok
12:34:37.0716 1760  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
12:34:37.0716 1760  Serial - ok
12:34:37.0747 1760  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:34:37.0763 1760  sermouse - ok
12:34:37.0779 1760  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
12:34:37.0825 1760  SessionEnv - ok
12:34:37.0857 1760  [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
12:34:37.0872 1760  SFEP - ok
12:34:37.0888 1760  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:34:37.0903 1760  sffdisk - ok
12:34:37.0919 1760  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:34:37.0919 1760  sffp_mmc - ok
12:34:37.0950 1760  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:34:37.0950 1760  sffp_sd - ok
12:34:37.0966 1760  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:34:37.0981 1760  sfloppy - ok
12:34:38.0013 1760  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:34:38.0044 1760  SharedAccess - ok
12:34:38.0091 1760  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:34:38.0122 1760  ShellHWDetection - ok
12:34:38.0153 1760  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:34:38.0169 1760  SiSRaid2 - ok
12:34:38.0200 1760  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:34:38.0215 1760  SiSRaid4 - ok
12:34:38.0247 1760  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:34:38.0278 1760  Smb - ok
12:34:38.0325 1760  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:34:38.0340 1760  SNMPTRAP - ok
12:34:38.0434 1760  [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
12:34:38.0449 1760  SOHCImp - ok
12:34:38.0481 1760  [ 65CC4779A29C3E82B987BD4961790DFF ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
12:34:38.0512 1760  SOHDms - ok
12:34:38.0527 1760  [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
12:34:38.0543 1760  SOHDs - ok
12:34:38.0621 1760  [ 5449FC97476F52E027409E703791E6A9 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
12:34:38.0652 1760  SpfService - ok
12:34:38.0683 1760  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:34:38.0699 1760  spldr - ok
12:34:38.0746 1760  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
12:34:38.0793 1760  Spooler - ok
12:34:38.0902 1760  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:34:39.0011 1760  sppsvc - ok
12:34:39.0027 1760  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:34:39.0058 1760  sppuinotify - ok
12:34:39.0089 1760  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:34:39.0120 1760  srv - ok
12:34:39.0151 1760  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:34:39.0151 1760  srv2 - ok
12:34:39.0183 1760  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:34:39.0214 1760  srvnet - ok
12:34:39.0245 1760  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:34:39.0292 1760  SSDPSRV - ok
12:34:39.0307 1760  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:34:39.0339 1760  SstpSvc - ok
12:34:39.0370 1760  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:34:39.0370 1760  stexstor - ok
12:34:39.0401 1760  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
12:34:39.0432 1760  stisvc - ok
12:34:39.0448 1760  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:34:39.0448 1760  swenum - ok
12:34:39.0479 1760  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:34:39.0510 1760  swprv - ok
12:34:39.0573 1760  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
12:34:39.0619 1760  SysMain - ok
12:34:39.0666 1760  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:34:39.0682 1760  TabletInputService - ok
12:34:39.0697 1760  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:34:39.0729 1760  TapiSrv - ok
12:34:39.0744 1760  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:34:39.0775 1760  TBS - ok
12:34:39.0853 1760  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:34:39.0916 1760  Tcpip - ok
12:34:39.0963 1760  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:34:39.0994 1760  TCPIP6 - ok
12:34:40.0025 1760  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:34:40.0072 1760  tcpipreg - ok
12:34:40.0103 1760  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:34:40.0119 1760  TDPIPE - ok
12:34:40.0165 1760  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:34:40.0197 1760  TDTCP - ok
12:34:40.0228 1760  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:34:40.0290 1760  tdx - ok
12:34:40.0306 1760  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:34:40.0321 1760  TermDD - ok
12:34:40.0353 1760  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
12:34:40.0399 1760  TermService - ok
12:34:40.0415 1760  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:34:40.0431 1760  Themes - ok
12:34:40.0446 1760  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:34:40.0493 1760  THREADORDER - ok
12:34:40.0509 1760  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:34:40.0555 1760  TrkWks - ok
12:34:40.0602 1760  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:34:40.0633 1760  TrustedInstaller - ok
12:34:40.0649 1760  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:34:40.0696 1760  tssecsrv - ok
12:34:40.0711 1760  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:34:40.0758 1760  tunnel - ok
12:34:40.0774 1760  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:34:40.0774 1760  uagp35 - ok
12:34:40.0805 1760  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
12:34:40.0821 1760  uCamMonitor - ok
12:34:40.0852 1760  [ 0E5E962B5649D544BE54E8C90761EA2B ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:34:40.0883 1760  udfs - ok
12:34:40.0899 1760  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:34:40.0930 1760  UI0Detect - ok
12:34:40.0930 1760  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:34:40.0945 1760  uliagpkx - ok
