| |
| |||||||
Log-Analyse und Auswertung: GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
16.04.2013, 10:17
| #1 |
| |  GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Liebes Team von trojaner-board.de, gestern Abend habe ich mir beim Surfen im Internen auf meinem PC den GVU-Trojaner eingefangen. Es hat sich ein Fenster geöffnet mit dem Logo der Bundespolizei und der GVU mit der Nachricht "Achtung! Ihr Computer ist aus einem oder mehreren der unten aufgeführten Gründe gesperrt" und der Aufforderung, in den nächsten 72 Stunden 100 Euro zu überweisen. Heute morgen beim hochfahren wurde automatisch die Systemstartreparatur gestartet: "Der Computer konnte nicht gestartet werden. Starthilfe überprüft, ob im System Probleme vorliegen." Anschließend konnte ich meinen PC wieder normal starten und auch das Sperrbild des Bundestrojaners war verschwunden. Allerdings denke ich nicht, dass dadurch der Trojaner vollständig vom PC entfernt ist. Also hab ich mir einige Beiträge aus diesem Forum durchgelesen, mir Malwarebytes heruntergeladen und erst einmal einen QuickScan durchgeführt. Bei diesem wurden sieben infizierte Trojaner Objekte entdeckt, ich habe auf "Alle entfernen" geklickt und der PC wurde neu gestartet. z.Zt. läuft bei mir der vollständige Scan, aber es sieht nicht so aus, als ob noch weitere infizierte Objekte vorliegen. Wie kann ich jetzt am besten weiter vorgehen? Sind noch weitere Schritte nötig, oder kann ich nach dem Scan vom Malwarebytes davon ausgehen, dass der Trojaner beseitigt ist? Vielen lieben Dank im voraus! Edit 11:34: Der vollständige Scan ist jetzt fertig, es wurden keine infizierten Objekte gefunden. Hier ist der Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Flo :: FLO-VAIO [Administrator] Schutz: Aktiviert 16.04.2013 10:30:37 mbam-log-2013-04-16 (10-30-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377653 Laufzeit: 1 Stunde(n), 2 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von tommi1991 (16.04.2013 um 10:37 Uhr) |
|
16.04.2013, 12:23
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Hallo und
__________________ Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
16.04.2013, 13:00
| #3 |
| | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Hier ist der Log von dem ersten Durchlauf:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Flo :: FLO-VAIO [Administrator] Schutz: Aktiviert 16.04.2013 10:16:57 mbam-log-2013-04-16 (10-16-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228210 Laufzeit: 7 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 7 C:\Users\Flo\AppData\Roaming\skype.dat (Trojan.Ransom.SVD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Flo\AppData\Local\Temp\kotdxd (Trojan.Ransom.SVD) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Flo\AppData\Local\Temp\tmp42a162ec\soft.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Flo\AppData\Local\Temp\tmp87906f5e\soft.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Flo\AppData\Local\Temp\tmp8c5e1e3c\soft.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Flo\AppData\Local\Temp\tmpaf4bb15a\soft.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Flo\AppData\Local\Temp\tmpe397079c\soft.exe (Trojan.FakeMS.PRGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Außerdem hat mein Virenschutzprogramm Norton 360 eben noch eine Datei gelöscht...Nun steht in der Anzeige "Ihr Computer ist jetzt sicher": Code:
ATTFilter Kategorie: Behobene Sicherheitsrisiken
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
16.04.2013 13:52:48,Hoch,odkyz.exe (Bloodhound.Sonar.9) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\flo\appdata\roaming\ewnye\odkyz.exe
Kategorie: Quarantäne
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
16.04.2013 13:52:48,Hoch,odkyz.exe (Bloodhound.Sonar.9) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\flo\appdata\roaming\ewnye\odkyz.exe
Kategorie: SONAR-Aktivität
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname
16.04.2013 13:52:48,Hoch,odkyz.exe (Bloodhound.Sonar.9) erkannt von SONAR,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\flo\appdata\roaming\ewnye\odkyz.exe
|
|
16.04.2013, 13:02
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.04.2013, 13:25
| #5 |
| | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Hier von OTL.Txt: Code:
ATTFilter OTL logfile created on: 16.04.2013 14:09:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,94% Memory free 7,90 Gb Paging File | 5,63 Gb Available in Paging File | 71,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,16 Gb Total Space | 381,13 Gb Free Space | 84,29% Space Free | Partition Type: NTFS Drive F: | 993,74 Mb Total Space | 992,84 Mb Free Space | 99,91% Space Free | Partition Type: FAT32 Computer Name: FLO-VAIO | User Name: Flo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Flo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Sony\VAIO Care\listener.exe (Sony of America Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.1.0.24\wincfi39.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation) SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation) SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV - (VCService) -- C:\Programme\Sony\VAIO Care\VCService.exe (Sony Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation) DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation) DRV:64bit: - (ss_bbus) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI) DRV:64bit: - (ss_bmdfl) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.025\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.025\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130413.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilDrv11220) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys (Symantec Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sony.eu/vaioportal IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{17AB064C-63A8-4F58-874B-9FA692DDC5E2}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE450 IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{9EEBB1F8-53A1-47A9-8735-652748E53112}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\SearchScopes\{CB07E72D-2CF3-43E1-9247-423DD7BE2764}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-21/4?satitle={searchTerms} IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.04.16 13:48:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.16 13:48:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKU\S-1-5-21-812394530-2126681308-1128913503-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-812394530-2126681308-1128913503-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe () O4 - HKU\S-1-5-21-812394530-2126681308-1128913503-1000..\Run: [Spotify] C:\Users\Flo\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-812394530-2126681308-1128913503-1000..\Run: [Spotify Web Helper] C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LG Mouse Scanner.lnk = C:\Program Files (x86)\LG Mouse Scanner\LG_Smart_Scan.exe () O4 - Startup: C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA38430-F451-4781-A6D8-6C0843252951}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.16 14:07:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe [2013.04.16 13:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013.04.16 13:47:35 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.04.16 13:47:35 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.04.16 13:46:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 [2013.04.16 13:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 [2013.04.16 13:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.04.16 13:41:13 | 000,000,000 | R--D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.04.16 13:25:04 | 154,147,384 | ---- | C] (Symantec Corporation) -- C:\Users\Flo\Desktop\norton_360_setup.exe [2013.04.16 10:14:15 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Malwarebytes [2013.04.16 10:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.16 10:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.16 10:14:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.16 10:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.16 10:12:53 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Programs [2013.04.16 10:12:12 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Flo\Desktop\mbam-setup-1.75.0.1300.exe [2013.04.16 09:40:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.16 09:40:53 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.16 09:40:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.16 09:40:52 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.16 09:40:51 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.16 09:40:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.15 19:36:02 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013.04.11 10:41:45 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.04.11 10:41:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.04.11 10:41:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.11 10:41:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.11 10:41:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.04.11 10:41:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.04.11 10:41:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.04.11 10:41:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.04.11 10:41:41 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.04.11 10:41:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.04.11 10:41:40 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.11 10:41:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.11 10:41:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.11 10:41:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.11 10:41:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.04.11 10:36:55 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\4. Semester [2013.04.11 08:40:15 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.11 08:40:14 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.11 08:40:14 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.11 08:40:14 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.11 08:40:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.11 08:40:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.02 14:14:02 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Spotify [2013.04.02 14:12:49 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Spotify [2013.03.29 14:04:19 | 000,000,000 | ---D | C] -- C:\output [2013.03.29 14:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3 [2013.03.29 14:03:57 | 000,000,000 | ---D | C] -- C:\WAV To MP3 [2013.03.26 16:13:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.16 14:08:57 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\VT20130115.021 [2013.04.16 14:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe [2013.04.16 13:48:56 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 13:48:56 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 13:48:11 | 001,891,863 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB [2013.04.16 13:47:35 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.04.16 13:47:35 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.04.16 13:47:35 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.04.16 13:45:33 | 001,614,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.16 13:45:33 | 000,697,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.16 13:45:33 | 