12:34:40.0961 1760  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:34:40.0977 1760  umbus - ok
12:34:41.0008 1760  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:34:41.0008 1760  UmPass - ok
12:34:41.0148 1760  [ 11A559E0F10CC5E788984023DF400A6F ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:34:41.0273 1760  UNS - ok
12:34:41.0304 1760  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:34:41.0335 1760  upnphost - ok
12:34:41.0382 1760  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:34:41.0413 1760  USBAAPL64 - ok
12:34:41.0460 1760  [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:34:41.0491 1760  usbaudio - ok
12:34:41.0523 1760  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:34:41.0554 1760  usbccgp - ok
12:34:41.0585 1760  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:34:41.0616 1760  usbcir - ok
12:34:41.0632 1760  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:34:41.0647 1760  usbehci - ok
12:34:41.0679 1760  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:34:41.0694 1760  usbhub - ok
12:34:41.0710 1760  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:34:41.0710 1760  usbohci - ok
12:34:41.0757 1760  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:34:41.0788 1760  usbprint - ok
12:34:41.0803 1760  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:34:41.0819 1760  USBSTOR - ok
12:34:41.0835 1760  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:34:41.0850 1760  usbuhci - ok
12:34:41.0881 1760  [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:34:41.0928 1760  usbvideo - ok
12:34:41.0959 1760  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:34:42.0006 1760  UxSms - ok
12:34:42.0037 1760  [ A60605FC66552B421EE1F3D4EBB9A4E0 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
12:34:42.0069 1760  VAIO Event Service - ok
12:34:42.0147 1760  [ D469BE2723F79CF4B384680B1FDC577D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
12:34:42.0178 1760  VAIO Power Management - ok
12:34:42.0193 1760  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
12:34:42.0209 1760  VaultSvc - ok
12:34:42.0256 1760  [ 96EFA2698D6B9E2931609A3EA73FC5DC ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
12:34:42.0318 1760  VCFw - ok
12:34:42.0365 1760  [ 7BEBF6A5285FFC03C34A7297A4E177CB ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
12:34:42.0412 1760  VcmIAlzMgr - ok
12:34:42.0443 1760  [ E005B04DFCA99F5880C5111933194CA9 ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
12:34:42.0459 1760  VcmINSMgr - ok
12:34:42.0490 1760  [ 829A32FD1334F72429CA0515760EB7A7 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
12:34:42.0490 1760  VcmXmlIfHelper - ok
12:34:42.0552 1760  [ D347D3ABE070AA09C22FC37121555D52 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
12:34:42.0568 1760  VCService - ok
12:34:42.0583 1760  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:34:42.0599 1760  vdrvroot - ok
12:34:42.0646 1760  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
12:34:42.0677 1760  vds - ok
12:34:42.0708 1760  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:34:42.0724 1760  vga - ok
12:34:42.0740 1760  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:34:42.0786 1760  VgaSave - ok
12:34:42.0802 1760  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:34:42.0818 1760  vhdmp - ok
12:34:42.0833 1760  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:34:42.0833 1760  viaide - ok
12:34:42.0864 1760  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:34:42.0880 1760  volmgr - ok
12:34:42.0896 1760  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:34:42.0911 1760  volmgrx - ok
12:34:42.0942 1760  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:34:42.0958 1760  volsnap - ok
12:34:43.0036 1760  [ B671E1CE912B85478DAC11C7A210B6F6 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:34:43.0098 1760  vpnagent - ok
12:34:43.0145 1760  [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
12:34:43.0161 1760  vpnva - ok
12:34:43.0208 1760  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:34:43.0223 1760  vsmraid - ok
12:34:43.0286 1760  [ A7EB62C664A03901165290A714BD48D0 ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
12:34:43.0332 1760  VSNService ( UnsignedFile.Multi.Generic ) - warning
12:34:43.0332 1760  VSNService - detected UnsignedFile.Multi.Generic (1)
12:34:43.0395 1760  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
12:34:43.0457 1760  VSS - ok
12:34:43.0535 1760  [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
12:34:43.0613 1760  VUAgent - ok
12:34:43.0644 1760  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:34:43.0660 1760  vwifibus - ok
12:34:43.0676 1760  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:34:43.0691 1760  vwififlt - ok
12:34:43.0722 1760  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:34:43.0738 1760  vwifimp - ok
12:34:43.0754 1760  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:34:43.0785 1760  W32Time - ok
12:34:43.0816 1760  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:34:43.0832 1760  WacomPen - ok
12:34:43.0863 1760  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:34:43.0925 1760  WANARP - ok
12:34:43.0956 1760  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:34:43.0988 1760  Wanarpv6 - ok
12:34:44.0050 1760  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
12:34:44.0128 1760  wbengine - ok
12:34:44.0128 1760  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:34:44.0144 1760  WbioSrvc - ok
12:34:44.0175 1760  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:34:44.0190 1760  wcncsvc - ok
12:34:44.0206 1760  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:34:44.0222 1760  WcsPlugInService - ok