000,652,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.16 13:45:33 | 000,148,540 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.16 13:45:33 | 000,121,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.16 13:42:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.16 13:40:58 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.16 13:40:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.16 13:40:20 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2013.04.16 13:38:19 | 154,147,384 | ---- | M] (Symantec Corporation) -- C:\Users\Flo\Desktop\norton_360_setup.exe [2013.04.16 13:35:57 | 000,867,880 | ---- | M] () -- C:\Users\Flo\Desktop\Norton20_Removal_Tool.exe [2013.04.16 10:14:07 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.16 10:12:39 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Flo\Desktop\mbam-setup-1.75.0.1300.exe [2013.04.15 18:59:43 | 000,500,235 | ---- | M] () -- C:\Users\Flo\Desktop\Biologie_IV_SS2013_Botanischer_Teil_Experiment_2.pdf [2013.04.11 14:41:39 | 000,336,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.11 14:40:02 | 001,891,863 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0604000.009\Cat.DB [2013.04.08 15:32:40 | 000,075,033 | ---- | M] () -- C:\Users\Flo\Desktop\0_1a.jpg [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.02 14:14:00 | 000,001,795 | ---- | M] () -- C:\Users\Flo\Desktop\Spotify.lnk [2013.03.28 13:17:17 | 000,003,028 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN12N21GKB05D2.job [2013.03.19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.03.19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.03.19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.03.19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.16 13:47:35 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.04.16 13:47:35 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.04.16 13:35:56 | 000,867,880 | ---- | C] () -- C:\Users\Flo\Desktop\Norton20_Removal_Tool.exe [2013.04.16 10:14:07 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.15 19:10:32 | 000,075,033 | ---- | C] () -- C:\Users\Flo\Desktop\0_1a.jpg [2013.04.15 18:59:43 | 000,500,235 | ---- | C] () -- C:\Users\Flo\Desktop\Biologie_IV_SS2013_Botanischer_Teil_Experiment_2.pdf [2013.04.02 14:14:00 | 000,001,795 | ---- | C] () -- C:\Users\Flo\Desktop\Spotify.lnk [2013.04.02 14:14:00 | 000,001,781 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.09.27 20:46:39 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.05.01 15:12:40 | 000,005,120 | ---- | C] () -- C:\Users\Flo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Und von Extras.Txt: Code:
ATTFilter OTL Extras logfile created on: 16.04.2013 14:09:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 44,94% Memory free
7,90 Gb Paging File | 5,63 Gb Available in Paging File | 71,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,16 Gb Total Space | 381,13 Gb Free Space | 84,29% Space Free | Partition Type: NTFS
Drive F: | 993,74 Mb Total Space | 992,84 Mb Free Space | 99,91% Space Free | Partition Type: FAT32
Computer Name: FLO-VAIO | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0222D555-5C5A-430B-935A-26170C85899F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{066DFC0D-2AC1-4F8A-A0CE-FC4EE559BA5F}" = lport=445 | protocol=6 | dir=in | app=system |
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{5A67A418-FE67-4DA8-B2E9-2C73D9B5303D}" = lport=138 | protocol=17 | dir=in | app=system |
"{5E211B9D-02EB-4323-B421-7A1773788334}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{71C6B976-95EE-4571-AA75-720001EEE2A6}" = lport=137 | protocol=17 | dir=in | app=system |
"{78E68AFB-ED50-4C83-B3CA-93C46B145878}" = rport=137 | protocol=17 | dir=out | app=system |
"{7E7963E7-66AC-437B-BAAF-F030BAE62C99}" = lport=139 | protocol=6 | dir=in | app=system |
"{8112820C-A4AE-4B2A-BA9E-35BB4E8CCBC5}" = rport=139 | protocol=6 | dir=out | app=system |
"{99B846A2-5D34-4D7B-9733-70DB54D444B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9EEF803-F8D2-4405-95F2-F3A22F9208D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CA5EAA97-534C-450A-95A2-640ABADA234F}" = rport=445 | protocol=6 | dir=out | app=system |
"{DEE10B25-7CE7-470E-9355-2DA6D3277E56}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E857A432-5AD4-4B48-906D-F4C93D716B46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFD04D02-AEA2-40EC-8235-6CA6F2BBCF71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A704B56-E1A6-4D7C-9B45-8ED746D3BDF3}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe |
"{1D47D00A-239D-4DE5-8763-86D3BB766222}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1D6C7807-B864-4981-A373-961DB5C4AA1F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{20F3FD0C-65EC-4FBF-A65C-DA17BD55BF07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2F8DF772-C4FD-4E48-BB4C-F7F5B1EF9724}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3B6AB01D-2257-4ECC-A48F-B4A6FFA5AA5C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{429500F2-2966-4F90-ACC4-3A15D51AC3BA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{437CBD96-A9D8-4111-A7C0-914509669FFF}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{57567A80-30CD-4933-9457-3CF2E14A3DF6}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocaremain.exe |
"{5A7C2F0B-6BFD-454B-9309-B8183B947EEA}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe |
"{6159A99B-493B-41B2-A4B3-C52D75BB5836}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{616E1069-40E4-4130-B4F4-3D9A01E04850}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{65E3EC5E-0AAC-4DD4-99B5-EEF977699D69}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6A8E18FA-988E-435B-A151-04BD3F52F8C0}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vcagent.exe |
"{6D3CA846-7BC0-48DD-A69D-C0AD0D24F3FA}" = protocol=6 | dir=in | app=c:\users\flo\appdata\local\temp\7zs5ca0.tmp\symnrt.exe |
"{87507FB4-56CF-4696-95E2-8F00C9890F15}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8CAF3CC6-3B85-4350-B519-CFF697EE9FB8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{975DD497-7745-4AB6-AC56-C536F33EA4E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AB38E9A6-6BDC-4A2B-AFFA-1A4AAA82B437}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B677A8AD-640E-4A1D-86A5-34D92EEEF5ED}" = protocol=17 | dir=in | app=c:\users\flo\appdata\local\temp\7zs5ca0.tmp\symnrt.exe |
"{BECDEF67-9B35-493C-8775-D5E05D370063}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C0D11190-3AEB-42AB-910B-EF5D0DBBF920}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CC6B9880-90EE-4055-AE88-232785CE5016}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED448E8B-9C51-4D3C-A86F-3AC16AAC03B6}" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe |
"{EDCE2D25-DE71-49DC-9240-E79C9BA632A9}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{F97A4AE0-1522-4EA1-99C0-132E897438A6}" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\selfhealupdate.exe |
"TCP Query User{1A97794E-7FCF-4496-9AE1-F22C68F30665}C:\users\flo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{717152CC-2457-4FD1-A609-8D173419E48C}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe |
"TCP Query User{9C96F9C4-F03F-4822-8552-8778E68CC49C}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe |
"TCP Query User{9DAFAD44-C9B2-4BF3-B279-6F24ADEA0C26}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe |
"TCP Query User{A91B7831-BC1D-4A8D-935D-2607933B5B42}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=6 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe |
"UDP Query User{220792BA-769D-472B-B954-F09A6C583BD4}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe |
"UDP Query User{5BEEB375-ED19-4313-8A89-C1B2E3C87605}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe |
"UDP Query User{851C05FF-FFC0-43D9-9FF1-5EA4DE48D8EB}C:\users\flo\appdata\roaming\awitce\puxab.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\awitce\puxab.exe |
"UDP Query User{86295159-BF3D-48D3-B344-23727CB6227D}C:\users\flo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{ECC99618-005F-434B-B0A1-D6A918F1AE62}C:\users\flo\appdata\roaming\ewnye\odkyz.exe" = protocol=17 | dir=in | app=c:\users\flo\appdata\roaming\ewnye\odkyz.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{3F7C54EA-F59C-45DD-BA93-AD1E084A9550}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECFFD23C-3111-4685-8118-E1F79644203F}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CNXT_AUDIO_HDA" = Conexant HD Audio
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{33D21DE0-8363-4997-A960-E32EA9D84AB3}" = KODAK Create@Home Software (für dm)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91989CE7-EE83-4A53-8E06-D97887928119}" = VAIO Care
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97821186-7938-4FC5-9171-8B508D6DE35A}" = LG Mouse Scanner
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E6725026-A650-449C-897B-D6B7A5EEA058}" = Adobe Flash Player 10 Plugin
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"AudibleManager" = AudibleManager
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1130
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"HP Photo Creations" = HP Photo Creations
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MP4 To MP3 Converter_is1" = MP4 To MP3 Converter V3.0
"MyFreeCodec" = MyFreeCodec
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"SILIPA93" = SILIPA93 2.00
"splashtop" = VAIO Quick Web Access
"T4EPlayer" = T4E Player
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VAIO Help and Support" =
"VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
"WAV To MP3_is1" = WAV To MP3 V2
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-812394530-2126681308-1128913503-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.06.2012 12:52:35 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 29.06.2012 15:04:06 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 10:13:39 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 30.06.2012 11:27:54 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2012 14:27:59 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2012 15:14:41 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 01.07.2012 17:52:04 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 02.07.2012 11:43:03 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 04:31:57 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
Error - 03.07.2012 10:01:18 | Computer Name = Flo-VAIO | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.04.2013 15:49:17 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
Error - 15.04.2013 16:44:49 | Computer Name = Flo-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?04.?2013 um 21:51:51 unerwartet heruntergefahren.
Error - 15.04.2013 16:45:16 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
Error - 15.04.2013 16:54:34 | Computer Name = Flo-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?04.?2013 um 22:53:40 unerwartet heruntergefahren.
Error - 15.04.2013 16:55:04 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
Error - 16.04.2013 03:33:00 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
Error - 16.04.2013 04:26:31 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
Error - 16.04.2013 07:11:27 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
BHDrvx64
Error - 16.04.2013 07:15:50 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7022
Description = Der Dienst "VAIO Care Performance Service" wurde nicht richtig gestartet.