12:34:44.0253 1760  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:34:44.0253 1760  Wd - ok
12:34:44.0300 1760  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:34:44.0346 1760  Wdf01000 - ok
12:34:44.0362 1760  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:34:44.0378 1760  WdiServiceHost - ok
12:34:44.0393 1760  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:34:44.0409 1760  WdiSystemHost - ok
12:34:44.0440 1760  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
12:34:44.0471 1760  WebClient - ok
12:34:44.0502 1760  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:34:44.0534 1760  Wecsvc - ok
12:34:44.0549 1760  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:34:44.0596 1760  wercplsupport - ok
12:34:44.0627 1760  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:34:44.0658 1760  WerSvc - ok
12:34:44.0690 1760  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:34:44.0736 1760  WfpLwf - ok
12:34:44.0752 1760  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:34:44.0768 1760  WIMMount - ok
12:34:44.0768 1760  WinDefend - ok
12:34:44.0783 1760  WinHttpAutoProxySvc - ok
12:34:44.0814 1760  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:34:44.0861 1760  Winmgmt - ok
12:34:44.0924 1760  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:34:45.0033 1760  WinRM - ok
12:34:45.0080 1760  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:34:45.0111 1760  WinUsb - ok
12:34:45.0158 1760  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:34:45.0204 1760  Wlansvc - ok
12:34:45.0282 1760  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:34:45.0282 1760  wlcrasvc - ok
12:34:45.0392 1760  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:34:45.0485 1760  wlidsvc - ok
12:34:45.0516 1760  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:34:45.0516 1760  WmiAcpi - ok
12:34:45.0548 1760  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:34:45.0594 1760  wmiApSrv - ok
12:34:45.0610 1760  WMPNetworkSvc - ok
12:34:45.0719 1760  [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm      c:\Program Files\Zune\WMZuneComm.exe
12:34:45.0766 1760  WMZuneComm - ok
12:34:45.0782 1760  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:34:45.0797 1760  WPCSvc - ok
12:34:45.0813 1760  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:34:45.0828 1760  WPDBusEnum - ok
12:34:45.0844 1760  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:34:45.0875 1760  ws2ifsl - ok
12:34:45.0891 1760  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:34:45.0922 1760  wscsvc - ok
12:34:45.0922 1760  WSearch - ok
12:34:46.0016 1760  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:34:46.0078 1760  wuauserv - ok
12:34:46.0109 1760  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:34:46.0140 1760  WudfPf - ok
12:34:46.0172 1760  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:34:46.0187 1760  WUDFRd - ok
12:34:46.0203 1760  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:34:46.0218 1760  wudfsvc - ok
12:34:46.0265 1760  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:34:46.0281 1760  WwanSvc - ok
12:34:46.0328 1760  [ 5250193EF8E173AA7491250F00EB367F ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
12:34:46.0343 1760  yukonw7 - ok
12:34:46.0562 1760  [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc  c:\Program Files\Zune\ZuneNss.exe
12:34:46.0842 1760  ZuneNetworkSvc - ok
12:34:46.0905 1760  [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc  c:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:34:46.0936 1760  ZuneWlanCfgSvc - ok
12:34:46.0998 1760  ================ Scan global ===============================
12:34:47.0014 1760  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:34:47.0061 1760  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
12:34:47.0076 1760  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
12:34:47.0108 1760  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:34:47.0139 1760  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:34:47.0139 1760  [Global] - ok
12:34:47.0139 1760  ================ Scan MBR ==================================
12:34:47.0154 1760  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:34:47.0591 1760  \Device\Harddisk0\DR0 - ok
12:34:47.0591 1760  ================ Scan VBR ==================================
12:34:47.0607 1760  [ 25FBBBDC5860CDB4FBDFEF6F7339852D ] \Device\Harddisk0\DR0\Partition1
12:34:47.0607 1760  \Device\Harddisk0\DR0\Partition1 - ok
12:34:47.0638 1760  [ F531585E13AAC193649EB59B87534786 ] \Device\Harddisk0\DR0\Partition2
12:34:47.0654 1760  \Device\Harddisk0\DR0\Partition2 - ok
12:34:47.0654 1760  ============================================================
12:34:47.0654 1760  Scan finished
12:34:47.0654 1760  ============================================================
12:34:47.0669 3172  Detected object count: 3
12:34:47.0669 3172  Actual detected object count: 3
12:34:50.0976 3172  igfx ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:50.0976 3172  igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:34:50.0976 3172  IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:50.0976 3172  IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:34:50.0976 3172  VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
12:34:50.0976 3172  VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:34:55.0532 4172  Deinitialize success
         

Alt 19.03.2013, 12:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 13:02   #13
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



hier der log:

Code:
ATTFilter
ComboFix 13-03-19.01 - *** 19.03.2013  12:49:59.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.2244 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-19 bis 2013-03-19  ))))))))))))))))))))))))))))))
.