Error - 16.04.2013 07:36:32 | Computer Name = Flo-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Norton 360" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
|
|
16.04.2013, 13:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? |
|
16.04.2013, 20:03
| #7 |
| | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Der Scan von Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-16 20:40:43
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Flo\AppData\Local\Temp\pwldypow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b0ea9d1}
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b26a9d1}
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[1512] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 00000001000f091c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 00000001000f0048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001000f02ee
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001000f04b2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001000f09fe
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 00000001000f0ae0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 00000001000d004c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 00000001000f012a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 00000001000f0758
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 00000001000f0676
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001000f03d0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 00000001000f0594
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 00000001000f083a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 00000001000f020c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 000000010010059e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 00000001000f0f52
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100100210
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100100048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b0da9d1}
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 00000001000f0ca6
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001003d8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010010012c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001002f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe[1828] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 00000001000f0e6e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010013091c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100130048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001001302ee
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001001304b2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001001309fe
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100130ae0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010011004c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010013012a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100130758
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100130676
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001001303d0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100130594
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010013083a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010013020c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100130f52
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100140210
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100140048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b11a9d1}
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100130ca6
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001403d8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010014012c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001402f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100130e6e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 000000010014059e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [1884] entry point in ".rdata" section 0000000069a171e6
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010019091c
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100190048
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001001902ee
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001001904b2
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001001909fe
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100190ae0
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010019012a
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100190758
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100190676
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001001903d0
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100190594
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010019083a
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010019020c
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001001a059e
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100190f52
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 00000001001a0210
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 00000001001a0048
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b17a9d1}
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100190ca6
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001a03d8
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 00000001001a012c
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001a02f4
.text C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe[1976] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100190e6e
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010014091c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100140048
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001001402ee
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001001404b2
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001001409fe
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100140ae0
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010014012a
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100140758
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100140676
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001001403d0
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100140594
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010014083a
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010014020c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001001504bc
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100140f52
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100150210
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100150048
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b12a9d1}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100140ca6
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001503d8
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010015012c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001502f4
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2148] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100140e6e
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010024091c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100240048
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001002402ee
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001002404b2
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001002409fe
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100240ae0
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010024012a
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100240758
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100240676
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001002403d0
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100240594
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010024083a
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010024020c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001002504bc
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100240f52
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100250210
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100250048
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b22a9d1}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100240ca6
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001002503d8
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010025012c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001002502f4
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2240] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100240e6e
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b07a9d1}
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2912] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]
.text ... * 2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010013091c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100130048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001001302ee
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001001304b2
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001001309fe
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100130ae0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010009004c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010013012a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100130758
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100130676
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001001303d0
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100130594
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010013083a
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010013020c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 000000010014059e
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100130f52
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100140210
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100140048
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b11a9d1}
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100130ca6
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001403d8
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010014012c
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001402f4
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe[3004] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100130e6e
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010029020c
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010018091c
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100180048
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001001802ee
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001001804b2
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001001809fe
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100180ae0
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010018012a
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100180758
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100180676
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001001803d0
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100180594
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010018083a
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010018020c
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 0000000100190762
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100180f52
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100190210
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100190048
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b16a9d1}
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100180ca6
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001903d8
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010019012c
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001902f4
.text C:\Users\Flo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3796] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100180e6e
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b07a9d1}
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe[4516] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001000a059e
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010029091c
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100290048
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001002902ee
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001002904b2
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001002909fe
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100290ae0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010029012a
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100290758
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100290676
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001002903d0
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100290594
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010029083a
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010029020c
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001002a059e
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100290f52
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 00000001002a0210
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 00000001002a0048
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b27a9d1}
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100290ca6
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001002a03d8
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 00000001002a012c
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001002a02f4
.text C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe[4660] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100290e6e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 00000001001d0210