.
2013-03-19 11:54 . 2013-03-19 11:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-16 15:46 . 2013-02-12 14:02	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-16 13:52 . 2013-03-18 17:09	--------	d-----w-	c:\users\***\AppData\Roaming\Qoeg
2013-03-16 13:52 . 2013-03-18 02:02	--------	d-----w-	c:\users\***\AppData\Roaming\Okynro
2013-03-16 13:52 . 2013-03-16 13:52	--------	d-----w-	c:\users\***\AppData\Roaming\Uvhiam
2013-03-14 21:25 . 2013-03-14 21:25	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-03-14 21:25 . 2013-03-14 21:25	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-03-13 15:16 . 2013-02-28 16:34	12405248	----a-w-	c:\windows\system32\ieframe.dll
2013-03-13 15:16 . 2013-02-28 16:34	9377280	----a-w-	c:\windows\system32\mshtml.dll
2013-03-13 15:16 . 2013-02-28 16:34	2463744	----a-w-	c:\windows\system32\iertutil.dll
2013-03-13 15:16 . 2013-02-28 16:34	1500160	----a-w-	c:\windows\system32\urlmon.dll
2013-03-13 15:16 . 2013-02-28 16:34	1026560	----a-w-	c:\windows\system32\mstime.dll
2013-03-13 15:16 . 2013-02-28 16:34	736256	----a-w-	c:\windows\system32\msfeeds.dll
2013-03-12 09:49 . 2013-03-13 12:02	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 21:27 . 2011-03-29 15:36	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-12 21:04 . 2012-04-14 17:10	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:04 . 2011-07-21 11:49	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-24 17:33 . 2013-01-24 17:33	11184	----a-w-	c:\windows\SysWow64\vpncategories.dll
2013-01-24 17:33 . 2013-01-24 17:33	34224	----a-w-	c:\windows\SysWow64\vpnevents.dll
2013-01-24 17:15 . 2011-01-11 12:54	27048	----a-w-	c:\windows\system32\drivers\vpnva64.sys
2013-01-24 17:13 . 2011-01-11 12:53	112080	----a-r-	c:\windows\system32\drivers\acsock64.sys
2013-01-05 05:57 . 2013-02-13 16:16	5500776	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-01-05 05:02 . 2013-02-13 16:16	3957608	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-13 16:16	3902312	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41 . 2013-02-13 16:15	1893224	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-01-04 05:40 . 2013-02-13 16:15	287576	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 05:37 . 2013-02-13 16:15	362496	----a-w-	c:\windows\system32\wow64win.dll
2013-01-04 05:37 . 2013-02-13 16:15	243200	----a-w-	c:\windows\system32\wow64.dll
2013-01-04 05:37 . 2013-02-13 16:15	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2013-01-04 05:36 . 2013-02-13 16:15	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-01-04 05:33 . 2013-02-13 16:15	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2013-01-04 05:30 . 2013-02-13 16:15	424960	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-04 05:30 . 2013-02-13 16:15	1161216	----a-w-	c:\windows\system32\kernel32.dll
2013-01-04 05:27 . 2013-02-13 16:15	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:51 . 2013-02-13 16:15	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-01-04 04:51 . 2013-02-13 16:15	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2013-01-04 04:43 . 2013-02-13 16:15	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 16:15	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-01-04 03:22 . 2013-02-13 16:16	3150848	----a-w-	c:\windows\system32\win32k.sys
2013-01-04 03:19 . 2013-02-13 16:15	338432	----a-w-	c:\windows\system32\conhost.exe
2013-01-04 02:48 . 2013-02-13 16:15	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-01-04 02:48 . 2013-02-13 16:15	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-01-04 02:48 . 2013-02-13 16:15	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-01-04 02:48 . 2013-02-13 16:15	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-01-04 02:43 . 2013-02-13 16:15	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 16:15	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 16:15	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 16:15	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-10-09 615808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-01-24 701872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\***\Desktop\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2013-01-24 112080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-05-28 158976]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-07 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-29 254528]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-09-07 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-01-24 544688]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-05-28 56344]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 22063730
*NewlyCreated* - 63858901
*NewlyCreated* - ASWMBR
*Deregistered* - 22063730
*Deregistered* - 63858901
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 21:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ilpb9bwh.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-19  12:56:09
ComboFix-quarantined-files.txt  2013-03-19 11:56
.
Vor Suchlauf: 13 Verzeichnis(se), 389.761.732.608 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 391.937.867.776 Bytes frei
.
- - End Of File - - D06FFA1ED5EC400EF09402368DCC0158
         

Alt 19.03.2013, 13:05   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2013, 13:50   #15
Sunny_1987
 
AntiVir meldet TR/Rogue.kdv.901925 - Standard

AntiVir meldet TR/Rogue.kdv.901925



JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 19.03.2013 at 13:18:49,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\pdfforge toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"



~~~ FireFox

Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\user.js
Successfully deleted: [Folder] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\prefs.js

user_pref("extensions.asktb.cbid", "N9");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&dm=lang");
user_pref("extensions.asktb.first-launch-url", "hxxp://www.studivz.net/Messages");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1312616208388");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.nero.userName", "");
user_pref("extensions.asktb.o", "15418");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "5");
user_pref("extensions.asktb.v", "3.6.13.100005");
user_pref("extensions.enabledItems", "firenes@facundo.zaldo:2.0,moveplayer@movenetworks.com:1.0.0.071303000004,toolbar@ask.com:3.6.13.184,{1018e4d6-728f-4b20-ad56-37578a4de76b
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\minidumps [124 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 13:24:59,43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adw:

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 19/03/2013 um 13:28:25 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : *** - ***-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17256

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ilpb9bwh.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1578 octets] - [19/03/2013 13:28:25]

########## EOF - C:\AdwCleaner[S1].txt - [1638 octets] ##########
         
OTL:

Code:
ATTFilter
OTL logfile created on: 19.03.2013 13:32:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,87% Memory free
7,71 Gb Paging File | 5,96 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,29 Gb Total Space | 365,08 Gb Free Space | 80,72% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ZuneWlanCfgSvc) -- c:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (s0017unic) -- C:\Windows\SysNative\drivers\s0017unic.sys (MCCI Corporation)
DRV:64bit: - (s0017obex) -- C:\Windows\SysNative\drivers\s0017obex.sys (MCCI Corporation)
DRV:64bit: - (s0017nd5) -- C:\Windows\SysNative\drivers\s0017nd5.sys (MCCI Corporation)
DRV:64bit: - (s0017mdm) -- C:\Windows\SysNative\drivers\s0017mdm.sys (MCCI Corporation)
DRV:64bit: - (s0017mgmt) -- C:\Windows\SysNative\drivers\s0017mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0017mdfl) -- C:\Windows\SysNative\drivers\s0017mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0017bus) -- C:\Windows\SysNative\drivers\s0017bus.sys (MCCI Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{31CF5488-1282-4CE7-BACF-DAC2D6103B66}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{4D7AE340-6731-4EE4-B8C1-DD73BA39A597}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{7A28250A-EF45-4C6E-A2D2-9245F92B8167}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\..\SearchScopes\{8A139173-D5C3-4BB4-98C2-927617F6E246}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: firenes%40facundo.zaldo:2.0.2
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.07 09:50:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.07 09:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.07.15 15:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.10.24 17:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 13:02:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 13:02:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.12 10:49:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.12 10:49:46 | 000,000,000 | ---D | M]
 
[2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.29 16:09:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.19 13:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions
[2013.03.15 09:20:21 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.29 16:07:45 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2013.03.01 18:10:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.27 08:04:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011.03.29 16:07:43 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\bkmrksync@nokia.com
[2011.08.20 12:27:20 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\firefox@tvunetworks.com
[2011.03.29 16:07:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ilpb9bwh.default\extensions\moveplayer@movenetworks.com
[2011.11.15 09:58:43 | 000,071,254 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\firenes@facundo.zaldo.xpi
[2012.12.12 10:52:20 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ilpb9bwh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.08 13:02:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 13:02:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.08 13:02:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.07 11:28:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 16:55:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.07 11:28:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.07 11:28:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.07 11:28:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.07 11:28:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 172.16.16.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 13:20:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.19 13:18:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.19 13:18:43 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.19 13:16:19 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.03.19 12:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.19 12:49:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.19 12:49:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.19 12:49:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.19 12:49:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.19 12:48:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.18 17:21:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.03.18 16:13:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.18 15:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner
[2013.03.16 16:46:28 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uvhiam
[2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Qoeg
[2013.03.16 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Okynro