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 00000001001d0048
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b1aa9d1}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001001d03d8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 00000001001d012c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001001d02f4
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[5052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001001d04bc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010105091c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000101050048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001010502ee
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001010504b2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001010509fe
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000101050ae0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010103004c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010105012a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000101050758
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000101050676
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001010503d0
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000101050594
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010105083a
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010105020c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 000000010106059e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000101050f52
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000101060210
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000101060048
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8c03a9d1}
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000101050ca6
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001010603d8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010106012c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001010602f4
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000101050e6e
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[5000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010038091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100380048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001003802ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001003804b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001003809fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100380ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010038012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100380758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100380676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001003803d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100380594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010038083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010038020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100380f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100390210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100390048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b36a9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100380ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001003903d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010039012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001003902f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100380e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6536] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001003904bc
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010028091c
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100280048
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001002802ee
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001002804b2
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001002809fe
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010028012a
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100280758
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100280676
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100280594
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010028020c
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 000000010029059e
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100280f52
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100290210
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100290048
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b26a9d1}
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010029012c
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001002902f4
.text C:\Program Files\Sony\VAIO Care\listener.exe[6528] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010028091c
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100280048
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001002802ee
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001002804b2
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001002809fe
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100280ae0
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010028012a
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100280758
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100280676
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001002803d0
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100280594
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010028083a
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010028020c
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001002904bc
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100280f52
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100290210
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100290048
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b26a9d1}
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100280ca6
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001002903d8
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010029012c
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001002902f4
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100280e6e
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[6520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 00000001003e091c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 00000001003e0048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001003e02ee
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001003e04b2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001003e09fe
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 00000001003e0ae0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 00000001001d004c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 00000001003e012a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 00000001003e0758
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 00000001003e0676
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001003e03d0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 00000001003e0594
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 00000001003e083a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 00000001003e020c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 00000001003e0f52
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 00000001003f0210
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 00000001003f0048
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b3ca9d1}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 00000001003e0ca6
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001003f03d8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 00000001003f012c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001003f02f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 00000001003e0e6e
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001003f059e
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010009091c
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100090048
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001000902ee
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001000904b2
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001000909fe
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100090ae0
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010009012a
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100090758
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100090676
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001000903d0
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100090594
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010009083a
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010009020c
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100090f52
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 00000001000a0210
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 00000001000a0048
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b07a9d1}
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100090e6e
.text C:\Program Files\Sony\VAIO Care\VCService.exe[4784] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001000a04bc
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000776efc90 5 bytes JMP 000000010024091c
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000776efdf4 5 bytes JMP 0000000100240048
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000776efe88 5 bytes JMP 00000001002402ee
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000776effe4 5 bytes JMP 00000001002404b2
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000776f0018 5 bytes JMP 00000001002409fe
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000776f0048 5 bytes JMP 0000000100240ae0
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000776f0064 5 bytes JMP 000000010002004c
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000776f077c 5 bytes JMP 000000010024012a
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000776f086c 5 bytes JMP 0000000100240758
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000776f0884 5 bytes JMP 0000000100240676
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000776f0dd4 5 bytes JMP 00000001002403d0
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000776f1900 5 bytes JMP 0000000100240594
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000776f1bc4 5 bytes JMP 000000010024083a
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000776f1d50 5 bytes JMP 000000010024020c
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007502524f 7 bytes JMP 0000000100240f52
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000750253d0 7 bytes JMP 0000000100310210
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000075025677 1 byte JMP 0000000100310048
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000075025679 5 bytes {JMP 0xffffffff8b2ea9d1}
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007502589a 7 bytes JMP 0000000100240ca6
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000075025a1d 7 bytes JMP 00000001003103d8
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000075025c9b 7 bytes JMP 000000010031012c
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000075025d87 7 bytes JMP 00000001003102f4
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000075027240 7 bytes JMP 0000000100240e6e
.text C:\Users\Flo\Desktop\gmer_2.1.19163.exe[6368] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074ed1492 7 bytes JMP 00000001003104bc
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eba2aaa
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78c1e22a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eba2aaa (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78c1e22a (not active ControlSet)
---- EOF - GMER 2.1 ----
Soll ich diesen Scan trotzdem noch einmal durchführen? |
|
17.04.2013, 11:51
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Ja Scan bitte wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2013, 13:44
| #9 |
| | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Beim zweiten Scan mit MBAR ist der PC nicht abgestürzt und es wurde keine Malware gefunden. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.17.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Flo :: FLO-VAIO [administrator]
17.04.2013 14:40:04
mbar-log-2013-04-17 (14-40-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31648
Time elapsed: 27 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
17.04.2013, 14:09
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.04.2013, 18:05
| #11 |
| | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-17 15:20:08
-----------------------------
15:20:08.913 OS Version: Windows x64 6.1.7601 Service Pack 1
15:20:08.913 Number of processors: 2 586 0x2A07
15:20:08.913 ComputerName: FLO-VAIO UserName: Flo
15:20:11.310 Initialize success
15:27:57.546 AVAST engine defs: 13041700
18:27:04.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:27:04.250 Disk 0 Vendor: ST950032 0006 Size: 476940MB BusType: 3
18:27:04.437 Disk 0 MBR read successfully
18:27:04.453 Disk 0 MBR scan
18:27:04.453 Disk 0 Windows 7 default MBR code
18:27:04.453 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13825 MB offset 2048
18:27:04.468 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28317696
18:27:04.484 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463013 MB offset 28522496
18:27:04.609 Disk 0 scanning C:\Windows\system32\drivers
18:27:17.604 Service scanning
18:27:53.281 Modules scanning
18:27:53.281 Disk 0 trace - called modules:
18:27:53.343 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:27:53.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c33060]
18:27:53.359 3 CLASSPNP.SYS[fffff880013ca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800470c050]