[2013.03.14 22:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.14 22:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.13 16:16:01 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 16:15:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 16:15:55 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 16:15:55 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 16:15:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 16:15:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 16:15:55 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 16:15:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 16:15:54 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 16:15:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 16:15:54 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 16:15:54 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 16:15:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 16:15:54 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 16:15:53 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.12 10:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.08 13:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.21 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 13:37:16 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 13:37:16 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 13:29:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 13:29:20 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 13:16:47 | 000,609,993 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.03.19 13:16:20 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.03.19 13:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.19 08:30:04 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.03.18 18:11:18 | 000,375,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.18 16:13:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.18 15:26:13 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.18 15:26:13 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.18 15:26:13 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.18 15:26:13 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.18 15:26:13 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.15 09:03:24 | 000,673,298 | ---- | M] () -- C:\Users\***\Desktop\Diagnostik .pdf
[2013.03.12 22:04:44 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.12 22:04:44 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.04 09:34:19 | 000,182,348 | ---- | M] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf
[2013.03.02 22:29:57 | 000,113,872 | ---- | M] () -- C:\Users\***\Desktop\statistik im text.pdf
[2013.02.28 20:34:23 | 000,118,681 | ---- | M] () -- C:\test.xml
[2013.02.28 17:34:33 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.28 17:34:10 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.28 17:34:08 | 000,736,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.28 17:34:03 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.02.28 17:34:01 | 000,256,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.02.28 17:34:01 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.28 17:33:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.02.28 17:16:41 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.28 17:16:16 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.28 17:16:10 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.02.28 17:16:07 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.02.28 17:16:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.28 17:15:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.02.28 16:12:49 | 000,482,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.02.28 15:51:56 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.02.25 19:50:56 | 000,036,931 | ---- | M] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf
[2013.02.25 18:47:50 | 007,918,036 | ---- | M] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf
[2013.02.24 13:39:21 | 543,977,074 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.02.23 13:56:30 | 012,474,944 | ---- | M] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf
[2013.02.23 12:27:53 | 000,005,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.21 19:52:18 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.19 13:16:47 | 000,609,993 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.03.19 12:49:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.19 12:49:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.19 12:49:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.19 12:49:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.19 12:49:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.19 08:30:04 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.03.15 09:03:22 | 000,673,298 | ---- | C] () -- C:\Users\***\Desktop\Diagnostik .pdf
[2013.03.04 09:34:19 | 000,182,348 | ---- | C] () -- C:\Users\***\Desktop\Immatrikulationsbescheinigung_7845936.pdf
[2013.03.02 22:29:57 | 000,113,872 | ---- | C] () -- C:\Users\***\Desktop\statistik im text.pdf
[2013.02.25 19:50:53 | 000,036,931 | ---- | C] () -- C:\Users\***\Desktop\3 zentrale Studien aus den 80er und 90er Jahren.pdf
[2013.02.25 18:47:45 | 007,918,036 | ---- | C] () -- C:\Users\***\Desktop\Asendorf Persönlichkeit.pdf
[2013.02.23 09:19:29 | 012,474,944 | ---- | C] () -- C:\Users\***\Desktop\Bachelorarbeit_Prüfungsangst_Julia.rtf
[2012.09.23 17:13:04 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.16 08:53:28 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.06 17:54:08 | 000,000,041 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2011.05.08 21:08:00 | 000,005,264 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.04.05 21:41:20 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.29 22:22:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 19.03.2013 13:32:33 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 60,87% Memory free
7,71 Gb Paging File | 5,96 Gb Available in Paging File | 77,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,29 Gb Total Space | 365,08 Gb Free Space | 80,72% Space Free | Partition Type: NTFS
 
Computer Name: ***-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C57163B-5F2F-43BB-8458-C0BA9DCE612A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{13003616-553B-4D83-9565-2875E741596C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5185D5FF-EA84-4ABC-98EC-C9F7D040AAB7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5583077A-66D0-4648-9C18-CEF8F72E653E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{59746162-EDEA-42FC-B5BB-A2D1B534CF75}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6613FF3F-19E3-4258-9091-409695B96DC8}" = lport=137 | protocol=17 | dir=in | app=system | 
"{68ED5855-7F29-422B-8A98-C85335690D61}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{727EEC4C-DA92-4E67-8562-4D03F051DC8A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F9A1B7C-AF6C-41CB-B4DF-C43FA918D545}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8E2DEA7A-2FCF-45F5-855D-2A003237F688}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9B837533-FB98-4A30-B1BD-8F90D9AFC7F7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A042F7F4-A360-4D33-9478-811F1022D30E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A22095BB-B1CF-412D-9675-45E8359E700F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4DA65B9-87C8-4AFA-906E-979A6A3C9B12}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A60A6F0E-7F62-4AF1-92F3-B065688DAAA6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFAD6D2A-F151-4FA4-BE10-201AD95F52C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B6ADB83D-B14C-4515-9C73-D9F1FF5B9328}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B92DBD7D-B35F-4C91-A42B-E585E5812A7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0339EE6-EB1C-463C-BD7A-A48BEE004E83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C577AF0C-C835-4208-A256-CB25FFF5BEAE}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5FD4150-E3CA-499B-95D9-56D7CD8921F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C9912A56-EE10-4848-A98A-F9DFD1160B0F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EF5A756B-C8F0-430C-8409-78063C771F07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F13E3F99-B71C-4FF4-9C52-ACC0AA806F9E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FAC6EB77-4258-4749-BB05-6B464AAB0B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD1B919-8351-4F13-9666-B24A4C48D81A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{10C57118-DEFB-4D65-A2DE-D8BE280B29E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{12C2E9CF-77A3-459C-8C10-D279A80775C8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2432F66B-2838-4295-92C6-674F6E379284}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2609F2F3-4E75-4D82-B111-4D1796049279}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{29FDFE04-3D4E-45A4-A01F-F0E99ACF707F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2D1111E4-28CF-46FB-83AD-F696AB5F8967}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{35888EE2-381A-47F4-9BD9-418C8230FB54}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{3776A326-283E-4268-A545-2208E8CD8A30}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{452221AF-70F1-4216-80C2-EBD82E9CDE77}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4A801EF0-3A18-4FB5-A818-072678066BB8}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5104AF8D-4EB3-4A67-A448-03D1FE84B1A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54C1E70F-7F5B-4A05-AAC4-3A6C3D953A59}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{59DA9F60-43F8-4AD8-9BBD-20DD5833BA73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E7BBECD-EECE-4AF0-A642-D1868F7FCA5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61815BB3-8697-4D67-BDFC-3088F2A17FF2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{65011983-B5BC-4D77-9B68-51315AD64027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{699234E4-D765-4A78-B289-8B990F7C0191}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D3AC6D7-DB32-4E47-95F1-A878779F4C37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{71C6A8F6-1334-42EC-A769-F5C79DE260FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{75695691-51F7-4C7E-B6A7-16BCB31D3D44}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7F78F448-A522-4C73-989F-8343AA559710}" = protocol=6 | dir=out | app=system | 
"{7FF1CECF-82D7-4886-B781-81FDB7DDAEE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{88EF47C0-AA63-4DB8-A20D-2191014F3EE3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8E8F95C6-D7D9-4074-B1DE-DF83ABEBF250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{98CB5CAC-DEFB-4243-9221-C5DCED6F7BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A3D7C341-FA02-47E2-8567-3DA1E7276A9F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B4E8F4A0-5981-4B97-BD12-86940F071033}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B81EB3B0-46D3-4E17-BE20-D6130C587E49}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BD7BD756-462E-4F1F-80FA-5652EEAD7C61}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D358106E-0FC2-4542-B122-09001DD5211D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DFBF3223-21CE-4ADB-B5B6-C694AD1A7A31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E674EF7F-67D7-46F5-BCFB-0257397AB64F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E986BC44-1E9C-4FF7-AFC6-F3A5E77650C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F21AEC34-D175-478A-8615-F6D0C9C4A6FC}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2F7DFB21-184B-4959-B23A-18070B3D3B45}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"TCP Query User{38EE2315-0374-40CD-9162-F65E7515E93F}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{3EDB9376-6479-4D1A-8235-009E55011B9A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{60B68C0C-356D-4735-83B2-74C62DCD312D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{627DE985-DA09-4547-9184-12E1B8B99D92}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe | 
"TCP Query User{7F62A073-9A3F-4CD8-9F82-F4DB5BB65D0F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{D72A20BD-E1D9-4AF6-84FD-C8E41B6D8252}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"TCP Query User{FCC016DB-4334-4042-9E36-D8593C26DAF3}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"UDP Query User{04AA899B-87CB-4A90-855F-15289511D72B}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{0868BA7E-6B33-4822-8417-C5C5936069BA}C:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fairware24\janitostarifrechner\zebedee.exe | 
"UDP Query User{16F4CC8D-822D-4F17-B57E-EE0BC1FCCCC0}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{301515C5-6124-45AA-BD2C-1E627671592A}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
"UDP Query User{88BB1EC1-0A05-4D72-B19B-D2F752B9A43B}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"UDP Query User{B0D8D767-4E06-4394-9736-9DCC4CDFD2E5}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B7746CDA-611B-4E1F-97AB-1632087A03FD}C:\users\***\appdata\roaming\hagoo\ukzyezz.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\hagoo\ukzyezz.exe | 
"UDP Query User{D546018A-D0D8-44C4-822E-9EFE48DD20FB}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A43014F4-44F8-4539-8F87-C8471CB810B1}" = Cisco AnyConnect Secure Mobility Client
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B87F4F22-611D-403C-A2A0-55426DE07509}" = pdfforge Toolbar v6.1
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"Janitos Offline-Tarifrechner 3_is1" = Janitos Offline-Tarifrechner 3.2.3.2
"KaloMa_is1" = KaloMa 5.00beta20100607
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"McAfee Security Scan" = McAfee Security Scan Plus
"MozBackup" = MozBackup 1.5
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.4 (x86 de)" = Mozilla Thunderbird 17.0.4 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PremElem80" = Adobe Premiere Elements 8.0
"RealPlayer 12.0" = RealPlayer
"splashtop" = VAIO Quick Web Access
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO screensaver" = VAIO screensaver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.8
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2895961250-601273062-2787159028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 19.03.2013 08:29:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED 
 
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CVerifyServerName::VerifyCertName File: .\Certificates\VerifyServerName.cpp
Line:
 150 Certificate name verification has failed.  Server Name: 132.176.101.101 Common Name(s):
webvpn.fernuni-hagen.de
 
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: COpenSSLCertUtils::VerifyCertName File: .\Certificates\OpenSSLCertUtils.cpp
Line:
 1310 Invoked Function: CVerifyServerName::VerifyCertName Return Code: -31391725 (0xFE210013)
Description:
 CERTIFICATE_ERROR_VERIFY_NAME_FAILED 
 
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391725
 (0xFE210013) Description: CERTIFICATE_ERROR_VERIFY_NAME_FAILED server name: 132.176.101.101
 
Error - 19.03.2013 08:29:45 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
 Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 19.03.2013 08:30:24 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 19.03.2013 08:30:26 | Computer Name = ***-VAIO | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1336 NULL object. Cannot establish a connection at this time.