18:27:55.404 AVAST engine scan C:\Windows
18:27:58.960 AVAST engine scan C:\Windows\system32
18:32:40.247 AVAST engine scan C:\Windows\system32\drivers
18:33:17.452 AVAST engine scan C:\Users\Flo
18:47:58.120 AVAST engine scan C:\ProgramData
18:52:50.155 Scan finished successfully
18:59:03.572 Disk 0 MBR has been saved successfully to "C:\Users\Flo\Desktop\MBR.dat"
18:59:03.588 The log file has been saved successfully to "C:\Users\Flo\Desktop\aswMBR.txt"
TDSS-Killer: Code:
ATTFilter 19:01:38.0540 3568 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:01:40.0054 3568 ============================================================
19:01:40.0054 3568 Current date / time: 2013/04/17 19:01:40.0054
19:01:40.0054 3568 SystemInfo:
19:01:40.0054 3568
19:01:40.0054 3568 OS Version: 6.1.7601 ServicePack: 1.0
19:01:40.0054 3568 Product type: Workstation
19:01:40.0054 3568 ComputerName: FLO-VAIO
19:01:40.0054 3568 UserName: Flo
19:01:40.0054 3568 Windows directory: C:\Windows
19:01:40.0054 3568 System windows directory: C:\Windows
19:01:40.0054 3568 Running under WOW64
19:01:40.0054 3568 Processor architecture: Intel x64
19:01:40.0054 3568 Number of processors: 2
19:01:40.0054 3568 Page size: 0x1000
19:01:40.0054 3568 Boot type: Normal boot
19:01:40.0054 3568 ============================================================
19:01:41.0536 3568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:01:41.0551 3568 ============================================================
19:01:41.0551 3568 \Device\Harddisk0\DR0:
19:01:41.0551 3568 MBR partitions:
19:01:41.0551 3568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B01800, BlocksNum 0x32000
19:01:41.0551 3568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B33800, BlocksNum 0x38852830
19:01:41.0551 3568 ============================================================
19:01:41.0598 3568 C: <-> \Device\Harddisk0\DR0\Partition2
19:01:41.0598 3568 ============================================================
19:01:41.0598 3568 Initialize success
19:01:41.0598 3568 ============================================================
19:02:00.0007 5184 ============================================================
19:02:00.0007 5184 Scan started
19:02:00.0007 5184 Mode: Manual; SigCheck; TDLFS;
19:02:00.0007 5184 ============================================================
19:02:01.0302 5184 ================ Scan system memory ========================
19:02:01.0302 5184 System memory - ok
19:02:01.0317 5184 ================ Scan services =============================
19:02:02.0097 5184 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:02:02.0363 5184 1394ohci - ok
19:02:02.0565 5184 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:02:02.0628 5184 ACDaemon - ok
19:02:02.0737 5184 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:02:02.0784 5184 ACPI - ok
19:02:02.0877 5184 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:02:03.0096 5184 AcpiPmi - ok
19:02:03.0189 5184 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:02:03.0252 5184 adp94xx - ok
19:02:03.0345 5184 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:02:03.0408 5184 adpahci - ok
19:02:03.0501 5184 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:02:03.0533 5184 adpu320 - ok
19:02:03.0595 5184 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:02:04.0250 5184 AeLookupSvc - ok
19:02:04.0344 5184 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:02:04.0422 5184 AFD - ok
19:02:04.0500 5184 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:02:04.0547 5184 agp440 - ok
19:02:04.0625 5184 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:02:04.0703 5184 ALG - ok
19:02:04.0749 5184 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:02:04.0796 5184 aliide - ok
19:02:04.0827 5184 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:02:04.0859 5184 amdide - ok
19:02:04.0905 5184 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:02:04.0952 5184 AmdK8 - ok
19:02:04.0983 5184 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:02:05.0046 5184 AmdPPM - ok
19:02:05.0108 5184 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:02:05.0139 5184 amdsata - ok
19:02:05.0233 5184 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:02:05.0264 5184 amdsbs - ok
19:02:05.0295 5184 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:02:05.0327 5184 amdxata - ok
19:02:05.0420 5184 [ D80CB25D90474C731C0D1312A6DE3B13 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
19:02:05.0467 5184 ApfiltrService - ok
19:02:05.0529 5184 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:02:06.0060 5184 AppID - ok
19:02:06.0122 5184 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:02:06.0294 5184 AppIDSvc - ok
19:02:06.0387 5184 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:02:06.0528 5184 Appinfo - ok
19:02:06.0684 5184 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:02:06.0715 5184 Apple Mobile Device - ok
19:02:06.0793 5184 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:02:06.0855 5184 arc - ok
19:02:06.0933 5184 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:02:06.0980 5184 arcsas - ok
19:02:07.0011 5184 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:02:07.0043 5184 ArcSoftKsUFilter - ok
19:02:07.0355 5184 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:02:07.0386 5184 aspnet_state - ok
19:02:07.0433 5184 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:02:07.0557 5184 AsyncMac - ok
19:02:07.0651 5184 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:02:07.0682 5184 atapi - ok
19:02:07.0745 5184 [ 50F257E19554421B6891E3F998EDCA90 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
19:02:07.0823 5184 AthBTPort - ok
19:02:08.0025 5184 [ 4119870B90E1B5E7797D6433D21F9216 ] ATHDFU C:\Windows\System32\Drivers\AthDfu.sys
19:02:08.0119 5184 ATHDFU - ok
19:02:08.0213 5184 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:02:08.0244 5184 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
19:02:08.0244 5184 Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
19:02:08.0322 5184 [ 4D643CD9E892E559355B7A77D532BD38 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:02:08.0353 5184 AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
19:02:08.0353 5184 AtherosSvc - detected UnsignedFile.Multi.Generic (1)
19:02:08.0540 5184 [ C8679A07267F030704168E45E27C3D43 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:02:08.0712 5184 athr - ok
19:02:08.0883 5184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:02:09.0024 5184 AudioEndpointBuilder - ok
19:02:09.0086 5184 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:02:09.0195 5184 AudioSrv - ok
19:02:09.0383 5184 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:02:09.0601 5184 AxInstSV - ok
19:02:09.0679 5184 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:02:09.0757 5184 b06bdrv - ok
19:02:09.0835 5184 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:02:09.0913 5184 b57nd60a - ok
19:02:09.0991 5184 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:02:10.0022 5184 BBSvc - ok
19:02:10.0085 5184 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:02:10.0163 5184 BDESVC - ok
19:02:10.0256 5184 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:02:10.0381 5184 Beep - ok
19:02:10.0537 5184 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:02:10.0710 5184 BFE - ok
19:02:11.0178 5184 [ 7B56A40EAAACF1867FF178501D3EA185 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130412.001\BHDrvx64.sys
19:02:11.0302 5184 BHDrvx64 - ok
19:02:11.0396 5184 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:02:11.0583 5184 BITS - ok
19:02:11.0647 5184 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:02:11.0693 5184 blbdrive - ok
19:02:11.0865 5184 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:02:11.0912 5184 Bonjour Service - ok
19:02:11.0943 5184 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:02:12.0005 5184 bowser - ok
19:02:12.0068 5184 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:02:12.0153 5184 BrFiltLo - ok
19:02:12.0193 5184 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:02:12.0233 5184 BrFiltUp - ok
19:02:12.0323 5184 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:02:12.0393 5184 Browser - ok
19:02:12.0493 5184 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:02:12.0637 5184 Brserid - ok
19:02:12.0787 5184 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:02:12.0847 5184 BrSerWdm - ok
19:02:12.0917 5184 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:02:13.0017 5184 BrUsbMdm - ok
19:02:13.0067 5184 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:02:13.0117 5184 BrUsbSer - ok
19:02:13.0207 5184 [ B3BCD755FA9A359D10208CC9F09847CC ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
19:02:13.0327 5184 BTATH_A2DP - ok
19:02:13.0367 5184 [ 9BBBA9D6DBDEFC8A6542BC7A6EBAF710 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
19:02:13.0447 5184 btath_avdt - ok
19:02:13.0517 5184 [ D838DD1BCB328EFCFAD7A52DE9E3CAFD ] BTATH_BUS C:\Windows\system32\drivers\btath_bus.sys
19:02:13.0567 5184 BTATH_BUS - ok
19:02:13.0637 5184 [ A441B800E04CF8443FAF519207563ABB ] BTATH_HCRP C:\Windows\system32\drivers\btath_hcrp.sys
19:02:13.0707 5184 BTATH_HCRP - ok
19:02:13.0777 5184 [ B16F8429A35BBA2A8EF9DB2E08675B97 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:02:13.0857 5184 BTATH_LWFLT - ok
19:02:13.0927 5184 [ C24231C6BDFE21735930084A22089AAB ] BTATH_RCP C:\Windows\system32\drivers\btath_rcp.sys
19:02:13.0997 5184 BTATH_RCP - ok
19:02:14.0087 5184 [ 6C4911B6FB92984FBEF775674795CFA2 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
19:02:14.0167 5184 BtFilter - ok
19:02:14.0227 5184 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:02:14.0287 5184 BthEnum - ok
19:02:14.0334 5184 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:02:14.0397 5184 BTHMODEM - ok
19:02:14.0443 5184 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:02:14.0506 5184 BthPan - ok
19:02:14.0599 5184 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:02:14.0677 5184 BTHPORT - ok
19:02:14.0740 5184 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:02:14.0849 5184 bthserv - ok
19:02:14.0896 5184 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:02:14.0958 5184 BTHUSB - ok
19:02:15.0067 5184 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\1401000.018\ccSetx64.sys
19:02:15.0099 5184 ccSet_N360 - ok
19:02:15.0161 5184 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:02:15.0286 5184 cdfs - ok
19:02:15.0348 5184 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:02:15.0395 5184 cdrom - ok
19:02:15.0457 5184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:02:15.0613 5184 CertPropSvc - ok
19:02:15.0691 5184 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:02:15.0754 5184 circlass - ok
19:02:15.0801 5184 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:02:15.0847 5184 CLFS - ok
19:02:15.0910 5184 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:02:15.0941 5184 clr_optimization_v2.0.50727_32 - ok
19:02:16.0035 5184 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:02:16.0066 5184 clr_optimization_v2.0.50727_64 - ok
19:02:16.0378 5184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:02:16.0425 5184 clr_optimization_v4.0.30319_32 - ok
19:02:16.0471 5184 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:02:16.0534 5184 clr_optimization_v4.0.30319_64 - ok
19:02:16.0612 5184 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:02:16.0674 5184 CmBatt - ok
19:02:16.0690 5184 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:02:16.0721 5184 cmdide - ok
19:02:16.0768 5184 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:02:16.0846 5184 CNG - ok
19:02:17.0095 5184 [ 1F394DF3714ED4280047810790E6DF69 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:02:17.0220 5184 CnxtHdAudService - ok
19:02:17.0298 5184 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:02:17.0345 5184 Compbatt - ok
19:02:17.0423 5184 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:02:17.0470 5184 CompositeBus - ok
19:02:17.0501 5184 COMSysApp - ok
19:02:17.0548 5184 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:02:17.0579 5184 crcdisk - ok
19:02:17.0673 5184 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:02:17.0751 5184 CryptSvc - ok
19:02:17.0922 5184 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:02:18.0016 5184 cvhsvc - ok
19:02:18.0125 5184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:02:18.0250 5184 DcomLaunch - ok
19:02:18.0359 5184 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:02:18.0499 5184 defragsvc - ok
19:02:18.0531 5184 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:02:18.0655 5184 DfsC - ok
19:02:18.0765 5184 [ FFCCD922F305B8CFBA8D99F65E35EDD7 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
19:02:18.0796 5184 dgderdrv - ok
19:02:18.0858 5184 [ D9A7C8977D9AFA54D21A2A6501ADF4FF ] dgdersvc C:\Windows\system32\dgdersvc.exe
19:02:18.0936 5184 dgdersvc - ok
19:02:19.0030 5184 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:02:19.0123 5184 Dhcp - ok
19:02:19.0186 5184 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:02:19.0295 5184 discache - ok
19:02:19.0404 5184 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:02:19.0435 5184 Disk - ok
19:02:19.0498 5184 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:02:19.0545 5184 Dnscache - ok
19:02:19.0591 5184 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:02:19.0701 5184 dot3svc - ok
19:02:19.0747 5184 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:02:19.0857 5184 DPS - ok
19:02:19.0950 5184 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:02:20.0013 5184 drmkaud - ok
19:02:20.0137 5184 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:02:20.0247 5184 DXGKrnl - ok