 
Error - 19.03.2013 08:34:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 19.03.2013 08:34:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 19.03.2013 08:34:36 | Computer Name = ***-VAIO | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ OSession Events ]
Error - 02.03.2013 05:44:41 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 56203
 seconds with 7620 seconds of active time.  This session ended with a crash.
 
Error - 02.03.2013 14:05:06 | Computer Name = ***-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 30004
 seconds with 5760 seconds of active time.  This session ended with a crash.
 
 
< End of report >
         

Antwort

Themen zu AntiVir meldet TR/Rogue.kdv.901925
antivir, antivir meldet, benötige, beseitigen, dringend, escan, festplatte, gefährliche, gefährlichen, hoffe, liebe, lieben, löschen, melde, meldet, platte, rechner, troja, trojaner, virus, wirklich



Ähnliche Themen: AntiVir meldet TR/Rogue.kdv.901925


  1. Windows7 Antivir Pro zeigt Rogue.kdv 891789
    Log-Analyse und Auswertung - 17.12.2014 (11)
  2. Windows7 - UptUpdater.exe, TR/Rogue.2715923 (in Logfiles: TR/Rogue.174117)
    Log-Analyse und Auswertung - 28.10.2014 (29)
  3. Windows 8.1: E-Mail Anhang runtergeladen, Avira Antivir Meldung TR/rogue.ai.11125
    Log-Analyse und Auswertung - 17.11.2013 (5)
  4. Avira meldet tr/rogue 11125 gefunden
    Log-Analyse und Auswertung - 15.11.2013 (7)
  5. Avira meldet TR/Rogue.16693.6
    Log-Analyse und Auswertung - 27.05.2013 (9)
  6. Antivir findet und entfernt TR/Rogue.955006, bin ich wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (6)
  7. Einblendung "Budesamt" sperrt PC, Avira meldet Crypt.EPACK.Gen2 & Rogue.kdz.7567.1
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (17)
  8. Avira meldet: Mehrmals Trojanisches Pferd TR/Rogue.7944516 und Software PFS/SpeedingUpMy
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (10)
  9. Antivir zeigt dauernd: TR/Spy.Farko.lw oder TR/Rogue.kdv.651759 oder TR/Spy.Agent.ccfd usw.
    Log-Analyse und Auswertung - 08.07.2012 (1)
  10. Avira meldet Trojaner... wie werde ich das los? Meldung: TR/Rogue.kdv.651763
    Log-Analyse und Auswertung - 26.06.2012 (3)
  11. antivir meldet.....
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (30)
  12. Verseucht - Windows läuft kaum noch. Rogue.FakeHDD; Trojan.FakeMS; Rogue.AntiMalware; Trojan.Agent
    Log-Analyse und Auswertung - 08.06.2011 (22)
  13. Befall von Rootkit(TDSS.Gen), Trojan Fraudpack und Rogue Antivir
    Plagegeister aller Art und deren Bekämpfung - 29.06.2010 (8)
  14. Rogue-Antivir: SecurityTools, kann PC nicht starten
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (4)
  15. AntiVir meldet, TR/Spy.Gem
    Log-Analyse und Auswertung - 05.10.2009 (1)
  16. Rogue.Link bzw. Rogue.Installer
    Plagegeister aller Art und deren Bekämpfung - 17.09.2009 (16)
  17. Antivir meldet TR/Spy.gen
    Log-Analyse und Auswertung - 01.06.2009 (3)

Zum Thema AntiVir meldet TR/Rogue.kdv.901925 - Hallo Ihr Lieben, mein AntiVir hat eben bei einem RoutineScan das Virus TR/Rogue.kdv.901925. Ich habe nur gelesen bisher, dass es sich um einen gefährlichen Trojaner handelt. Da ich gerade meine - AntiVir meldet TR/Rogue.kdv.901925...
Archiv
Du betrachtest: AntiVir meldet TR/Rogue.kdv.901925 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.