19:02:20.0434 5184 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
19:02:20.0496 5184 e1yexpress - ok
19:02:20.0527 5184 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:02:20.0637 5184 EapHost - ok
19:02:20.0949 5184 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:02:21.0167 5184 ebdrv - ok
19:02:21.0354 5184 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:02:21.0417 5184 eeCtrl - ok
19:02:21.0479 5184 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:02:21.0651 5184 EFS - ok
19:02:21.0869 5184 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:02:21.0978 5184 ehRecvr - ok
19:02:22.0025 5184 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:02:22.0087 5184 ehSched - ok
19:02:22.0181 5184 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:02:22.0259 5184 elxstor - ok
19:02:22.0446 5184 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:02:22.0477 5184 EraserUtilRebootDrv - ok
19:02:22.0493 5184 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:02:22.0555 5184 ErrDev - ok
19:02:22.0649 5184 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:02:22.0789 5184 EventSystem - ok
19:02:22.0836 5184 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:02:22.0945 5184 exfat - ok
19:02:22.0977 5184 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:02:23.0101 5184 fastfat - ok
19:02:23.0226 5184 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:02:23.0351 5184 Fax - ok
19:02:23.0382 5184 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:02:23.0445 5184 fdc - ok
19:02:23.0569 5184 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:02:23.0694 5184 fdPHost - ok
19:02:23.0725 5184 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:02:23.0835 5184 FDResPub - ok
19:02:23.0897 5184 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:02:23.0928 5184 FileInfo - ok
19:02:23.0944 5184 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:02:24.0069 5184 Filetrace - ok
19:02:24.0084 5184 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:02:24.0131 5184 flpydisk - ok
19:02:24.0193 5184 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:02:24.0240 5184 FltMgr - ok
19:02:24.0427 5184 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:02:24.0583 5184 FontCache - ok
19:02:24.0677 5184 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:02:24.0724 5184 FontCache3.0.0.0 - ok
19:02:24.0739 5184 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:02:24.0786 5184 FsDepends - ok
19:02:24.0849 5184 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:02:24.0880 5184 Fs_Rec - ok
19:02:24.0973 5184 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:02:25.0020 5184 fvevol - ok
19:02:25.0083 5184 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:02:25.0114 5184 gagp30kx - ok
19:02:25.0192 5184 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:02:25.0223 5184 GEARAspiWDM - ok
19:02:25.0363 5184 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:02:25.0519 5184 gpsvc - ok
19:02:25.0629 5184 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:25.0660 5184 gupdate - ok
19:02:25.0816 5184 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:02:25.0847 5184 gupdatem - ok
19:02:25.0956 5184 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:02:25.0987 5184 gusvc - ok
19:02:26.0019 5184 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:02:26.0081 5184 hcw85cir - ok
19:02:26.0143 5184 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:02:26.0221 5184 HdAudAddService - ok
19:02:26.0284 5184 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:02:26.0377 5184 HDAudBus - ok
19:02:26.0393 5184 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:02:26.0471 5184 HidBatt - ok
19:02:26.0533 5184 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:02:26.0580 5184 HidBth - ok
19:02:26.0658 5184 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:02:26.0705 5184 HidIr - ok
19:02:26.0752 5184 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:02:26.0892 5184 hidserv - ok
19:02:26.0986 5184 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:02:27.0017 5184 HidUsb - ok
19:02:27.0079 5184 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:02:27.0220 5184 hkmsvc - ok
19:02:27.0267 5184 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:02:27.0360 5184 HomeGroupListener - ok
19:02:27.0391 5184 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:02:27.0485 5184 HomeGroupProvider - ok
19:02:27.0547 5184 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:02:27.0579 5184 HpSAMD - ok
19:02:27.0703 5184 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:02:27.0859 5184 HTTP - ok
19:02:27.0875 5184 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:02:27.0922 5184 hwpolicy - ok
19:02:27.0969 5184 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:02:28.0015 5184 i8042prt - ok
19:02:28.0093 5184 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:02:28.0125 5184 iaStor - ok
19:02:28.0249 5184 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:02:28.0281 5184 IAStorDataMgrSvc - ok
19:02:28.0390 5184 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:02:28.0437 5184 iaStorV - ok
19:02:28.0780 5184 [ 6F3909A3D40CC9F4B28E03B027F918D8 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:02:28.0920 5184 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
19:02:28.0920 5184 IconMan_R - detected UnsignedFile.Multi.Generic (1)
19:02:29.0092 5184 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:02:29.0170 5184 idsvc - ok
19:02:29.0419 5184 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130416.001\IDSvia64.sys
19:02:29.0479 5184 IDSVia64 - ok
19:02:30.0470 5184 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:02:31.0080 5184 igfx - ok
19:02:31.0130 5184 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:02:31.0170 5184 iirsp - ok
19:02:31.0220 5184 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:02:31.0361 5184 IKEEXT - ok
19:02:31.0517 5184 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:02:31.0626 5184 IntcDAud - ok
19:02:31.0658 5184 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:02:31.0689 5184 intelide - ok
19:02:31.0751 5184 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:02:31.0814 5184 intelppm - ok
19:02:31.0893 5184 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:02:32.0017 5184 IPBusEnum - ok
19:02:32.0064 5184 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:02:32.0173 5184 IpFilterDriver - ok
19:02:32.0329 5184 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:02:32.0423 5184 iphlpsvc - ok
19:02:32.0454 5184 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:02:32.0532 5184 IPMIDRV - ok
19:02:32.0563 5184 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:02:32.0673 5184 IPNAT - ok
19:02:32.0860 5184 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:02:32.0922 5184 iPod Service - ok
19:02:32.0985 5184 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:02:33.0041 5184 IRENUM - ok
19:02:33.0111 5184 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:02:33.0141 5184 isapnp - ok
19:02:33.0181 5184 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:02:33.0221 5184 iScsiPrt - ok
19:02:33.0301 5184 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:02:33.0341 5184 kbdclass - ok
19:02:33.0381 5184 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:02:33.0501 5184 kbdhid - ok
19:02:33.0521 5184 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:02:33.0561 5184 KeyIso - ok
19:02:33.0601 5184 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:02:33.0631 5184 KSecDD - ok
19:02:33.0661 5184 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:02:33.0701 5184 KSecPkg - ok
19:02:33.0771 5184 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:02:33.0911 5184 ksthunk - ok
19:02:33.0991 5184 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:02:34.0111 5184 KtmRm - ok
19:02:34.0201 5184 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:02:34.0321 5184 LanmanServer - ok
19:02:34.0391 5184 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:02:34.0511 5184 LanmanWorkstation - ok
19:02:34.0581 5184 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:02:34.0691 5184 lltdio - ok
19:02:34.0751 5184 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:02:34.0881 5184 lltdsvc - ok
19:02:34.0932 5184 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:02:35.0042 5184 lmhosts - ok
19:02:35.0172 5184 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:02:35.0222 5184 LMS - ok
19:02:35.0312 5184 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:02:35.0342 5184 LSI_FC - ok
19:02:35.0362 5184 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:02:35.0402 5184 LSI_SAS - ok
19:02:35.0502 5184 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:02:35.0542 5184 LSI_SAS2 - ok
19:02:35.0602 5184 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:02:35.0632 5184 LSI_SCSI - ok
19:02:35.0662 5184 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:02:35.0782 5184 luafv - ok
19:02:35.0894 5184 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:02:35.0925 5184 MBAMProtector - ok
19:02:36.0143 5184 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:02:36.0237 5184 MBAMScheduler - ok
19:02:36.0330 5184 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:02:36.0408 5184 MBAMService - ok
19:02:36.0471 5184 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:02:36.0564 5184 Mcx2Svc - ok
19:02:36.0611 5184 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:02:36.0658 5184 megasas - ok
19:02:36.0705 5184 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:02:36.0752 5184 MegaSR - ok
19:02:36.0830 5184 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
19:02:36.0876 5184 MEIx64 - ok
19:02:36.0939 5184 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:02:37.0048 5184 MMCSS - ok
19:02:37.0095 5184 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:02:37.0220 5184 Modem - ok
19:02:37.0344 5184 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:02:37.0422 5184 monitor - ok
19:02:37.0500 5184 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:02:37.0532 5184 mouclass - ok
19:02:37.0641 5184 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:02:37.0688 5184 mouhid - ok
19:02:37.0703 5184 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:02:37.0750 5184 mountmgr - ok
19:02:37.0797 5184 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:02:37.0844 5184 mpio - ok
19:02:37.0859 5184 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:02:37.0984 5184 mpsdrv - ok
19:02:38.0093 5184 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:02:38.0249 5184 MpsSvc - ok
19:02:38.0280 5184 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:02:38.0374 5184 MRxDAV - ok
19:02:38.0436 5184 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:02:38.0546 5184 mrxsmb - ok
19:02:38.0608 5184 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:02:38.0670 5184 mrxsmb10 - ok
19:02:38.0702 5184 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:02:38.0748 5184 mrxsmb20 - ok
19:02:38.0795 5184 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:02:38.0826 5184 msahci - ok
19:02:38.0889 5184 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:02:38.0920 5184 msdsm - ok
19:02:38.0951 5184 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:02:39.0014 5184 MSDTC - ok
19:02:39.0092 5184 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:02:39.0201 5184 Msfs - ok
19:02:39.0310 5184 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:02:39.0435 5184 mshidkmdf - ok
19:02:39.0466 5184 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:02:39.0497 5184 msisadrv - ok
19:02:39.0575 5184 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:02:39.0685 5184 MSiSCSI - ok
19:02:39.0685 5184 msiserver - ok
19:02:39.0747 5184 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:02:39.0872 5184 MSKSSRV - ok
19:02:39.0919 5184 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:02:40.0029 5184 MSPCLOCK - ok
19:02:40.0076 5184 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:02:40.0200 5184 MSPQM - ok
19:02:40.0278 5184 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:02:40.0341 5184 MsRPC - ok
19:02:40.0403 5184 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:02:40.0450 5184 mssmbios - ok
19:02:40.0497 5184 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:02:40.0622 5184 MSTEE - ok
19:02:40.0653 5184 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:02:40.0700 5184 MTConfig - ok
19:02:40.0715 5184 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:02:40.0762 5184 Mup - ok
19:02:41.0152 5184 [ 8D11DA92F83D8C8281689739BEF05FD5 ] N360 C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
19:02:41.0183 5184 N360 - ok
19:02:41.0261 5184 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:02:41.0417 5184 napagent - ok
19:02:41.0526 5184 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:02:41.0620 5184 NativeWifiP - ok
19:02:41.0823 5184 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130416.032\ENG64.SYS
19:02:41.0854 5184 NAVENG - ok
19:02:41.0979 5184 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130416.032\EX64.SYS
19:02:42.0135 5184 NAVEX15 - ok
19:02:42.0260 5184 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:02:42.0400 5184 NDIS - ok
19:02:42.0478 5184 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:02:42.0603 5184 NdisCap - ok
19:02:42.0650 5184 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:02:42.0774 5184 NdisTapi - ok
19:02:42.0837 5184 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:02:42.0946 5184 Ndisuio - ok
19:02:42.0977 5184 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:02:43.0118 5184 NdisWan - ok
19:02:43.0196 5184 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:02:43.0305 5184 NDProxy - ok
19:02:43.0367 5184 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:02:43.0476 5184 NetBIOS - ok
19:02:43.0508 5184 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:02:43.0617 5184 NetBT - ok
19:02:43.0632 5184 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:02:43.0664 5184 Netlogon - ok
19:02:43.0726 5184 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:02:43.0866 5184 Netman - ok
19:02:43.0929 5184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:43.0976 5184 NetMsmqActivator - ok
19:02:43.0976 5184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:44.0007 5184 NetPipeActivator - ok
19:02:44.0038 5184 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:02:44.0178 5184 netprofm - ok
19:02:44.0194 5184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:44.0210 5184 NetTcpActivator - ok
19:02:44.0225 5184 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:02:44.0256 5184 NetTcpPortSharing - ok
19:02:44.0319 5184 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:02:44.0350 5184 nfrd960 - ok
19:02:44.0444 5184 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:02:44.0506 5184 NlaSvc - ok
19:02:44.0537 5184 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:02:44.0646 5184 Npfs - ok
19:02:44.0693 5184 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:02:44.0802 5184 nsi - ok
19:02:44.0802 5184 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:02:44.0912 5184 nsiproxy - ok
19:02:45.0005 5184 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:02:45.0130 5184 Ntfs - ok
19:02:45.0161 5184 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:02:45.0270 5184 Null - ok
19:02:45.0692 5184 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:02:46.0300 5184 nvlddmkm - ok
19:02:46.0394 5184 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:02:46.0440 5184 nvraid - ok
19:02:46.0472 5184 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:02:46.0503 5184 nvstor - ok
19:02:46.0565 5184 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:02:46.0596 5184 nv_agp - ok
19:02:46.0628 5184 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:02:46.0674 5184 ohci1394 - ok
19:02:46.0768 5184 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:02:46.0799 5184 ose - ok
19:02:47.0064 5184 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:02:47.0408 5184 osppsvc - ok
19:02:47.0454 5184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:02:47.0532 5184 p2pimsvc - ok
19:02:47.0579 5184 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:02:47.0657 5184 p2psvc - ok
19:02:47.0673 5184 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:02:47.0735 5184 Parport - ok
19:02:47.0766 5184 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:02:47.0813 5184 partmgr - ok
19:02:47.0844 5184 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:02:47.0907 5184 PcaSvc - ok
19:02:47.0985 5184 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
19:02:48.0032 5184 pccsmcfd - ok
19:02:48.0078 5184 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:02:48.0110 5184 pci - ok
19:02:48.0141 5184 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:02:48.0172 5184 pciide - ok
19:02:48.0219 5184 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:02:48.0250 5184 pcmcia - ok
19:02:48.0266 5184 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:02:48.0297 5184 pcw - ok
19:02:48.0328 5184 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:02:48.0453 5184 PEAUTH - ok
19:02:48.0546 5184 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:02:48.0593 5184 PerfHost - ok
19:02:48.0687 5184 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:02:48.0858 5184 pla - ok
19:02:48.0921 5184 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:02:48.0999 5184 PlugPlay - ok
19:02:49.0108 5184 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
19:02:49.0170 5184 PMBDeviceInfoProvider - ok
19:02:49.0202 5184 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:02:49.0233 5184 PNRPAutoReg - ok
19:02:49.0280 5184 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:02:49.0311 5184 PNRPsvc - ok
19:02:49.0342 5184 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:02:49.0482 5184 PolicyAgent - ok
19:02:49.0529 5184 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:02:49.0654 5184 Power - ok
19:02:49.0701 5184 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:02:49.0810 5184 PptpMiniport - ok
19:02:49.0857 5184 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:02:49.0888 5184 Processor - ok
19:02:49.0966 5184 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:02:50.0028 5184 ProfSvc - ok
19:02:50.0044 5184 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:02:50.0075 5184 ProtectedStorage - ok
19:02:50.0122 5184 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:02:50.0231 5184 Psched - ok
19:02:50.0340 5184 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:02:50.0465 5184 ql2300 - ok
19:02:50.0481 5184 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:02:50.0512 5184 ql40xx - ok
19:02:50.0543 5184 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:02:50.0606 5184 QWAVE - ok
19:02:50.0637 5184 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:02:50.0684 5184 QWAVEdrv - ok
19:02:50.0699 5184 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:02:50.0808 5184 RasAcd - ok
19:02:50.0886 5184 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:02:50.0980 5184 RasAgileVpn - ok
19:02:51.0027 5184 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:02:51.0136 5184 RasAuto - ok
19:02:51.0152 5184 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:02:51.0261 5184 Rasl2tp - ok
19:02:51.0292 5184 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:02:51.0417 5184 RasMan - ok
19:02:51.0432 5184 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:02:51.0557 5184 RasPppoe - ok
19:02:51.0588 5184 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:02:51.0713 5184 RasSstp - ok
19:02:51.0729 5184 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:02:51.0854 5184 rdbss - ok
19:02:51.0869 5184 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:02:51.0932 5184 rdpbus - ok
19:02:51.0978 5184 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:02:52.0072 5184 RDPCDD - ok
19:02:52.0088 5184 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:02:52.0197 5184 RDPENCDD - ok
19:02:52.0228 5184 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:02:52.0322 5184 RDPREFMP - ok
19:02:52.0353 5184 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:02:52.0431 5184 RDPWD - ok
19:02:52.0478 5184 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:02:52.0524 5184 rdyboost - ok
19:02:52.0556 5184 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:02:52.0649 5184 RemoteAccess - ok
19:02:52.0680 5184 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:02:52.0790 5184 RemoteRegistry - ok
19:02:52.0868 5184 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:02:52.0914 5184 RFCOMM - ok
19:02:52.0977 5184 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:02:53.0086 5184 RpcEptMapper - ok
19:02:53.0102 5184 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:02:53.0148 5184 RpcLocator - ok
19:02:53.0195 5184 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:02:53.0304 5184 RpcSs - ok
19:02:53.0336 5184 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
19:02:53.0382 5184 RSPCIESTOR - ok
19:02:53.0445 5184 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:02:53.0538 5184 rspndr - ok
19:02:53.0585 5184 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:02:53.0648 5184 RTL8167 - ok
19:02:53.0710 5184 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:02:53.0741 5184 SamSs - ok
19:02:53.0772 5184 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:02:53.0804 5184 sbp2port - ok
19:02:53.0850 5184 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:02:53.0944 5184 SCardSvr - ok
19:02:53.0975 5184 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:02:54.0084 5184 scfilter - ok
19:02:54.0131 5184 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:02:54.0287 5184 Schedule - ok
19:02:54.0318 5184 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:02:54.0412 5184 SCPolicySvc - ok
19:02:54.0490 5184 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:02:54.0537 5184 sdbus - ok
19:02:54.0568 5184 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:02:54.0646 5184 SDRSVC - ok
19:02:54.0693 5184 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:02:54.0724 5184 SeaPort - ok
19:02:54.0771 5184 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:02:54.0880 5184 secdrv - ok
19:02:54.0911 5184 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:02:55.0005 5184 seclogon - ok
19:02:55.0020 5184 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:02:55.0130 5184 SENS - ok
19:02:55.0176 5184 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:02:55.0239 5184 SensrSvc - ok
19:02:55.0270 5184 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:02:55.0317 5184 Serenum - ok
19:02:55.0379 5184 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:02:55.0426 5184 Serial - ok
19:02:55.0488 5184 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:02:55.0535 5184 sermouse - ok
19:02:55.0613 5184 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
19:02:55.0676 5184 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:02:55.0676 5184 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:02:55.0754 5184 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:02:55.0847 5184 SessionEnv - ok
19:02:55.0910 5184 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
19:02:55.0972 5184 SFEP - ok
19:02:56.0003 5184 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:02:56.0050 5184 sffdisk - ok
19:02:56.0081 5184 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:02:56.0128 5184 sffp_mmc - ok
19:02:56.0144 5184 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:02:56.0206 5184 sffp_sd - ok
19:02:56.0237 5184 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:02:56.0268 5184 sfloppy - ok
19:02:56.0346 5184 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
19:02:56.0424 5184 Sftfs - ok
19:02:56.0518 5184 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:02:56.0565 5184 sftlist - ok
19:02:56.0612 5184 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:02:56.0643 5184 Sftplay - ok
19:02:56.0690 5184 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:02:56.0721 5184 Sftredir - ok
19:02:56.0752 5184 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
19:02:56.0768 5184 Sftvol - ok
19:02:56.0830 5184 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:02:56.0861 5184 sftvsa - ok
19:02:56.0892 5184 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:02:57.0017 5184 SharedAccess - ok
19:02:57.0048 5184 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:02:57.0189 5184 ShellHWDetection - ok
19:02:57.0251 5184 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:02:57.0282 5184 SiSRaid2 - ok
19:02:57.0298 5184 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:02:57.0329 5184 SiSRaid4 - ok
19:02:57.0376 5184 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:02:57.0485 5184 Smb - ok
19:02:57.0563 5184 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:02:57.0610 5184 SNMPTRAP - ok
19:02:57.0672 5184 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
19:02:57.0704 5184 SOHCImp - ok
19:02:57.0719 5184 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
19:02:57.0750 5184 SOHDs - ok
19:02:57.0813 5184 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
19:02:57.0860 5184 SpfService - ok
19:02:57.0891 5184 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:02:57.0922 5184 spldr - ok
19:02:57.0969 5184 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:02:58.0047 5184 Spooler - ok
19:02:58.0172 5184 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:02:58.0421 5184 sppsvc - ok
19:02:58.0452 5184 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:02:58.0546 5184 sppuinotify - ok
19:02:58.0671 5184 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\system32\drivers\N360x64\1401000.018\SRTSP64.SYS
19:02:58.0749 5184 SRTSP - ok
19:02:58.0811 5184 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\N360x64\1401000.018\SRTSPX64.SYS
19:02:58.0842 5184 SRTSPX - ok
19:02:58.0889 5184 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:02:58.0967 5184 srv - ok
19:02:58.0998 5184 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:02:59.0061 5184 srv2 - ok
19:02:59.0076 5184 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:02:59.0123 5184 srvnet - ok
19:02:59.0170 5184 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:02:59.0279 5184 SSDPSRV - ok
19:02:59.0295 5184 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:02:59.0388 5184 SstpSvc - ok
19:02:59.0466 5184 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
19:02:59.0498 5184 ss_bbus - ok
19:02:59.0513 5184 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
19:02:59.0544 5184 ss_bmdfl - ok
19:02:59.0560 5184 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
19:02:59.0591 5184 ss_bmdm - ok
19:02:59.0622 5184 [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys
19:02:59.0654 5184 ss_bserd - ok
19:02:59.0685 5184 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:02:59.0716 5184 stexstor - ok
19:02:59.0778 5184 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:02:59.0888 5184 stisvc - ok
19:02:59.0919 5184 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:02:59.0934 5184 swenum - ok
19:02:59.0966 5184 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:03:00.0122 5184 swprv - ok
19:03:00.0262 5184 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\N360x64\1401000.018\SYMDS64.SYS
19:03:00.0324 5184 SymDS - ok
19:03:00.0496 5184 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\N360x64\1401000.018\SYMEFA64.SYS
19:03:00.0590 5184 SymEFA - ok
19:03:00.0652 5184 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:03:00.0683 5184 SymEvent - ok
19:03:00.0777 5184 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\N360x64\1401000.018\Ironx64.SYS
19:03:00.0808 5184 SymIRON - ok
19:03:00.0886 5184 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\N360x64\1401000.018\SYMNETS.SYS
19:03:00.0948 5184 SymNetS - ok
19:03:01.0011 5184 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:03:01.0151 5184 SysMain - ok
19:03:01.0167 5184 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:01.0214 5184 TabletInputService - ok
19:03:01.0245 5184 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:03:01.0354 5184 TapiSrv - ok
19:03:01.0370 5184 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:03:01.0479 5184 TBS - ok
19:03:01.0604 5184 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:03:01.0744 5184 Tcpip - ok
19:03:01.0838 5184 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:03:01.0947 5184 TCPIP6 - ok
19:03:02.0009 5184 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:03:02.0040 5184 tcpipreg - ok
19:03:02.0072 5184 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:03:02.0134 5184 TDPIPE - ok
19:03:02.0165 5184 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:03:02.0196 5184 TDTCP - ok
19:03:02.0243 5184 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:03:02.0352 5184 tdx - ok
19:03:02.0384 5184 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:03:02.0415 5184 TermDD - ok
19:03:02.0462 5184 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:03:02.0586 5184 TermService - ok
19:03:02.0664 5184 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
19:03:02.0696 5184 TFsExDisk - ok
19:03:02.0711 5184 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:03:02.0758 5184 Themes - ok
19:03:02.0805 5184 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:03:02.0898 5184 THREADORDER - ok
19:03:02.0914 5184 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:03:03.0023 5184 TrkWks - ok
19:03:03.0070 5184 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:03.0179 5184 TrustedInstaller - ok
19:03:03.0210 5184 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:03.0304 5184 tssecsrv - ok
19:03:03.0351 5184 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:03:03.0413 5184 TsUsbFlt - ok
19:03:03.0444 5184 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:03:03.0476 5184 TsUsbGD - ok
19:03:03.0632 5184 [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
19:03:03.0788 5184 TuneUp.UtilitiesSvc - ok
19:03:03.0834 5184 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
19:03:03.0866 5184 TuneUpUtilitiesDrv - ok
19:03:03.0928 5184 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:03:04.0037 5184 tunnel - ok
19:03:04.0053 5184 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:03:04.0084 5184 uagp35 - ok
19:03:04.0146 5184 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
19:03:04.0178 5184 uCamMonitor - ok
19:03:04.0209 5184 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:03:04.0334 5184 udfs - ok
19:03:04.0365 5184 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:03:04.0412 5184 UI0Detect - ok
19:03:04.0474 5184 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:03:04.0505 5184 uliagpkx - ok
19:03:04.0568 5184 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:03:04.0614 5184 umbus - ok
19:03:04.0677 5184 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:03:04.0724 5184 UmPass - ok
19:03:04.0848 5184 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:03:05.0020 5184 UNS - ok
19:03:05.0067 5184 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:03:05.0192 5184 upnphost - ok
19:03:05.0254 5184 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:03:05.0316 5184 USBAAPL64 - ok
19:03:05.0363 5184 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:05.0410 5184 usbccgp - ok
19:03:05.0472 5184 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:03:05.0519 5184 usbcir - ok
19:03:05.0566 5184 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:03:05.0597 5184 usbehci - ok
19:03:05.0675 5184 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:03:05.0738 5184 usbhub - ok
19:03:05.0769 5184 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:03:05.0816 5184 usbohci - ok
19:03:05.0878 5184 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:03:05.0925 5184 usbprint - ok
19:03:05.0987 5184 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:03:06.0018 5184 usbscan - ok
19:03:06.0050 5184 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:06.0112 5184 USBSTOR - ok
19:03:06.0128 5184 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:03:06.0174 5184 usbuhci - ok
19:03:06.0237 5184 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:03:06.0299 5184 usbvideo - ok
19:03:06.0330 5184 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:03:06.0440 5184 UxSms - ok
19:03:06.0518 5184 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
19:03:06.0533 5184 VAIO Event Service - ok
19:03:06.0564 5184 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:03:06.0596 5184 VaultSvc - ok
19:03:06.0674 5184 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
19:03:06.0767 5184 VCFw - ok
19:03:06.0845 5184 [ 4B7ED2D6F738219068361BB14D19CBDE ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
19:03:06.0923 5184 VcmIAlzMgr - ok
19:03:06.0970 5184 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
19:03:07.0032 5184 VcmINSMgr - ok
19:03:07.0079 5184 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
19:03:07.0110 5184 VcmXmlIfHelper - ok
19:03:07.0157 5184 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
19:03:07.0173 5184 VCService - ok
19:03:07.0266 5184 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:03:07.0298 5184 vdrvroot - ok
19:03:07.0360 5184 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:03:07.0500 5184 vds - ok
19:03:07.0516 5184 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:07.0563 5184 vga - ok
19:03:07.0594 5184 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:03:07.0703 5184 VgaSave - ok
19:03:07.0734 5184 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:03:07.0766 5184 vhdmp - ok
19:03:07.0812 5184 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:03:07.0844 5184 viaide - ok
19:03:07.0906 5184 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:03:07.0937 5184 volmgr - ok
19:03:07.0968 5184 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:03:08.0015 5184 volmgrx - ok
19:03:08.0046 5184 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:03:08.0093 5184 volsnap - ok
19:03:08.0124 5184 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:03:08.0156 5184 vsmraid - ok
19:03:08.0234 5184 [ 0ED394BFBA3EB4740F063E0BA5EC7104 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
19:03:08.0327 5184 VSNService - ok
19:03:08.0405 5184 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:03:08.0577 5184 VSS - ok
19:03:08.0639 5184 [ 9C665557B314EAD129555599D94233DB ] VUAgent C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
19:03:08.0717 5184 VUAgent - ok
19:03:08.0748 5184 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:08.0811 5184 vwifibus - ok
19:03:08.0826 5184 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:08.0904 5184 vwififlt - ok
19:03:08.0936 5184 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:03:09.0076 5184 W32Time - ok
19:03:09.0107 5184 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:03:09.0154 5184 WacomPen - ok
19:03:09.0201 5184 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:03:09.0310 5184 WANARP - ok
19:03:09.0326 5184 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:03:09.0419 5184 Wanarpv6 - ok
19:03:09.0544 5184 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:09.0669 5184 WatAdminSvc - ok
19:03:09.0747 5184 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:03:09.0887 5184 wbengine - ok
19:03:09.0903 5184 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:03:09.0950 5184 WbioSrvc - ok
19:03:09.0965 5184 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:03:10.0043 5184 wcncsvc - ok
19:03:10.0059 5184 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:10.0121 5184 WcsPlugInService - ok
19:03:10.0152 5184 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:03:10.0184 5184 Wd - ok
19:03:10.0230 5184 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:03:10.0308 5184 Wdf01000 - ok
19:03:10.0324 5184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:03:10.0464 5184 WdiServiceHost - ok
19:03:10.0464 5184 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:03:10.0527 5184 WdiSystemHost - ok
19:03:10.0558 5184 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:03:10.0636 5184 WebClient - ok
19:03:10.0636 5184 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:03:10.0761 5184 Wecsvc - ok
19:03:10.0792 5184 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:03:10.0886 5184 wercplsupport - ok
19:03:10.0917 5184 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:03:11.0010 5184 WerSvc - ok
19:03:11.0057 5184 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:11.0151 5184 WfpLwf - ok
19:03:11.0182 5184 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:03:11.0198 5184 WIMMount - ok
19:03:11.0229 5184 WinDefend - ok
19:03:11.0244 5184 WinHttpAutoProxySvc - ok
19:03:11.0291 5184 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:03:11.0400 5184 Winmgmt - ok
19:03:11.0494 5184 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:03:11.0681 5184 WinRM - ok
19:03:11.0759 5184 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:11.0806 5184 WinUsb - ok
19:03:11.0868 5184 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:03:11.0978 5184 Wlansvc - ok
19:03:12.0071 5184 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:03:12.0102 5184 wlcrasvc - ok
19:03:12.0196 5184 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:12.0336 5184 wlidsvc - ok
19:03:12.0352 5184 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:03:12.0399 5184 WmiAcpi - ok
19:03:12.0430 5184 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:03:12.0477 5184 wmiApSrv - ok
19:03:12.0524 5184 WMPNetworkSvc - ok
19:03:12.0570 5184 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:03:12.0680 5184 WPCSvc - ok
19:03:12.0695 5184 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:03:12.0773 5184 WPDBusEnum - ok
19:03:12.0789 5184 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:03:12.0882 5184 ws2ifsl - ok
19:03:12.0914 5184 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:03:12.0960 5184 wscsvc - ok
19:03:12.0976 5184 WSearch - ok
19:03:13.0085 5184 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:03:13.0257 5184 wuauserv - ok
19:03:13.0288 5184 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:03:13.0350 5184 WudfPf - ok
19:03:13.0382 5184 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:03:13.0444 5184 wudfsvc - ok
19:03:13.0491 5184 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:03:13.0553 5184 WwanSvc - ok
19:03:13.0600 5184 ================ Scan global ===============================
19:03:13.0631 5184 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:13.0678 5184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:03:13.0709 5184 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:03:13.0740 5184 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:13.0772 5184 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:13.0787 5184 [Global] - ok
19:03:13.0787 5184 ================ Scan MBR ==================================
19:03:13.0803 5184 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:03:14.0380 5184 \Device\Harddisk0\DR0 - ok
19:03:14.0380 5184 ================ Scan VBR ==================================
19:03:14.0411 5184 [ 0FD1B24EED5EE77991202DC2534D943B ] \Device\Harddisk0\DR0\Partition1
19:03:14.0427 5184 \Device\Harddisk0\DR0\Partition1 - ok
19:03:14.0427 5184 [ C058F164B2CEE17F9BA93C822CE398FA ] \Device\Harddisk0\DR0\Partition2
19:03:14.0427 5184 \Device\Harddisk0\DR0\Partition2 - ok
19:03:14.0442 5184 ============================================================
19:03:14.0442 5184 Scan finished
19:03:14.0442 5184 ============================================================
19:03:14.0458 7164 Detected object count: 4
19:03:14.0458 7164 Actual detected object count: 4
19:03:24.0957 7164 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:03:24.0957 7164 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:03:24.0957 7164 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:03:24.0957 7164 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:03:24.0957 7164 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
18.04.2013, 12:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2013, 14:46
| #13 |
| | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Eine Frage: Ich hab gelesen, dass durch Combifix irgendwelche Dateien vom PC gelöscht werden? Stimmt das? Weil ich hab meine Dateien bis jetzt noch nicht gesichert... |
|
20.04.2013, 17:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? Private Daten löscht CF nicht Dir ist aber klar, das man eh immer regelmäßig Backups macht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU-Trojaner: PC wieder entsperrt, weiteres Vorgehen? |
| achtung, automatisch, beiträge, beste, computer, entdeck, entfernen, entfernt, fenster, hochfahren, infizierte, internen, malwarebytes, probleme, sieben, starten, surfen, trojan.fakems, trojan.fakems.prgen, trojan.ransom.svd |
Linear-Darstellung
